Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Positive Finds Adware, redirecting me to other windows,pop-ups


  • This topic is locked This topic is locked
1 reply to this topic

#1 boocat

boocat

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:rainy southern Oregon coast
  • Local time:11:39 AM

Posted 07 February 2015 - 05:34 PM

 Ran Malwarebytes, which quarantined 23 threats.  Rebooted.  Positive Finds Ads was still there unchanged.

 
Ran AdwCleaner; it found some threats.  Rebooted.  Still had the same infection.  (Saved the log.)
 
Ran Rkill, it saw nothing.  Adware still there.  (I saved the log.)
 
Ran Hitman Pro for 64-bit operating system.  It detected nothing.  (Saved the log.)  The adware pop-ups are still there, as are the hair-trigger page re-directs.
 
Thank you for your time.
 
UPDATE, next day: I have tried to submit this properly four times and I get a timeout error 524 says your website is not online.
 
I am going to try to send the FRST.txt first and then the Addition.txt after in a separate email.  See if it even sends at all.  I am simply flummoxed here.  I am 61 years old, a housewife and don't know much about computers.
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-
 
2015
Ran by Catherine (administrator) on CATHERINE-HP on 07-02-2015 
 
02:36:05
Running from J:\Computer
Loaded Profiles: Catherine & Michael (Available profiles: Catherine & 
 
Michael)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: 
 
English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: 
 
 
farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will 
 
not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display
 
\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device 
 
Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard
 
\BullGuardBhvScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard
 
\BullGuardScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard
 
\BullGuardUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars
 
\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars
 
\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 
 
15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower 
 
PowerPanel Personal Edition\ppped.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common
 
\RaCountryRegion.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common
 
\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common
 
\RaRegistry64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared
 
\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared
 
\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart
 
\Calendar\Service\GCalService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 
 
Support Framework\HPSA_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service 
 
v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management 
 
Engine Components\LMS\LMS.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer
 
\hpsysdrv.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard
 
\BullGuard.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\G-series 
 
Software\LGDCore.exe
(Flux Software LLC) C:\Users\Catherine\AppData\Local\FluxSoftware
 
\Flux\flux.exe
() C:\Users\Catherine\AppData\Local\Amazon Music\Amazon Music 
 
Helper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet 
 
Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet 
 
Services\iCloudDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin
 
\AudibleDownloadHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin
 
\hpqtra08.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 
 
eXtensible Host Controller Driver\Application\iusb3mon.exe
(Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon
 
\Monitor\NkMonitor.exe
(Dropbox, Inc.) C:\Users\Catherine\AppData\Roaming\Dropbox\bin
 
\Dropbox.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower 
 
PowerPanel Personal Edition\pppeuser.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update
 
\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart
 
\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple 
 
Application Support\APSDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard
 
\Files32\Spamfilter\LittleHook.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin
 
\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin
 
\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin
 
\hpqgpc01.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-
 
Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to 
 
default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM
 
\sttray64.exe [1425408 2012-03-30] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM
 
\beats64.exe [37888 2012-03-30] (Hewlett-Packard )
HKLM\...\Run: [HPSYSDRV] => C:\Program Files (x86)\Hewlett-
 
Packard\HP Odometer\HPSYSDRV.EXE [62768 2008-11-20] (Hewlett-
 
Packard)
HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd
 
\BullGuard\BullGuard.exe [1360208 2015-01-29] (BullGuard Ltd.)
HKLM\...\Run: [BullGuardUpdate2] => c:\program files\bullguard ltd
 
\bullguard\BullGuardUpdate2.exe [2935120 2015-01-29] (BullGuard Ltd.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming 
 
Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Common Files
 
\Logitech\G-series Software\LGDCore.exe [1783296 2006-07-22] 
 
(Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => "C:\Program Files\Common 
 
Files\Logitech\LCD Manager\lcdmon.exe"
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel
 
® USB 3.0 eXtensible Host Controller Driver\Application
 
\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF 
 
Complete\pdfsty.exe [684024 2012-04-04] (PDF Complete Inc)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital 
 
Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Nikon Transfer Monitor] => C:\Program Files 
 
(x86)\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2009-09
 
-15] (Nikon Corporation)
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => 
 
C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
 
\pppeuser.exe [350144 2012-03-27] (Cyber Power Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP
 
