Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Positive Finds Adware, redirecting me to other windows,pop-ups


  • This topic is locked This topic is locked
2 replies to this topic

#1 boocat

boocat

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:rainy southern Oregon coast
  • Local time:05:48 AM

Posted 07 February 2015 - 05:46 PM

Well, "Down for Everyone or Just Me?" says you guys are really here.  But I have tried to submit a help request five times now over a twelve hour period trying to get help evicting the "Positive Finds Adware" that has suddenly gotten everywhere in my rig.  I apparently cannot even email you.  Not sure what to do.

 

Original plea:

 

Ran Malwarebytes, which quarantined 23 threats.  Rebooted.  Positive Finds Ads was still there unchanged.
 
Ran AdwCleaner; it found some threats.  Rebooted.  Still had the same infection.  (Saved the log.)
 
Ran Rkill, it saw nothing.  Adware still there.  (I saved the log.)
 
Ran Hitman Pro for 64-bit operating system.  It detected nothing.  (Saved the log.)  The adware pop-ups are still there, as are the hair-trigger page re-directs.
 
Thank you for your time.
 
Tried to submit this plea properly five times over the last twelve hours, as per the "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help" page.  But it simply will not send.  Finally got a plain email note posted!  I am hoping I can edit the other necessary information into it.  I am a sixty-one year-old housewife and this situation is way beyond my simple abilities.
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-
 
2015
Ran by Catherine (administrator) on CATHERINE-HP on 07-02-2015 
 
02:36:05
Running from J:\Computer
Loaded Profiles: Catherine & Michael (Available profiles: Catherine & 
 
Michael)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: 
 
English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: 
 
 
farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will 
 
not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display
 
\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device 
 
Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard
 
\BullGuardBhvScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard
 
\BullGuardScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard
 
\BullGuardUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars
 
\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars
 
\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 
 
15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower 
 
PowerPanel Personal Edition\ppped.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common
 
\RaCountryRegion.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common
 
\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common
 
\RaRegistry64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared
 
\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared
 
\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart
 
\Calendar\Service\GCalService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 
 
Support Framework\HPSA_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service 
 
v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management 
 
Engine Components\LMS\LMS.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer
 
\hpsysdrv.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard
 
\BullGuard.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\G-series 
 
Software\LGDCore.exe
(Flux Software LLC) C:\Users\Catherine\AppData\Local\FluxSoftware
 
\Flux\flux.exe
() C:\Users\Catherine\AppData\Local\Amazon Music\Amazon Music 
 
Helper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet 
 
Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet 
 
Services\iCloudDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin
 
\AudibleDownloadHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin
 
\hpqtra08.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 
 
eXtensible Host Controller Driver\Application\iusb3mon.exe
(Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon
 
\Monitor\NkMonitor.exe
(Dropbox, Inc.) C:\Users\Catherine\AppData\Roaming\Dropbox\bin
 
\Dropbox.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower 
 
PowerPanel Personal Edition\pppeuser.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update
 
\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart
 
\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple 
 
Application Support\APSDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard
 
\Files32\Spamfilter\LittleHook.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin
 
\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin
 
\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin
 
\hpqgpc01.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-
 
Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to 
 
default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM
 
\sttray64.exe [1425408 2012-03-30] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM
 
\beats64.exe [37888 2012-03-30] (Hewlett-Packard )
HKLM\...\Run: [HPSYSDRV] => C:\Program Files (x86)\Hewlett-
 
Packard\HP Odometer\HPSYSDRV.EXE [62768 2008-11-20] (Hewlett-
 
Packard)
HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd
 
\BullGuard\BullGuard.exe [1360208 2015-01-29] (BullGuard Ltd.)
HKLM\...\Run: [BullGuardUpdate2] => c:\program files\bullguard ltd
 
\bullguard\BullGuardUpdate2.exe [2935120 2015-01-29] (BullGuard Ltd.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming 
 
Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Common Files
 
\Logitech\G-series Software\LGDCore.exe [1783296 2006-07-22] 
 
(Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => "C:\Program Files\Common 
 
Files\Logitech\LCD Manager\lcdmon.exe"
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel
 
® USB 3.0 eXtensible Host Controller Driver\Application
 
\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF 
 
Complete\pdfsty.exe [684024 2012-04-04] (PDF Complete Inc)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital 
 
Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Nikon Transfer Monitor] => C:\Program Files 
 
(x86)\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2009-09
 
-15] (Nikon Corporation)
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => 
 
C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
 
\pppeuser.exe [350144 2012-03-27] (Cyber Power Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP
 
\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-
 
Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common 
 
Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-
 
10-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes
 
\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files 
 
(x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files 
 
(x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line
 
\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\...\Run: 
 
[f.lux] => C:\Users\Catherine\AppData\Local\FluxSoftware\Flux\flux.exe 
 
[1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\...\Run: 
 
[Amazon Music] => C:\Users\Catherine\AppData\Local\Amazon Music
 
\Amazon Music Helper.exe [6277952 2014-12-07] ()
HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\...\Run: 
 
[iCloudServices] => C:\Program Files (x86)\Common Files\Apple
 
\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\...\Run: 
 
[iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet 
 
Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\...\Run: 
 
[Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 
 
2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\...\Run: 
 
[GoogleChromeAutoLaunch_299D1954AA0A9120090187A4A4A95B5
 
A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
 
[843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\...
 
