Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Positive Finds Ads, New tabs


  • This topic is locked This topic is locked
20 replies to this topic

#1 kathi

kathi

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 07 February 2015 - 11:55 PM

Windows Vista - Positive Finds Ads everywhere... and every time I click on a link for anything (ie, adwcleaner) , it opens a new tab  advertising tech support.  I've tried adwcleaner and malwarebytes - unresolved.  Below is my log, any help is greatly appreciated:  

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-02-2015
Ran by newuser at 2015-02-07 22:30:15
Running from C:\Users\newuser\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (Version: 1.1.18.0 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Belarc Advisor 8.4 (HKLM\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.0.0 - Conexant)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2203 - CyberLink Corp.)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 845 Series Printer Uninstall (HKLM\...\EPSON WorkForce 845 Series) (Version:  - SEIKO EPSON Corporation)
ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version:  - )
HP Active Support Library (HKLM\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.5723 - Hewlett-Packard)
HP Help and Support (HKLM\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.1.0 - Hewlett-Packard Company)
HP Quick Launch Buttons 6.40 H2 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 H2 - Hewlett-Packard)
HP Total Care Advisor (HKLM\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.4941.2798 - Hewlett-Packard)
HP Update (HKLM\...\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}) (Version: 4.000.010.008 - Hewlett-Packard)
HP User Guides 0118 (HKLM\...\{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}) (Version: 1.00.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 2.0.64.3 - Hewlett-Packard) Hidden
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
HPTCSSetup (HKLM\...\{846DDADA-0239-4B67-A6B1-33658863793B}) (Version: 1.1.1963.2799 - Hewlett-Packard Company)
Java™ 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Juno Preloader (HKLM\...\{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}) (Version: 1.0.0 - Juno, Inc.)
Kaspersky Internet Security (HKLM\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)
Kaspersky Internet Security (Version: 15.0.2.361 - Kaspersky Lab) Hidden
LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0926 - CyberLink Corp.)
LabelPrint (Version: 2.5.0926 - CyberLink Corp.) Hidden
Magical Jelly Bean KeyFinder (HKLM\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM\...\{6A370610-3778-44AF-9AAC-69B2FD1A3356}) (Version: 3.0.541.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM\...\{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}) (Version: 7.0.35.6951 - muvee Technologies Pte Ltd)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc)
NetZero Preloader (HKLM\...\{352310C3-E46B-42D3-8F32-54721FDD72D9}) (Version: 1.0.0 - NetZero, Inc.)
Norton Internet Security (Version: 16.0.0.125 - Symantec Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2202 - CyberLink Corp.)
Power2Go (Version: 6.0.2202 - CyberLink Corp.) Hidden
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2201 - CyberLink Corp.)
PowerDirector (Version: 7.0.2201 - CyberLink Corp.) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
ROBLOX Player for newuser (HKU\S-1-5-21-2201929852-2870477119-2444475307-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
SPORE Creature Creator Trial Edition (HKLM\...\{ECEE0279-785F-4CB3-9F28-E69813234BF8}) (Version: 1.00.0000 - Electronic Arts)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.0 - Synaptics)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2201929852-2870477119-2444475307-1000_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Users\newuser\AppData\Local\Roblox\Versions\version-d11d3bd1dfae46fa\RobloxProxy.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-2201929852-2870477119-2444475307-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\newuser\AppData\Local\Roblox\Versions\version-d11d3bd1dfae46fa\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-2201929852-2870477119-2444475307-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\newuser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HX1H1AX9\Ameri (the data entry has 47 more characters).
 