\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-
 
Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common 
 
Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-
 
10-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes
 
\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files 
 
(x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files 
 
(x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line
 
\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\...\Run: 
 
[f.lux] => C:\Users\Catherine\AppData\Local\FluxSoftware\Flux\flux.exe 
 
[1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\...\Run: 
 
[Amazon Music] => C:\Users\Catherine\AppData\Local\Amazon Music
 
\Amazon Music Helper.exe [6277952 2014-12-07] ()
HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\...\Run: 
 
[iCloudServices] => C:\Program Files (x86)\Common Files\Apple
 
\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\...\Run: 
 
[iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet 
 
Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\...\Run: 
 
[Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 
 
2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\...\Run: 
 
[GoogleChromeAutoLaunch_299D1954AA0A9120090187A4A4A95B5
 
A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
 
[843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\...
 
\MountPoints2: {2b667949-202d-11e3-bb08-806e6f6e6963} - E:
 
\Windows\Setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
 
\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files 
 
(x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
 
\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files 
 
(x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Catherine\AppData\Roaming\Microsoft\Windows
 
\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Catherine\AppData\Roaming
 
\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start 
 
Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft 
 
Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-
 
45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd
 
\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-
 
7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd
 
\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-
 
48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd
 
\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
 
==================== Internet (Whitelisted) 
 
====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed 
 
or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer
 
\Main,Start Page = http://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer
 
\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\Software
 
\Microsoft\Internet Explorer\Main,Start Page = 
 
HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\Software
 
\Microsoft\Internet Explorer\Main,Default_Page_URL = 
 
HKU\S-1-5-21-1097398926-2456850885-1865351773-1001\Software
 
\Microsoft\Internet Explorer\Main,Start Page = 
 
HKU\S-1-5-21-1097398926-2456850885-1865351773-1001\Software
 
\Microsoft\Internet Explorer\Main,Default_Page_URL = 
 
SearchScopes: HKLM -> {487F2C20-3FAF-4BB8-BA5C-3886ED432366} 
 
 
-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {487F2C20-3FAF-4BB8-BA5C-
 
 
ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-
 
keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL 
 
 
&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} 
 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-
 
A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-
 
A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-
 
A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1097398926-2456850885-1865351773-
 
1000 -> {487F2C20-3FAF-4BB8-BA5C-3886ED432366} URL = 
 
 
20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1097398926-2456850885-1865351773-
 
1001 -> {487F2C20-3FAF-4BB8-BA5C-3886ED432366} URL = 
 
 
20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1097398926-2456850885-1865351773-
 
1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = 
 
 
&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1097398926-2456850885-1865351773-
 
1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-
 
2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS
 
\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft 
 
Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-
 
8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft 
 
Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4
 
-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars
 
\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-
 
42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS
 
\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL 
 
(Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-
 
42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 
 
15\root\VFS\ProgramFilesX64\Microsoft Office
 
\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-
 
99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support 
 
Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll 
 
(Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-
 
768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart 
 
Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-
 
D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle 
 
Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-
 
8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files
 
\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft 
 
Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-
 
4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars
 
\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-
 
BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root
 
\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74
 
-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll 
 
(Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-
 
99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support 
 
Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll 
 
(Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-
 
0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart 
 
Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:
 
\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL 
 
(Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:
 
\Program Files (x86)\Skype\Toolbars\Internet Explorer 
 
x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - 
 
C:\Program Files (x86)\Skype\Toolbars\Internet Explorer
 
\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed
 
\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass
 
\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files
 
\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows
 
\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files 
 
(x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files 
 
(x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files 
 
(x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files 
 
(x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files 
 
(x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft 
 
Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program 
 
Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft 
 
Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:
 
\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll 
 
(Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:
 
\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll 
 
(Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:
 
\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll 
 
(Google Inc.)
FF Plugin-x32: 
 
@WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:
 
\Program Files (x86)\WildTangent Games\App\BrowserIntegration
 
\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 
 
11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:
 
\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF
 
\antiphishing@bullguard
FF Extension: BullGuard Safe Browsing - C:\Program Files\BullGuard 
 
Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard [2013
 
-11-25]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:
 
\Program Files (x86)\HP\Digital Imaging\Smart Web Printing
 
\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP
 
\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-11-25]
FF HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\...
 