\MountPoints2: {2b667949-202d-11e3-bb08-806e6f6e6963} - E:
 
\Windows\Setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
 
\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files 
 
(x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
 
\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files 
 
(x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Catherine\AppData\Roaming\Microsoft\Windows
 
\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Catherine\AppData\Roaming
 
\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start 
 
Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft 
 
Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-
 
45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd
 
\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-
 
7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd
 
\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-
 
48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd
 
\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
 
==================== Internet (Whitelisted) 
 
====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed 
 
or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer
 
\Main,Start Page = http://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer
 
\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\Software
 
\Microsoft\Internet Explorer\Main,Start Page = 
 
HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\Software
 
\Microsoft\Internet Explorer\Main,Default_Page_URL = 
 
HKU\S-1-5-21-1097398926-2456850885-1865351773-1001\Software
 
\Microsoft\Internet Explorer\Main,Start Page = 
 
HKU\S-1-5-21-1097398926-2456850885-1865351773-1001\Software
 
\Microsoft\Internet Explorer\Main,Default_Page_URL = 
 
SearchScopes: HKLM -> {487F2C20-3FAF-4BB8-BA5C-3886ED432366} 
 
 
-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {487F2C20-3FAF-4BB8-BA5C-
 
 
ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-
 
keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL 
 
 
&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} 
 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-
 
A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-
 
A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-
 
A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1097398926-2456850885-1865351773-
 
1000 -> {487F2C20-3FAF-4BB8-BA5C-3886ED432366} URL = 
 
 
20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1097398926-2456850885-1865351773-
 
1001 -> {487F2C20-3FAF-4BB8-BA5C-3886ED432366} URL = 
 
 
20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1097398926-2456850885-1865351773-
 
1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = 
 
 
&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1097398926-2456850885-1865351773-
 
1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-
 
2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS
 
\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft 
 
Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-
 
8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft 
 
Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4
 
-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars
 
\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-
 
42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS
 
\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL 
 
(Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-
 
42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 
 
15\root\VFS\ProgramFilesX64\Microsoft Office
 
\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-
 
99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support 
 
Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll 
 
(Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-
 
768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart 
 
Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-
 
D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle 
 
Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-
 
8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files
 
\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft 
 
Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-
 
4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars
 
\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-
 
BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root
 
\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74
 
-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll 
 
(Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-
 
99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support 
 
Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll 
 
(Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-
 
0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart 
 
Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:
 
\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL 
 
(Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:
 
\Program Files (x86)\Skype\Toolbars\Internet Explorer 
 
x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - 
 
C:\Program Files (x86)\Skype\Toolbars\Internet Explorer
 
\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed
 
\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass
 
\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files
 
\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows
 
\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files 
 
(x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files 
 
(x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files 
 
(x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files 
 
(x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files 
 
(x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft 
 
Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program 
 
Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft 
 
Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:
 
\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll 
 
(Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:
 
\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll 
 
(Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:
 
\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll 
 
(Google Inc.)
FF Plugin-x32: 
 
@WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:
 
\Program Files (x86)\WildTangent Games\App\BrowserIntegration
 
\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 
 
11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:
 
\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF
 
\antiphishing@bullguard
FF Extension: BullGuard Safe Browsing - C:\Program Files\BullGuard 
 
Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard [2013
 
-11-25]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:
 
\Program Files (x86)\HP\Digital Imaging\Smart Web Printing
 
\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP
 
\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-11-25]
FF HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\...
 
\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files 
 
(x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR DefaultSuggestURL: Profile 1 -> http://ssmsp.ask.com/query?
 
sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Catherine\AppData\Local\Google\Chrome\User 
 
Data\Default
CHR Extension: (Google Docs) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Default\Extensions
 
\aohghmighlieiainnegkcijnfilokake [2013-11-25]
CHR Extension: (Google Drive) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Default\Extensions
 
\apdfllckaahabafndbhieahigkjlhalf [2013-11-25]
CHR Extension: (WOT) - C:\Users\Catherine\AppData\Local\Google
 
\Chrome\User Data\Default\Extensions
 
\bhmmomiinigofkjcapegjjndpbikblnp [2013-11-26]
CHR Extension: (YouTube) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Default\Extensions
 
\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-25]
CHR Extension: (Google Search) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Default\Extensions
 
\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-25]
CHR Extension: (Appalachian Mountains: Sunset (NC)) - C:\Users
 
\Catherine\AppData\Local\Google\Chrome\User Data\Default
 
\Extensions\dmojiekdlgmcbkjoigacablpmmhngbll [2013-11-25]
CHR Extension: (AdBlock) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Default\Extensions
 
\gighmmpiobklfepjocnamgkkbiglidom [2013-11-25]
CHR Extension: (Google Wallet) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Default\Extensions
 
\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-25]
CHR Extension: (Gmail) - C:\Users\Catherine\AppData\Local\Google
 
\Chrome\User Data\Default\Extensions
 
\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-25]
CHR Profile: C:\Users\Catherine\AppData\Local\Google\Chrome\User 
 
Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Profile 1\Extensions
 
\apdfllckaahabafndbhieahigkjlhalf [2013-12-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users
 
\Catherine\AppData\Local\Google\Chrome\User Data\Profile 
 
1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (WOT) - C:\Users\Catherine\AppData\Local\Google
 
\Chrome\User Data\Profile 1\Extensions
 
\bhmmomiinigofkjcapegjjndpbikblnp [2013-12-16]
CHR Extension: (YouTube) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Profile 1\Extensions
 
\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-15]
CHR Extension: (Google Search) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Profile 1\Extensions
 
\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-15]
CHR Extension: (AdBlock) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Profile 1\Extensions
 
\gighmmpiobklfepjocnamgkkbiglidom [2013-12-16]
CHR Extension: (Hola Better Internet) - C:\Users\Catherine\AppData
 
\Local\Google\Chrome\User Data\Profile 1\Extensions
 
\gkojfkhlekighikafcpjkiklfbnlmeio [2014-02-26]
CHR Extension: (Pin It Button) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Profile 1\Extensions
 