==================== Restore Points  =========================
 
26-12-2014 18:18:47 Windows Update
02-01-2015 20:12:04 Windows Update
08-01-2015 18:12:26 Windows Update
13-01-2015 04:35:38 Windows Update
15-01-2015 21:32:57 Scheduled Checkpoint
16-01-2015 02:00:13 Windows Update
16-01-2015 16:49:49 Scheduled Checkpoint
17-01-2015 08:12:37 Scheduled Checkpoint
18-01-2015 02:01:20 Windows Update
19-01-2015 02:01:27 Windows Update
20-01-2015 05:47:56 Scheduled Checkpoint
21-01-2015 07:56:54 Scheduled Checkpoint
21-01-2015 19:58:38 First Restore Point
21-01-2015 20:03:46 Device Driver Package Install: Kaspersky Lab Network Service
21-01-2015 20:05:27 Device Driver Package Install: Kaspersky Lab
21-01-2015 20:05:47 Device Driver Package Install: Kaspersky Lab System devices
24-01-2015 06:46:28 Windows Update
24-01-2015 19:58:35 Scheduled Checkpoint
28-01-2015 09:03:52 Windows Update
03-02-2015 03:02:24 Windows Update
06-02-2015 18:26:58 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 04:23 - 2006-09-18 15:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {93F3CB14-9DF2-42AC-A17C-5F2C384706E6} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {9A979E89-0346-4FAE-9B9F-C6957911EB19} - System32\Tasks\Registration => C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe [2008-10-01] ()
Task: {AFF81EE8-0869-4A80-93C2-71DC268DD517} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-01] (Google Inc.)
Task: {F05DC199-1446-4B07-B566-E4BCA85DAAD5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-01] (Google Inc.)
Task: {FFB28AAC-EAC1-4322-BE8B-C91DC864EE71} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2008-10-25 18:17 - 2008-10-06 10:54 - 00365952 _____ () C:\Program Files\SMINST\BLService.exe
2008-10-25 18:17 - 2008-10-06 10:54 - 00132480 _____ () C:\Program Files\SMINST\STWmiM.dll
2008-10-25 18:09 - 2008-09-15 08:13 - 00241734 _____ () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2008-09-30 17:52 - 2008-09-30 17:52 - 00057344 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2008-09-30 17:56 - 2008-09-30 17:56 - 00032768 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
2008-09-30 17:51 - 2008-09-30 17:51 - 00118784 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
2008-09-30 17:51 - 2008-09-30 17:51 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
2008-09-30 17:51 - 2008-09-30 17:51 - 00005632 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2008-09-30 17:51 - 2008-09-30 17:51 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2014-12-01 05:52 - 2009-04-11 00:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2008-09-30 17:51 - 2008-09-30 17:51 - 00010240 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
2008-09-30 17:52 - 2008-09-30 17:52 - 00007168 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
2014-04-07 08:11 - 2008-09-23 18:21 - 00066856 _____ () C:\Program Files\HP\QuickPlay\Kernel\Common\MCEMediaStatus.dll
2008-10-25 17:06 - 2008-04-11 10:04 - 00685360 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
2015-02-06 18:49 - 2015-02-04 03:02 - 09170760 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-06 18:49 - 2015-02-04 03:02 - 14965064 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Registry Areas =====================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2201929852-2870477119-2444475307-1000\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Dots.jpg
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2201929852-2870477119-2444475307-500 - Administrator - Disabled)
Guest (S-1-5-21-2201929852-2870477119-2444475307-501 - Limited - Disabled)
newuser (S-1-5-21-2201929852-2870477119-2444475307-1000 - Administrator - Enabled) => C:\Users\newuser
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/07/2015 07:44:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application SynTPEnh.exe, version 11.1.3.0, time stamp 0x4807eb54, faulting module SynTPEnh.exe, version 11.1.3.0, time stamp 0x4807eb54, exception code 0xc0000409, fault offset 0x0002c1ec,
process id 0x8f0, application start time 0xSynTPEnh.exe0.
 
Error: (02/07/2015 07:28:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/07/2015 07:16:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/07/2015 09:24:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/07/2015 08:27:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application SynTPEnh.exe, version 11.1.3.0, time stamp 0x4807eb54, faulting module SynTPEnh.exe, version 11.1.3.0, time stamp 0x4807eb54, exception code 0xc0000409, fault offset 0x0002c1ec,
process id 0xabc, application start time 0xSynTPEnh.exe0.
 
Error: (02/03/2015 03:57:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/01/2015 07:25:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program HPAdvisor.exe version 2.4.4941.2798 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: c4c
Start Time: 01d03639f3fb0274
Termination Time: 443
 
Error: (01/28/2015 09:00:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16599 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1a70
Start Time: 01d0383994e11a40
Termination Time: 0
 
Error: (01/28/2015 08:58:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16599 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1a08
Start Time: 01d038c980a519b0
Termination Time: 8525
 
Error: (01/25/2015 07:24:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16599, time stamp 0x5473964b, faulting module nvd3dum.dll, version 8.15.11.8644, time stamp 0x4a68e136, exception code 0xc0000005, fault offset 0x0027c5a2,
process id 0x100, application start time 0xiexplore.exe0.
 
 
System errors:
=============
Error: (02/07/2015 07:29:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (02/07/2015 07:29:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (02/07/2015 07:28:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: SRTSP
SRTSPX
 
Error: (02/07/2015 07:28:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Norton Internet Security%%3
 
Error: (02/07/2015 07:28:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (02/07/2015 07:16:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: hpqwmiex%%1053
 
Error: (02/07/2015 07:16:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000hpqwmiex
 
Error: (02/07/2015 07:16:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: SRTSP
SRTSPX
 
Error: (02/07/2015 07:16:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Norton Internet Security%%3
 
Error: (02/07/2015 07:16:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2015-02-07 22:29:40.953
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-07 22:29:40.641
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-07 22:29:39.985
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-07 22:29:39.595
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-07 22:29:38.659
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-07 22:29:38.269
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-07 22:29:37.942
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-07 22:29:37.411
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-07 22:29:36.803
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\klif.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-07 22:29:36.344
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\klif.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon Dual-Core QL-62
Percentage of memory in use: 83%
Total physical RAM: 1789.69 MB
Available physical RAM: 299.09 MB
Total Pagefile: 4133.36 MB
Available Pagefile: 1382.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:222.01 GB) (Free:140.81 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10.88 GB) (Free:1.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Jan 07 2015) (CDROM) (Total:0.69 GB) (Free:0.4 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 2D900954)
Partition 1: (Active) - (Size=222 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10.9 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


m

#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:22 AM

Posted 08 February 2015 - 07:26 PM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I have given you the ìAll clear.î  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