\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files 
 
(x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR DefaultSuggestURL: Profile 1 -> http://ssmsp.ask.com/query?
 
sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Catherine\AppData\Local\Google\Chrome\User 
 
Data\Default
CHR Extension: (Google Docs) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Default\Extensions
 
\aohghmighlieiainnegkcijnfilokake [2013-11-25]
CHR Extension: (Google Drive) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Default\Extensions
 
\apdfllckaahabafndbhieahigkjlhalf [2013-11-25]
CHR Extension: (WOT) - C:\Users\Catherine\AppData\Local\Google
 
\Chrome\User Data\Default\Extensions
 
\bhmmomiinigofkjcapegjjndpbikblnp [2013-11-26]
CHR Extension: (YouTube) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Default\Extensions
 
\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-25]
CHR Extension: (Google Search) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Default\Extensions
 
\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-25]
CHR Extension: (Appalachian Mountains: Sunset (NC)) - C:\Users
 
\Catherine\AppData\Local\Google\Chrome\User Data\Default
 
\Extensions\dmojiekdlgmcbkjoigacablpmmhngbll [2013-11-25]
CHR Extension: (AdBlock) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Default\Extensions
 
\gighmmpiobklfepjocnamgkkbiglidom [2013-11-25]
CHR Extension: (Google Wallet) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Default\Extensions
 
\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-25]
CHR Extension: (Gmail) - C:\Users\Catherine\AppData\Local\Google
 
\Chrome\User Data\Default\Extensions
 
\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-25]
CHR Profile: C:\Users\Catherine\AppData\Local\Google\Chrome\User 
 
Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Profile 1\Extensions
 
\apdfllckaahabafndbhieahigkjlhalf [2013-12-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users
 
\Catherine\AppData\Local\Google\Chrome\User Data\Profile 
 
1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (WOT) - C:\Users\Catherine\AppData\Local\Google
 
\Chrome\User Data\Profile 1\Extensions
 
\bhmmomiinigofkjcapegjjndpbikblnp [2013-12-16]
CHR Extension: (YouTube) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Profile 1\Extensions
 
\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-15]
CHR Extension: (Google Search) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Profile 1\Extensions
 
\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-15]
CHR Extension: (AdBlock) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Profile 1\Extensions
 
\gighmmpiobklfepjocnamgkkbiglidom [2013-12-16]
CHR Extension: (Hola Better Internet) - C:\Users\Catherine\AppData
 
\Local\Google\Chrome\User Data\Profile 1\Extensions
 
\gkojfkhlekighikafcpjkiklfbnlmeio [2014-02-26]
CHR Extension: (Pin It Button) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Profile 1\Extensions
 
\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-12-19]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Catherine
 
\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions
 
\hdokiejnpimakedhajhdlcegeplioahd [2013-12-19]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Catherine\AppData
 
\Local\Google\Chrome\User Data\Profile 1\Extensions
 
\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-01-24]
CHR Extension: (Loki) - C:\Users\Catherine\AppData\Local\Google
 
\Chrome\User Data\Profile 1\Extensions
 
\jbagbmcllcekhflbnbibibiipbdmfknp [2013-12-16]
CHR Extension: (Hangouts) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Profile 1\Extensions
 
\nckgahadagoaajjgafhacjanaoiihapd [2013-12-20]
CHR Extension: (Google Wallet) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Profile 1\Extensions
 
\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-15]
CHR Extension: (Gmail) - C:\Users\Catherine\AppData\Local\Google
 
\Chrome\User Data\Profile 1\Extensions
 
\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-15]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] 
 
- C:\Program Files (x86)\Skype\Toolbars\ChromeExtension
 
\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the 
 
registry. The file will not be moved unless listed separately.)
 