\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-12-19]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Catherine
 
\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions
 
\hdokiejnpimakedhajhdlcegeplioahd [2013-12-19]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Catherine\AppData
 
\Local\Google\Chrome\User Data\Profile 1\Extensions
 
\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-01-24]
CHR Extension: (Loki) - C:\Users\Catherine\AppData\Local\Google
 
\Chrome\User Data\Profile 1\Extensions
 
\jbagbmcllcekhflbnbibibiipbdmfknp [2013-12-16]
CHR Extension: (Hangouts) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Profile 1\Extensions
 
\nckgahadagoaajjgafhacjanaoiihapd [2013-12-20]
CHR Extension: (Google Wallet) - C:\Users\Catherine\AppData\Local
 
\Google\Chrome\User Data\Profile 1\Extensions
 
\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-15]
CHR Extension: (Gmail) - C:\Users\Catherine\AppData\Local\Google
 
\Chrome\User Data\Profile 1\Extensions
 
\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-15]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] 
 
- C:\Program Files (x86)\Skype\Toolbars\ChromeExtension
 
\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the 
 
registry. The file will not be moved unless listed separately.)
 
R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll 
 
[850256 2015-01-29] (BullGuard Ltd.)
R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard
 
\BullGuardBhvScanner.exe [601424 2015-01-29] (BullGuard Ltd.)
R2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll 
 
[156496 2015-01-29] (BullGuard Ltd.)
R2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll 
 
[428368 2015-01-29] (BullGuard Ltd.)
R2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [756048 
 
2015-01-29] (BullGuard Ltd.)
R2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy
 
\BsMailProxy.dll [759632 2015-01-29] (BullGuard Ltd.)
R2 BsMain; c:\program files\bullguard ltd\bullguard\bsmain.dll [551248 
 
2015-01-29] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard
 
\BullGuardScanner.exe [280912 2015-01-29] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard
 
\BullGuardUpdate.exe [384848 2015-01-29] (BullGuard Ltd.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars
 
\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] 
 
(Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc
 
\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard
 
\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] 
 
(Hewlett-Packard) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 
 
15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft 
 
Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\Cyberlink
 
\PowerDVD10\NavFilter\kmsvc.exe [245264 2012-09-18] (CyberLink)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent 
 
Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] 
 
(WildTangent)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe 
 
[127752 2015-02-07] (SurfRight B.V.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard
 
\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-
 
Packard Company) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin
 
\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin
 
\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Users\Catherine\AppData\Local\Temp\7zS185F
 
\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not 
 
signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver
 
\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) 
 
[File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 
 
2010-08-06] (Hewlett-Packard) [File not signed]
S3 PACSPTISVR-Sound_Organizer; C:\Program Files (x86)\Sony\Sound 
 
Organizer\Sony.Earth\PACSPTISVR.exe [157024 2010-11-19] (Sony 
 
Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe 
 
[1134584 2012-04-04] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 
 
2010-08-06] (Hewlett-Packard) [File not signed]
R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal 
 
Edition\ppped.exe [1013696 2012-03-27] (Cyber Power Systems, Inc.)
R2 RalinkCountryRegion; C:\Program Files (x86)\Ralink\Common
 
\RaCountryRegion.exe [42496 2012-07-27] (Ralink Technology, Corp.) 
 
[File not signed]
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common
 
\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not 
 
signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common
 
\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File 
 
not signed]
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common
 
\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [311296 2012
 
-03-30] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll 
 
[1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the 
 
registry. The file will not be moved unless listed separately.)
 
R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [41680 2014-09-08] 
 
(Agnitum Ltd.)
R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [469712 
 
2014-09-08] (Agnitum Ltd.)
R1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [117184 
 
2014-06-18] (BullGuard Ltd.)
R3 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [34896 2014-
 
04-03] (BullGuard Ltd.)
R1 BdSpy; C:\Windows\System32\drivers\BdSpy.sys [67680 2013-11-06] 
 
(BullGuard Ltd.)
S3 hpvision; C:\Windows\System32\drivers\hp64vision.sys [26912 2013
 
-02-08] (Windows ® Codename Longhorn DDK provider)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-
 
04-30] (Intel Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys 
 
[64280 2013-05-30] (Logitech Inc.)
R3 MBAMSwissArmy; C:\windows\system32\drivers
 
\MBAMSwissArmy.sys [129752 2015-02-07] (Malwarebytes Corporation)
R1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS
 
\NSKernel.sys [321624 2015-01-29] (BullGuard Ltd.)
R1 NovaShieldTDIDriver; C:\Windows\System32\DRIVERS
 
\NSNetmon.sys [27544 2015-01-29] (BullGuard Ltd.)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [350160 2013-
 
11-06] (BitDefender S.R.L.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. 
 
Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders 
 
========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-07 02:35 - 2015-02-07 02:36 - 00000000 ____D () C:\FRST
2015-02-07 02:26 - 2015-02-07 02:26 - 00001899 _____ () C:\Users
 
\Public\Desktop\HitmanPro.lnk
2015-02-07 02:26 - 2015-02-07 02:26 - 00000000 ____D () C:
 
\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-02-07 02:26 - 2015-02-07 02:26 - 00000000 ____D () C:\Program 
 
Files\HitmanPro
2015-02-07 02:24 - 2015-02-07 02:34 - 00000000 ____D () C:
 
\ProgramData\HitmanPro
2015-02-07 02:02 - 2015-02-07 02:02 - 00002704 _____ () C:\Users
 
\Catherine\Desktop\Rkill.txt
2015-02-07 00:18 - 2015-02-07 00:18 - 00000512 _____ () C:\windows
 
\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2015-02-06 23:24 - 2015-02-07 00:14 - 00000000 ____D () C:
 
\AdwCleaner
2015-02-06 21:51 - 2015-02-06 23:27 - 00006048 _____ () C:\windows
 
\PFRO.log
2015-02-06 08:10 - 2015-02-07 01:22 - 00000392 _____ () C:\windows
 
\setupact.log
2015-02-06 08:10 - 2015-02-06 08:10 - 00000000 _____ () C:\windows
 
\setuperr.log
2015-02-05 21:27 - 2015-02-05 21:27 - 00000000 ____D () C:
 
\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2015-02-05 21:27 - 2015-02-05 21:27 - 00000000 ____D () C:\Program 
 
Files (x86)\AutoHotkey
2015-02-05 16:44 - 2015-02-05 16:44 - 00000000 ____D () C:\Users
 
\Catherine\Documents\My Cheat Tables
2015-02-03 15:01 - 2015-02-03 14:58 - 09718653 _____ () C:\Users
 
\Catherine\Desktop\04 The Hounds.m4a
2015-01-30 17:03 - 2015-01-30 17:03 - 00003012 _____ () C:\windows
 
\System32\Tasks\{A47A5B87-D112-4E73-9AB9-35C3A09A065E}
2015-01-30 15:53 - 2015-01-30 15:53 - 00003012 _____ () C:\windows
 
\System32\Tasks\{4B74C964-8610-4709-860C-207F88DE2FC6}
2015-01-30 14:37 - 2015-01-30 14:37 - 00000000 ____D () C:\Users
 
\Catherine\Documents\Amnesia
2015-01-29 05:14 - 2015-01-29 05:14 - 00153712 _____ (BullGuard Ltd.) 
 
C:\windows\system32\BgGamingMonitor.dll
2015-01-29 05:14 - 2015-01-29 05:14 - 00140280 _____ (BullGuard Ltd.) 
 
C:\windows\SysWOW64\BgGamingMonitor.dll
2015-01-29 05:14 - 2015-01-29 05:14 - 00076624 _____ (BullGuard Ltd.) 
 
C:\windows\system32\BGLsp.dll
2015-01-29 05:14 - 2015-01-29 05:14 - 00064336 _____ (BullGuard Ltd.) 
 
C:\windows\SysWOW64\BGLsp.dll
2015-01-28 03:02 - 2015-01-28 03:02 - 00002960 _____ () C:\Users
 
\Catherine\Desktop\write Susan.txt
2015-01-27 22:38 - 2015-01-27 22:38 - 00001876 _____ () C:\Users
 
\Catherine\Desktop\STEAM game list, January 27, 2015.txt
2015-01-14 16:20 - 2014-12-11 21:35 - 05553592 _____ (Microsoft 
 
Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 16:20 - 2014-12-11 21:31 - 00503808 _____ (Microsoft 
 
Corporation) C:\windows\system32\srcore.dll
2015-01-14 16:20 - 2014-12-11 21:31 - 00296960 _____ (Microsoft 
 
Corporation) C:\windows\system32\rstrui.exe
2015-01-14 16:20 - 2014-12-11 21:31 - 00050176 _____ (Microsoft 
 
Corporation) C:\windows\system32\srclient.dll
2015-01-14 16:20 - 2014-12-11 21:11 - 03971512 _____ (Microsoft 
 
Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-14 16:20 - 2014-12-11 21:11 - 03916728 _____ (Microsoft 
 
Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-14 16:20 - 2014-12-11 21:07 - 00043008 _____ (Microsoft 
 
Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-13 18:54 - 2014-12-18 19:06 - 00210432 _____ (Microsoft 
 
Corporation) C:\windows\system32\profsvc.dll
2015-01-13 18:54 - 2014-12-18 17:46 - 00141312 _____ (Microsoft 
 
Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-13 18:54 - 2014-12-11 09:47 - 00087040 _____ (Microsoft 
 
Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-13 18:54 - 2014-12-05 20:17 - 00303616 _____ (Microsoft 
 
Corporation) C:\windows\system32\nlasvc.dll
2015-01-13 18:54 - 2014-12-05 19:50 - 00156672 _____ (Microsoft 
 
Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-13 18:54 - 2014-12-05 19:50 - 00052224 _____ (Microsoft 
 
Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-13 00:55 - 2015-01-13 00:55 - 00000222 _____ () C:\Users
 
\Catherine\Desktop\South Park The Stick of Truth.url
 
==================== One Month Modified Files and Folders 
 
=======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-07 02:34 - 2013-11-25 08:53 - 00000000 ____D () C:
 
\ProgramData\BullGuard
2015-02-07 02:22 - 2013-11-20 11:42 - 00003958 _____ () C:\windows
 
\System32\Tasks\User_Feed_Synchronization-{B80D64BE-C687-4C20-
 
83FC-0F83FF9CA832}
2015-02-07 02:15 - 2013-09-17 22:03 - 00000830 _____ () C:\windows
 
\Tasks\Adobe Flash Player Updater.job
2015-02-07 02:13 - 2013-11-25 16:20 - 00000898 _____ () C:\windows
 
\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-07 02:06 - 2014-07-01 22:40 - 00129752 _____ (Malwarebytes 
 
Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-07 01:33 - 2013-11-27 11:47 - 00000000 ____D () C:\Users
 
\Catherine\AppData\Roaming\Skype
2015-02-07 01:23 - 2014-12-07 10:18 - 01937933 _____ () C:\windows
 
\WindowsUpdate.log
2015-02-07 01:23 - 2014-09-23 14:57 - 00000000 ___RD () C:\Users
 