R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll 
 
[850256 2015-01-29] (BullGuard Ltd.)
R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard
 
\BullGuardBhvScanner.exe [601424 2015-01-29] (BullGuard Ltd.)
R2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll 
 
[156496 2015-01-29] (BullGuard Ltd.)
R2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll 
 
[428368 2015-01-29] (BullGuard Ltd.)
R2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [756048 
 
2015-01-29] (BullGuard Ltd.)
R2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy
 
\BsMailProxy.dll [759632 2015-01-29] (BullGuard Ltd.)
R2 BsMain; c:\program files\bullguard ltd\bullguard\bsmain.dll [551248 
 
2015-01-29] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard
 
\BullGuardScanner.exe [280912 2015-01-29] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard
 
\BullGuardUpdate.exe [384848 2015-01-29] (BullGuard Ltd.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars
 
\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] 
 
(Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc
 
\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard
 
\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] 
 
(Hewlett-Packard) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 
 
15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft 
 
Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\Cyberlink
 
\PowerDVD10\NavFilter\kmsvc.exe [245264 2012-09-18] (CyberLink)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent 
 
Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] 
 
(WildTangent)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe 
 
[127752 2015-02-07] (SurfRight B.V.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard
 
\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-
 
Packard Company) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin
 
\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin
 
\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Users\Catherine\AppData\Local\Temp\7zS185F
 
\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not 
 
signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver
 
\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) 
 
[File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 
 
2010-08-06] (Hewlett-Packard) [File not signed]
S3 PACSPTISVR-Sound_Organizer; C:\Program Files (x86)\Sony\Sound 
 
Organizer\Sony.Earth\PACSPTISVR.exe [157024 2010-11-19] (Sony 
 
Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe 
 
[1134584 2012-04-04] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 
 
2010-08-06] (Hewlett-Packard) [File not signed]
R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal 
 
Edition\ppped.exe [1013696 2012-03-27] (Cyber Power Systems, Inc.)
R2 RalinkCountryRegion; C:\Program Files (x86)\Ralink\Common
 
\RaCountryRegion.exe [42496 2012-07-27] (Ralink Technology, Corp.) 
 
[File not signed]
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common
 
\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not 
 
signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common
 
\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File 
 
not signed]
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common
 
\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [311296 2012
 
-03-30] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll 
 
[1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the 
 
registry. The file will not be moved unless listed separately.)
 
R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [41680 2014-09-08] 
 
(Agnitum Ltd.)
R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [469712 
 
2014-09-08] (Agnitum Ltd.)
R1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [117184 
 
2014-06-18] (BullGuard Ltd.)
R3 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [34896 2014-
 
04-03] (BullGuard Ltd.)
R1 BdSpy; C:\Windows\System32\drivers\BdSpy.sys [67680 2013-11-06] 
 
(BullGuard Ltd.)
S3 hpvision; C:\Windows\System32\drivers\hp64vision.sys [26912 2013
 
-02-08] (Windows ® Codename Longhorn DDK provider)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-
 
04-30] (Intel Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys 
 
[64280 2013-05-30] (Logitech Inc.)
R3 MBAMSwissArmy; C:\windows\system32\drivers
 
\MBAMSwissArmy.sys [129752 2015-02-07] (Malwarebytes Corporation)
R1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS
 
\NSKernel.sys [321624 2015-01-29] (BullGuard Ltd.)
R1 NovaShieldTDIDriver; C:\Windows\System32\DRIVERS
 
\NSNetmon.sys [27544 2015-01-29] (BullGuard Ltd.)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [350160 2013-
 
11-06] (BitDefender S.R.L.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. 
 
Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders 
 
========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-07 02:35 - 2015-02-07 02:36 - 00000000 ____D () C:\FRST
2015-02-07 02:26 - 2015-02-07 02:26 - 00001899 _____ () C:\Users
 
\Public\Desktop\HitmanPro.lnk
2015-02-07 02:26 - 2015-02-07 02:26 - 00000000 ____D () C:
 
\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-02-07 02:26 - 2015-02-07 02:26 - 00000000 ____D () C:\Program 
 
Files\HitmanPro
2015-02-07 02:24 - 2015-02-07 02:34 - 00000000 ____D () C:
 
\ProgramData\HitmanPro
2015-02-07 02:02 - 2015-02-07 02:02 - 00002704 _____ () C:\Users
 
\Catherine\Desktop\Rkill.txt
2015-02-07 00:18 - 2015-02-07 00:18 - 00000512 _____ () C:\windows
 
\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2015-02-06 23:24 - 2015-02-07 00:14 - 00000000 ____D () C:
 