\Catherine\iCloudDrive
2015-02-07 01:23 - 2013-11-26 14:24 - 00000000 ____D () C:\Users
 
\Catherine\AppData\Roaming\Dropbox
2015-02-07 01:23 - 2013-11-25 16:20 - 00000894 _____ () C:\windows
 
\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-07 00:24 - 2009-07-13 20:45 - 00024608 ____H () C:\windows
 
\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456
 
-A289-439d-8115-601632D005A0
2015-02-07 00:24 - 2009-07-13 20:45 - 00024608 ____H () C:\windows
 
\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456
 
-A289-439d-8115-601632D005A0
2015-02-07 00:21 - 2009-07-13 21:13 - 00006166 _____ () C:\windows
 
\system32\PerfStringBackup.INI
2015-02-07 00:17 - 2013-09-17 22:06 - 00000000 ____D () C:
 
\ProgramData\PDFC
2015-02-07 00:16 - 2013-11-26 09:53 - 00000000 ____D () C:\Program 
 
Files (x86)\CyberPower PowerPanel Personal Edition
2015-02-07 00:16 - 2013-11-25 09:13 - 00000356 _____ () C:\windows
 
\system32\config\afw_hm.conf
2015-02-07 00:16 - 2013-11-25 09:13 - 00000004 _____ () C:\windows
 
\system32\config\afw_db.conf
2015-02-07 00:16 - 2009-07-13 21:08 - 00000006 ____H () C:\windows
 
\Tasks\SA.DAT
2015-02-07 00:07 - 2014-10-28 10:12 - 00000000 ____D () C:\Program 
 
Files (x86)\FileHippo.com
2015-02-06 23:32 - 2014-01-31 19:09 - 00000000 ____D () C:\Users
 
\Catherine\AppData\Local\CrashDumps
2015-02-06 21:08 - 2013-11-25 16:20 - 00003894 _____ () C:\windows
 
\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 21:08 - 2013-11-25 16:20 - 00003642 _____ () C:\windows
 
\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-06 15:00 - 2013-11-26 07:46 - 00003950 _____ () C:\windows
 
\System32\Tasks\User_Feed_Synchronization-{D946F186-0461-48DA-
 
8A3F-73CB2843DC38}
2015-02-06 13:36 - 2013-11-24 12:48 - 00003210 _____ () C:\windows
 
\System32\Tasks\HPCeeScheduleForCatherine
2015-02-06 13:36 - 2013-11-24 12:48 - 00000348 _____ () C:\windows
 
\Tasks\HPCeeScheduleForCatherine.job
2015-02-05 21:27 - 2010-11-20 23:16 - 00000000 ____D () C:\windows
 
\ShellNew
2015-02-05 16:36 - 2013-12-12 14:33 - 00000000 ____D () C:
 
\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-02-05 16:36 - 2013-12-12 14:33 - 00000000 ____D () C:\Program 
 
Files\Logitech Gaming Software
2015-02-05 16:35 - 2013-12-20 16:17 - 00018960 _____ (Logitech, Inc.) 
 
C:\windows\system32\Drivers\LNonPnP.sys
2015-02-05 13:12 - 2013-09-17 22:03 - 00003768 _____ () C:\windows
 
\System32\Tasks\Adobe Flash Player Updater
2015-02-04 22:45 - 2013-09-17 22:03 - 00701616 _____ (Adobe Systems 
 
Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 22:45 - 2013-09-17 22:03 - 00071344 _____ (Adobe Systems 
 
Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 20:51 - 2014-02-24 14:12 - 00000000 ____D () C:\Program 
 
Files (x86)\Steam
2015-02-04 14:00 - 2013-12-15 14:33 - 00003198 _____ () C:\windows
 
\System32\Tasks\HPCeeScheduleForMichael
2015-02-04 14:00 - 2013-12-15 14:33 - 00000340 _____ () C:\windows
 
\Tasks\HPCeeScheduleForMichael.job
2015-02-03 09:34 - 2013-12-31 10:09 - 00000000 ____D () C:\Users
 
\Michael\AppData\Local\CrashDumps
2015-02-01 13:17 - 2013-12-08 13:48 - 00000000 _____ () C:\windows
 
\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-02-01 13:17 - 2013-11-24 12:47 - 00000052 _____ () C:\windows
 
\SysWOW64\DOErrors.log
2015-01-29 05:14 - 2014-10-29 07:57 - 00321624 _____ (BullGuard Ltd.) 
 
C:\windows\system32\Drivers\NSKernel.sys
2015-01-29 05:14 - 2014-10-29 07:57 - 00027544 _____ (BullGuard Ltd.) 
 
C:\windows\system32\Drivers\NSNetmon.sys
2015-01-15 17:57 - 2014-10-24 20:27 - 00000000 ____D () C:\Users
 
\Catherine\Documents\My Games
2015-01-15 03:08 - 2013-11-24 15:30 - 00000000 ____D () C:\windows
 
\system32\MRT
2015-01-15 03:00 - 2013-11-24 15:30 - 113365784 _____ (Microsoft 
 
Corporation) C:\windows\system32\MRT.exe
2015-01-13 00:55 - 2013-12-05 16:08 - 00000000 ____D () C:\Users
 
\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu
 
\Programs\Steam
2015-01-08 10:56 - 2015-01-07 12:59 - 00000000 ____D () C:\Users
 
\Catherine\Desktop\DESKTOP CRAP
 
==================== Files in the root of some directories =======
 
2013-11-24 16:03 - 2013-11-25 14:15 - 0001594 _____ () C:
 
\ProgramData\hpzinstall.log
2013-11-26 08:34 - 2013-11-26 08:34 - 0000268 ___RH () C:
 
\ProgramData\Hybrid Synthesizers
2014-04-03 08:21 - 2014-04-06 12:04 - 0000298 _____ () C:
 
\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-11-26 08:34 - 2014-08-10 22:33 - 0000020 ____H () C:
 
\ProgramData\PKP_DLdu.DAT
 
Files to move or delete:
====================
C:\Users\Catherine\Setup.X86.en-
 
US_O365HomePremRetail_812fb051-91c7-4a1f-88e2-
 
bc9825ff76c5_TX_PR_.exe
 
 
Some content of TEMP:
====================
C:\Users\Catherine\AppData\Local\Temp\dropbox_sqlite_ext.
 
{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpghvmyy.dll
C:\Users\Catherine\AppData\Local\Temp\Extract.exe
C:\Users\Catherine\AppData\Local\Temp\Quarantine.exe
C:\Users\Catherine\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check 
 
=================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-03 13:41
 
==================== End Of Log 
 
============================

Edited by boocat, 07 February 2015 - 05:52 PM.

"Writing is rewriting.  Everything else is just typing."  -- Truman Capote


BC AdBot (Login to Remove)

 


m

#2 boocat

boocat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:rainy southern Oregon coast
  • Local time:05:48 AM

Posted 07 February 2015 - 05:54 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015
Ran by Catherine at 2015-02-07 02:37:09
Running from J:\Computer
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: BullGuard Antivirus (Enabled - Up to date) {EDBB5818-2352-E06B-028A-4E6873B92CC5}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: BullGuard Antispyware (Enabled - Up to date) {56DAB9FC-0568-EFE5-383A-751A083E6678}
FW: BullGuard Firewall (Enabled) {D580D93D-693D-E133-29D5-E75D8D6A6BBE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Amazon Kindle (HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\...\Amazon Kindle) (Version:  - Amazon)
Amazon Music (HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.1.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 2.1.0 - Amazon Services LLC) Hidden
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - Frictional Games)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed II (HKLM-x32\...\Steam App 33230) (Version:  - Ubisoft Montreal)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
BullGuard (HKLM\...\BullGuard) (Version: 14.0 - BullGuard Ltd.)
calibre 64bit (HKLM\...\{C30715AA-E41F-4B8E-BA9E-4C455FB22DD4}) (Version: 2.4.0 - Kovid Goyal)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4519 - CyberLink Corp.)
CyberPower PowerPanel Personal Edition 1.3.3 (HKLM-x32\...\{972F23F4-F293-4074-853D-125A59EB356D}) (Version: 1.3.3 - Cyber Power Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Escape the Emerald Star (x32 Version: 2.2.0.98 - WildTangent) Hidden
Ether One (HKLM-x32\...\Steam App 265950) (Version:  - White Paper Games)
f.lux (HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\...\Flux) (Version:  - )
F300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
F300_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
F300Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.97 - WildTangent) Hidden
FastStone Image Viewer 5.3 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.3 - FastStone Soft)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Golden Trails 2: The Lost Legacy Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{750E9D0F-B188-4A7E-ADD2-84B7ED7D32F6}) (Version: 5.1.4281.27332 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 6.0.0.0 - Hewlett-Packard)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP RSS (HKLM-x32\...\{452479C5-0118-48E9-AA69-0A7339F95FC8}) (Version: 5.1.4289.23799 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{776CC95E-8160-401B-AC79-164822AA8306}) (Version: 5.1.4245.22595 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Logitech G11 Keyboard Software 1.03 (HKLM\...\{59427B1F-852F-4AF1-8215-E5B12F966D89}) (Version: 1.3.166.0 - Logitech)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MURDERED: SOUL SUSPECT™ (HKLM-x32\...\Steam App 233290) (Version:  - Airtight Games)
My Farm Life 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
My Game Long Name (HKLM\...\UDK-c6b1f84e-c74e-4ad2-9d7a-030af9c0475a) (Version:  - Epic Games, Inc.)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.5.3 - Nikon)
NVIDIA Graphics Driver 296.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.28 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.14.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.14.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
OverDrive Media Console (HKLM-x32\...\{7A9AB748-A66C-46C2-84CA-D3185727C9B0}) (Version: 3.3.1 - OverDrive, Inc.)
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.95 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.6207 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.6207 - CyberLink Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.33.1 - Mediatek)
Recovery Manager (x32 Version: 5.5.0.5119 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Return to Castle Wolfenstein (HKLM-x32\...\Steam App 9010) (Version:  - Gray Matter Studios)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sound Organizer (HKLM-x32\...\{010813A5-CE68-4C86-96F4-11CAEA3E6292}) (Version: 1.1.1.12161 - Sony Corporation)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version:  - Obsidian Entertainment)
Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
The Room (HKLM-x32\...\Steam App 288160) (Version:  - Fireproof Games)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}) (Version: 16.0.9715 - WinZip Computing, S.L. )
Youda Fisherman (x32 Version: 2.2.0.98 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1097398926-2456850885-1865351773-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Catherine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1097398926-2456850885-1865351773-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Catherine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1097398926-2456850885-1865351773-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Catherine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1097398926-2456850885-1865351773-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Catherine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1097398926-2456850885-1865351773-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Catherine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1097398926-2456850885-1865351773-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1097398926-2456850885-1865351773-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1097398926-2456850885-1865351773-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1097398926-2456850885-1865351773-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1097398926-2456850885-1865351773-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1097398926-2456850885-1865351773-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1097398926-2456850885-1865351773-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1097398926-2456850885-1865351773-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
03-02-2015 03:00:10 Windows Update
05-02-2015 16:14:39 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