\AdwCleaner
2015-02-06 21:51 - 2015-02-06 23:27 - 00006048 _____ () C:\windows
 
\PFRO.log
2015-02-06 08:10 - 2015-02-07 01:22 - 00000392 _____ () C:\windows
 
\setupact.log
2015-02-06 08:10 - 2015-02-06 08:10 - 00000000 _____ () C:\windows
 
\setuperr.log
2015-02-05 21:27 - 2015-02-05 21:27 - 00000000 ____D () C:
 
\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2015-02-05 21:27 - 2015-02-05 21:27 - 00000000 ____D () C:\Program 
 
Files (x86)\AutoHotkey
2015-02-05 16:44 - 2015-02-05 16:44 - 00000000 ____D () C:\Users
 
\Catherine\Documents\My Cheat Tables
2015-02-03 15:01 - 2015-02-03 14:58 - 09718653 _____ () C:\Users
 
\Catherine\Desktop\04 The Hounds.m4a
2015-01-30 17:03 - 2015-01-30 17:03 - 00003012 _____ () C:\windows
 
\System32\Tasks\{A47A5B87-D112-4E73-9AB9-35C3A09A065E}
2015-01-30 15:53 - 2015-01-30 15:53 - 00003012 _____ () C:\windows
 
\System32\Tasks\{4B74C964-8610-4709-860C-207F88DE2FC6}
2015-01-30 14:37 - 2015-01-30 14:37 - 00000000 ____D () C:\Users
 
\Catherine\Documents\Amnesia
2015-01-29 05:14 - 2015-01-29 05:14 - 00153712 _____ (BullGuard Ltd.) 
 
C:\windows\system32\BgGamingMonitor.dll
2015-01-29 05:14 - 2015-01-29 05:14 - 00140280 _____ (BullGuard Ltd.) 
 
C:\windows\SysWOW64\BgGamingMonitor.dll
2015-01-29 05:14 - 2015-01-29 05:14 - 00076624 _____ (BullGuard Ltd.) 
 
C:\windows\system32\BGLsp.dll
2015-01-29 05:14 - 2015-01-29 05:14 - 00064336 _____ (BullGuard Ltd.) 
 
C:\windows\SysWOW64\BGLsp.dll
2015-01-28 03:02 - 2015-01-28 03:02 - 00002960 _____ () C:\Users
 
\Catherine\Desktop\write Susan.txt
2015-01-27 22:38 - 2015-01-27 22:38 - 00001876 _____ () C:\Users
 
\Catherine\Desktop\STEAM game list, January 27, 2015.txt
2015-01-14 16:20 - 2014-12-11 21:35 - 05553592 _____ (Microsoft 
 
Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 16:20 - 2014-12-11 21:31 - 00503808 _____ (Microsoft 
 
Corporation) C:\windows\system32\srcore.dll
2015-01-14 16:20 - 2014-12-11 21:31 - 00296960 _____ (Microsoft 
 
Corporation) C:\windows\system32\rstrui.exe
2015-01-14 16:20 - 2014-12-11 21:31 - 00050176 _____ (Microsoft 
 
Corporation) C:\windows\system32\srclient.dll
2015-01-14 16:20 - 2014-12-11 21:11 - 03971512 _____ (Microsoft 
 
Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-14 16:20 - 2014-12-11 21:11 - 03916728 _____ (Microsoft 
 
Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-14 16:20 - 2014-12-11 21:07 - 00043008 _____ (Microsoft 
 
Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-13 18:54 - 2014-12-18 19:06 - 00210432 _____ (Microsoft 
 
Corporation) C:\windows\system32\profsvc.dll
2015-01-13 18:54 - 2014-12-18 17:46 - 00141312 _____ (Microsoft 
 
Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-13 18:54 - 2014-12-11 09:47 - 00087040 _____ (Microsoft 
 
Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-13 18:54 - 2014-12-05 20:17 - 00303616 _____ (Microsoft 
 
Corporation) C:\windows\system32\nlasvc.dll
2015-01-13 18:54 - 2014-12-05 19:50 - 00156672 _____ (Microsoft 
 
Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-13 18:54 - 2014-12-05 19:50 - 00052224 _____ (Microsoft 
 
Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-13 00:55 - 2015-01-13 00:55 - 00000222 _____ () C:\Users
 
\Catherine\Desktop\South Park The Stick of Truth.url
 
==================== One Month Modified Files and Folders 
 
=======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-07 02:34 - 2013-11-25 08:53 - 00000000 ____D () C:
 
\ProgramData\BullGuard
2015-02-07 02:22 - 2013-11-20 11:42 - 00003958 _____ () C:\windows
 
\System32\Tasks\User_Feed_Synchronization-{B80D64BE-C687-4C20-
 
83FC-0F83FF9CA832}
2015-02-07 02:15 - 2013-09-17 22:03 - 00000830 _____ () C:\windows
 
\Tasks\Adobe Flash Player Updater.job
2015-02-07 02:13 - 2013-11-25 16:20 - 00000898 _____ () C:\windows
 
\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-07 02:06 - 2014-07-01 22:40 - 00129752 _____ (Malwarebytes 
 
Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-07 01:33 - 2013-11-27 11:47 - 00000000 ____D () C:\Users
 
\Catherine\AppData\Roaming\Skype
2015-02-07 01:23 - 2014-12-07 10:18 - 01937933 _____ () C:\windows
 
\WindowsUpdate.log
2015-02-07 01:23 - 2014-09-23 14:57 - 00000000 ___RD () C:\Users
 
\Catherine\iCloudDrive
2015-02-07 01:23 - 2013-11-26 14:24 - 00000000 ____D () C:\Users
 
\Catherine\AppData\Roaming\Dropbox
2015-02-07 01:23 - 2013-11-25 16:20 - 00000894 _____ () C:\windows
 
\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-07 00:24 - 2009-07-13 20:45 - 00024608 ____H () C:\windows
 
\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456
 
-A289-439d-8115-601632D005A0
2015-02-07 00:24 - 2009-07-13 20:45 - 00024608 ____H () C:\windows
 
\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456
 
-A289-439d-8115-601632D005A0
2015-02-07 00:21 - 2009-07-13 21:13 - 00006166 _____ () C:\windows
 
\system32\PerfStringBackup.INI
2015-02-07 00:17 - 2013-09-17 22:06 - 00000000 ____D () C:
 
\ProgramData\PDFC
2015-02-07 00:16 - 2013-11-26 09:53 - 00000000 ____D () C:\Program 
 
Files (x86)\CyberPower PowerPanel Personal Edition
2015-02-07 00:16 - 2013-11-25 09:13 - 00000356 _____ () C:\windows
 
\system32\config\afw_hm.conf
2015-02-07 00:16 - 2013-11-25 09:13 - 00000004 _____ () C:\windows
 
\system32\config\afw_db.conf
2015-02-07 00:16 - 2009-07-13 21:08 - 00000006 ____H () C:\windows
 
\Tasks\SA.DAT
2015-02-07 00:07 - 2014-10-28 10:12 - 00000000 ____D () C:\Program 
 
Files (x86)\FileHippo.com
2015-02-06 23:32 - 2014-01-31 19:09 - 00000000 ____D () C:\Users
 
\Catherine\AppData\Local\CrashDumps
2015-02-06 21:08 - 2013-11-25 16:20 - 00003894 _____ () C:\windows
 
\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 21:08 - 2013-11-25 16:20 - 00003642 _____ () C:\windows
 
\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-06 15:00 - 2013-11-26 07:46 - 00003950 _____ () C:\windows
 
\System32\Tasks\User_Feed_Synchronization-{D946F186-0461-48DA-
 
8A3F-73CB2843DC38}
2015-02-06 13:36 - 2013-11-24 12:48 - 00003210 _____ () C:\windows
 
\System32\Tasks\HPCeeScheduleForCatherine
2015-02-06 13:36 - 2013-11-24 12:48 - 00000348 _____ () C:\windows
 
\Tasks\HPCeeScheduleForCatherine.job
2015-02-05 21:27 - 2010-11-20 23:16 - 00000000 ____D () C:\windows
 
\ShellNew
2015-02-05 16:36 - 2013-12-12 14:33 - 00000000 ____D () C:
 
\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-02-05 16:36 - 2013-12-12 14:33 - 00000000 ____D () C:\Program 
 
Files\Logitech Gaming Software
2015-02-05 16:35 - 2013-12-20 16:17 - 00018960 _____ (Logitech, Inc.) 
 