05-02-2015 16:34:50 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0591C390-04AF-4AC7-A116-5D0ADC8D631F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {0B05578A-30B8-410B-8527-72E04F81E4AD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {0E6EC76A-8936-4836-8746-40153AC903F8} - System32\Tasks\{C868B4D6-E357-4CFD-B75C-05A4D4231230} => C:\Users\Catherine\AppData\Local\Amazon\Kindle\application\Kindle.exe [2014-02-26] (Amazon.com)
Task: {23FDD52B-433A-4887-AF0F-2D66C624A7BE} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {2AB608EC-9663-4FB3-B40F-6C911D8A2D19} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation)
Task: {34A356EB-C2E4-4DD0-A417-FC8FBC97789B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {3BF149CB-9407-4D34-B4BD-2F0DE7D3F8F0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {3D228A6E-C83E-4914-9FEA-42D603AD1EF4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {4864DD84-55A0-4B5B-86BE-B3F6E2573A03} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4CFB366F-BFDB-490E-A62D-BAFFB11D5645} - System32\Tasks\{FEA50CD5-E7CE-4F1D-9181-1047C71CB55C} => C:\Users\Catherine\AppData\Local\Amazon\Kindle\application\Kindle.exe [2014-02-26] (Amazon.com)
Task: {51D9D984-51BA-4A43-A4AA-30C9DE8F2799} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {55FA2034-6019-457A-9EB3-CADF5223202D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-25] (Google Inc.)
Task: {5D66ABD3-3823-4E43-9DC7-ACE9247FA1A0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {7B99D93C-61AF-4484-AC1C-DFD18A871A53} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2012-03-19] (CyberLink)
Task: {874C5C4F-48FA-46B7-8F3F-930D9A6DCE1D} - System32\Tasks\{B44FE1D7-A088-473E-818B-C40F51BF86E6} => pcalua.exe -a C:\Users\Catherine\Downloads\AudibleDM_iTunesSetup.exe -d C:\Users\Catherine\Downloads
Task: {969A40B1-D22B-4F6E-A8E9-98529CC10741} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-25] (Google Inc.)
Task: {9AEF4971-7399-487B-9C11-6584D0A3D423} - System32\Tasks\{5886DBB7-24AA-4A0D-BE40-C2D72B5F1175} => C:\Users\Catherine\AppData\Local\Amazon\Kindle\application\Kindle.exe [2014-02-26] (Amazon.com)
Task: {A3DB4B5B-5648-4CFF-B6F4-1228F9291DB4} - System32\Tasks\{D85287C8-AC38-43CB-9D57-A3BBBD764D7C} => C:\Users\Catherine\AppData\Local\Amazon\Kindle\application\Kindle.exe [2014-02-26] (Amazon.com)
Task: {AD8555A0-BA53-471F-9349-DD7089159B2F} - System32\Tasks\HPCeeScheduleForMichael => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {C461B641-6A05-473D-9FE9-2A119F354B58} - System32\Tasks\HPCeeScheduleForCatherine => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {C7170F76-1AF3-44C3-997F-BD84250E86DA} - System32\Tasks\{A47A5B87-D112-4E73-9AB9-35C3A09A065E} => C:\Program Files (x86)\Steam\steamapps\common\TheRoom\TheRoom.exe
Task: {CEC84998-3EB1-4978-B689-552E7D67A052} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {D20AF87E-53FB-42F0-A993-4E46D7AECAD1} - System32\Tasks\{4B74C964-8610-4709-860C-207F88DE2FC6} => C:\Program Files (x86)\Steam\steamapps\common\TheRoom\TheRoom.exe
Task: {E5160C39-B874-4139-BE0D-26D7AE5CC968} - System32\Tasks\{1EC72F3D-0FEE-4D21-B600-94D291711225} => C:\Users\Catherine\AppData\Local\Amazon\Kindle\application\Kindle.exe [2014-02-26] (Amazon.com)
Task: {FEF75363-EB23-4B0D-885F-DF283CEDC807} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForCatherine.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\HPCeeScheduleForMichael.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-01-29 05:14 - 2015-01-29 05:14 - 00613200 _____ () c:\program files\bullguard ltd\bullguard\SQLite.dll
2015-01-29 05:14 - 2015-01-29 05:14 - 00084304 _____ () c:\program files\bullguard ltd\bullguard\zlib1.dll
2015-01-29 05:14 - 2015-01-29 05:14 - 00653136 _____ () c:\program files\bullguard ltd\bullguard\LibXml2.dll
2015-01-29 05:14 - 2015-01-29 05:14 - 00653136 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll
2015-01-29 05:14 - 2015-01-29 05:14 - 00021800 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BullGuardBhvScannerRes.dll
2015-01-29 05:14 - 2015-01-29 05:14 - 00064848 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
2015-01-29 05:14 - 2015-01-29 05:14 - 00084304 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
2014-03-15 08:08 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-11-19 16:26 - 2014-09-23 05:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-01-29 05:14 - 2015-01-29 05:14 - 00028456 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BackupShellNamespaceRes.dll
2015-01-29 05:14 - 2015-01-29 05:14 - 00613200 _____ () C:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll
2015-01-29 05:14 - 2015-01-29 05:14 - 00279848 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpBackupRes.dll
2015-01-29 05:14 - 2015-01-29 05:14 - 00033064 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpMainRes.dll
2014-06-15 23:53 - 2014-12-07 22:27 - 06277952 _____ () C:\Users\Catherine\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-21 16:22 - 2014-10-21 16:22 - 00750080 _____ () C:\Users\Catherine\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-07 01:23 - 2015-02-07 01:23 - 00043008 _____ () c:\Users\Catherine\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpghvmyy.dll
2014-10-21 16:22 - 2014-10-21 16:22 - 00047616 _____ () C:\Users\Catherine\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 16:22 - 2014-10-21 16:22 - 00863744 _____ () C:\Users\Catherine\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 16:22 - 2014-10-21 16:22 - 00200704 _____ () C:\Users\Catherine\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-02-05 10:10 - 2015-02-04 01:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-05 10:10 - 2015-02-04 01:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-05 10:10 - 2015-02-04 01:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-05 10:10 - 2015-02-04 01:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Catherine\Desktop\A New Life, La Vita Nuova.mobi:uidStream
AlternateDataStreams: C:\Users\Catherine\Desktop\murder soul survivor.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Catherine\Desktop\South Park commands PC.png:com.dropbox.attributes
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Registry Areas =====================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1097398926-2456850885-1865351773-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1097398926-2456850885-1865351773-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1097398926-2456850885-1865351773-500 - Administrator - Disabled)
Catherine (S-1-5-21-1097398926-2456850885-1865351773-1000 - Administrator - Enabled) => C:\Users\Catherine
Guest (S-1-5-21-1097398926-2456850885-1865351773-501 - Limited - Disabled)
Michael (S-1-5-21-1097398926-2456850885-1865351773-1001 - Administrator - Enabled) => C:\Users\Michael
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/07/2015 00:38:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15459
 