C:\windows\system32\Drivers\LNonPnP.sys
2015-02-05 13:12 - 2013-09-17 22:03 - 00003768 _____ () C:\windows
 
\System32\Tasks\Adobe Flash Player Updater
2015-02-04 22:45 - 2013-09-17 22:03 - 00701616 _____ (Adobe Systems 
 
Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 22:45 - 2013-09-17 22:03 - 00071344 _____ (Adobe Systems 
 
Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 20:51 - 2014-02-24 14:12 - 00000000 ____D () C:\Program 
 
Files (x86)\Steam
2015-02-04 14:00 - 2013-12-15 14:33 - 00003198 _____ () C:\windows
 
\System32\Tasks\HPCeeScheduleForMichael
2015-02-04 14:00 - 2013-12-15 14:33 - 00000340 _____ () C:\windows
 
\Tasks\HPCeeScheduleForMichael.job
2015-02-03 09:34 - 2013-12-31 10:09 - 00000000 ____D () C:\Users
 
\Michael\AppData\Local\CrashDumps
2015-02-01 13:17 - 2013-12-08 13:48 - 00000000 _____ () C:\windows
 
\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-02-01 13:17 - 2013-11-24 12:47 - 00000052 _____ () C:\windows
 
\SysWOW64\DOErrors.log
2015-01-29 05:14 - 2014-10-29 07:57 - 00321624 _____ (BullGuard Ltd.) 
 
C:\windows\system32\Drivers\NSKernel.sys
2015-01-29 05:14 - 2014-10-29 07:57 - 00027544 _____ (BullGuard Ltd.) 
 
C:\windows\system32\Drivers\NSNetmon.sys
2015-01-15 17:57 - 2014-10-24 20:27 - 00000000 ____D () C:\Users
 
\Catherine\Documents\My Games
2015-01-15 03:08 - 2013-11-24 15:30 - 00000000 ____D () C:\windows
 
\system32\MRT
2015-01-15 03:00 - 2013-11-24 15:30 - 113365784 _____ (Microsoft 
 
Corporation) C:\windows\system32\MRT.exe
2015-01-13 00:55 - 2013-12-05 16:08 - 00000000 ____D () C:\Users
 
\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu
 
\Programs\Steam
2015-01-08 10:56 - 2015-01-07 12:59 - 00000000 ____D () C:\Users
 
\Catherine\Desktop\DESKTOP CRAP
 
==================== Files in the root of some directories =======
 
2013-11-24 16:03 - 2013-11-25 14:15 - 0001594 _____ () C:
 
\ProgramData\hpzinstall.log
2013-11-26 08:34 - 2013-11-26 08:34 - 0000268 ___RH () C:
 
\ProgramData\Hybrid Synthesizers
2014-04-03 08:21 - 2014-04-06 12:04 - 0000298 _____ () C:
 
\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-11-26 08:34 - 2014-08-10 22:33 - 0000020 ____H () C:
 
\ProgramData\PKP_DLdu.DAT
 
Files to move or delete:
====================
C:\Users\Catherine\Setup.X86.en-
 
US_O365HomePremRetail_812fb051-91c7-4a1f-88e2-
 
bc9825ff76c5_TX_PR_.exe
 
 
Some content of TEMP:
====================
C:\Users\Catherine\AppData\Local\Temp\dropbox_sqlite_ext.
 
{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpghvmyy.dll
C:\Users\Catherine\AppData\Local\Temp\Extract.exe
C:\Users\Catherine\AppData\Local\Temp\Quarantine.exe
C:\Users\Catherine\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check 
 
=================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-03 13:41
 
==================== End Of Log 
 
============================
 
[ Addition.txt file to follow pasted on a second email.  Perhaps that will get through to you. ]

 


"Writing is rewriting.  Everything else is just typing."  -- Truman Capote


BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,292 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:11:39 AM

Posted 07 February 2015 - 06:01 PM

You have a reply to your original malware log topic: http://www.bleepingcomputer.com/forums/t/566006/infected-with-positive-finds-adware-redirecting-me-to-other-windowspop-ups/

To avoid confusion for everyone I am closing this topic. Please continue in your original topic. The issues you are experiencing with the site are most likely malware related.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users