Error: (02/07/2015 00:38:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15459
 
Error: (02/07/2015 00:38:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/07/2015 00:21:30 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (02/07/2015 00:21:30 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (02/06/2015 11:40:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (02/06/2015 11:40:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (02/06/2015 11:32:54 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (02/06/2015 11:32:54 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (02/06/2015 11:32:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iTunes.exe, version: 12.0.1.26, time stamp: 0x543e558b
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x0003bd41
Faulting process id: 0x1468
Faulting application start time: 0xiTunes.exe0
Faulting application path: iTunes.exe1
Faulting module path: iTunes.exe2
Report Id: iTunes.exe3
 
 
System errors:
=============
Error: (02/07/2015 00:17:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.
 
Error: (02/07/2015 00:16:11 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:13:57 AM on ‎2/‎7/‎2015 was unexpected.
 
Error: (02/06/2015 11:36:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.
 
Error: (02/06/2015 11:35:19 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:33:53 PM on ‎2/‎6/‎2015 was unexpected.
 
Error: (02/06/2015 11:28:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.
 
Error: (02/06/2015 11:27:59 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:26:45 PM on ‎2/‎6/‎2015 was unexpected.
 
Error: (02/06/2015 09:52:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.
 
Error: (02/06/2015 09:51:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:50:46 PM on ‎2/‎6/‎2015 was unexpected.
 
Error: (02/03/2015 11:34:56 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error: (02/03/2015 03:25:21 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (02/07/2015 00:38:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15459
 
Error: (02/07/2015 00:38:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15459
 
Error: (02/07/2015 00:38:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/07/2015 00:21:30 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (02/07/2015 00:21:30 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (02/06/2015 11:40:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (02/06/2015 11:40:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (02/06/2015 11:32:54 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (02/06/2015 11:32:54 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (02/06/2015 11:32:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iTunes.exe12.0.1.26543e558bole32.dll6.1.7601.175144ce7b96fc00000050003bd41146801d042a7b60f70f1C:\Program Files (x86)\iTunes\iTunes.exeC:\windows\syswow64\ole32.dll7a1fa22a-ae9b-11e4-9ce0-54bef7033d46
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-09-14 18:42:15.759
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BullGuard Ltd\BullGuard\Spamfilter\LittleHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-14 17:29:08.962
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BullGuard Ltd\BullGuard\Spamfilter\LittleHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-14 17:29:08.622
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BullGuard Ltd\BullGuard\Spamfilter\LittleHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-14 15:59:27.136
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BullGuard Ltd\BullGuard\Spamfilter\LittleHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-14 15:59:26.804
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BullGuard Ltd\BullGuard\Spamfilter\LittleHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-14 15:22:25.749
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BullGuard Ltd\BullGuard\Spamfilter\LittleHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-14 00:09:55.487
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BullGuard Ltd\BullGuard\Spamfilter\LittleHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-13 22:54:13.394
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BullGuard Ltd\BullGuard\Spamfilter\LittleHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-13 22:54:13.125
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BullGuard Ltd\BullGuard\Spamfilter\LittleHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-13 22:20:00.465
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BullGuard Ltd\BullGuard\Spamfilter\LittleHook.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 43%
Total physical RAM: 8149.41 MB
Available physical RAM: 4603.04 MB
Total Pagefile: 16297 MB
Available Pagefile: 12198.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:1846.44 GB) (Free:1704.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:16.35 GB) (Free:2.03 GB) NTFS
Drive j: (Elements) (Fixed) (Total:931.51 GB) (Free:865.71 GB) NTFS
Drive k: (PORSCHE) (Removable) (Total:29.43 GB) (Free:22.09 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 1853F043)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 5 (Size: 29.4 GB) (Disk ID: 6F20736B)
No partition Table on disk 5.
Disk 5 is a removable device.
 
========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 000BFEBC)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

"Writing is rewriting.  Everything else is just typing."  -- Truman Capote


#3 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,284 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:04:48 AM

Posted 07 February 2015 - 06:01 PM

You have a reply to your original malware log topic: http://www.bleepingcomputer.com/forums/t/566006/infected-with-positive-finds-adware-redirecting-me-to-other-windowspop-ups/

To avoid confusion for everyone I am closing this topic. Please continue in your original topic. The issues you are experiencing with the site are most likely malware related.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users