Can you locate and post the other log that FRST produced (FRST.txt)? If you can’t locate it, please run FRST again to get me that log.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 kathi

kathi
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 09 February 2015 - 07:09 AM

Ran a new log:

 

can result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-02-2015
Ran by newuser (administrator) on NEWUSER-PC on 09-02-2015 05:38:45
Running from C:\Users\newuser\Downloads
Loaded Profiles: newuser &  (Available profiles: newuser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHSA.EXE
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [QPService] => C:\Program Files\HP\QuickPlay\QPService.exe [468264 2008-09-23] (CyberLink Corp.)
HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-10-06] (CyberLink Corp.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-08-01] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDIRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [144784 2008-06-10] (Sun Microsystems, Inc.)
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2201929852-2870477119-2444475307-1000\...\Run: [HPAdvisor] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080 2008-09-30] (Hewlett-Packard)
HKU\S-1-5-21-2201929852-2870477119-2444475307-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIHSA.EXE [220800 2014-12-18] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2201929852-2870477119-2444475307-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2201929852-2870477119-2444475307-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2201929852-2870477119-2444475307-1000\...\Run: [GoogleChromeAutoLaunch_BDEFB141687EA37EBDFAFC6F235D5C42] => C:\Program Files\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-2201929852-2870477119-2444475307-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HPAdvisor] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080 2008-09-30] (Hewlett-Packard)
HKU\S-1-5-21-2201929852-2870477119-2444475307-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIHSA.EXE [220800 2014-12-18] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2201929852-2870477119-2444475307-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2201929852-2870477119-2444475307-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2201929852-2870477119-2444475307-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_BDEFB141687EA37EBDFAFC6F235D5C42] => C:\Program Files\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
Startup: C:\Users\newuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\American Sniper 2014 DVDSCR X264-PLAYNOW.lnk
ShortcutTarget: American Sniper 2014 DVDSCR X264-PLAYNOW.lnk -> C:\ProgramData\{929b3e75-60da-22df-929b-b3e7560df9d5}\American Sniper 2014 DVDSCR X264-PLAYNOW.exe (No File)
Startup: C:\Users\newuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
HKU\S-1-5-21-2201929852-2870477119-2444475307-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
HKU\S-1-5-21-2201929852-2870477119-2444475307-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
SearchScopes: HKLM -> {60A4E56C-445B-47E9-8637-F329433B1DB3} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2201929852-2870477119-2444475307-1000 -> {60A4E56C-445B-47E9-8637-F329433B1DB3} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2201929852-2870477119-2444475307-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {60A4E56C-445B-47E9-8637-F329433B1DB3} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-2201929852-2870477119-2444475307-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-2201929852-2870477119-2444475307-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com ()
FF Plugin: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com ()
FF Plugin: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2201929852-2870477119-2444475307-1000: @nsroblox.roblox.com/launcher -> C:\Users\newuser\AppData\Local\Roblox\Versions\version-d11d3bd1dfae46fa\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2201929852-2870477119-2444475307-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\newuser\AppData\Local\Roblox\Versions\version-d11d3bd1dfae46fa\\NPRobloxProxy64.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2201929852-2870477119-2444475307-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher -> C:\Users\newuser\AppData\Local\Roblox\Versions\version-d11d3bd1dfae46fa\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2201929852-2870477119-2444475307-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher64 -> C:\Users\newuser\AppData\Local\Roblox\Versions\version-d11d3bd1dfae46fa\\NPRobloxProxy64.dll ( ROBLOX Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-11-30]
FF HKLM\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-01-21]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-01-21]
FF HKLM\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-01-21]
 
Chrome: 
=======
CHR Profile: C:\Users\newuser\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\newuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-01]
CHR Extension: (Google Docs) - C:\Users\newuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-01]
CHR Extension: (Google Drive) - C:\Users\newuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\newuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-01]
CHR Extension: (YouTube) - C:\Users\newuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-01]
CHR Extension: (Google Search) - C:\Users\newuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-01]
CHR Extension: (Kaspersky Protection) - C:\Users\newuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-02-01]
CHR Extension: (Google Sheets) - C:\Users\newuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-01]
CHR Extension: (Google Wallet) - C:\Users\newuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-01]
CHR Extension: (Gmail) - C:\Users\newuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-01]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP15.0.2; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S2 Norton Internet Security; "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [189136 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [143968 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [37896 2014-08-19] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [120008 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [36040 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [699576 2014-12-13] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25800 2014-10-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [26824 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdf; C:\Windows\System32\DRIVERS\kltdf.sys [68808 2014-11-06] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [46152 2014-10-09] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [148296 2014-11-10] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-07 22:30 - 2015-02-07 22:38 - 00025521 _____ () C:\Users\newuser\Downloads\Addition.txt
2015-02-07 22:25 - 2015-02-09 05:38 - 00021729 _____ () C:\Users\newuser\Downloads\FRST.txt
2015-02-07 22:13 - 2015-02-09 05:38 - 00000000 ____D () C:\FRST
2015-02-07 22:11 - 2015-02-07 22:12 - 01124352 _____ (Farbar) C:\Users\newuser\Downloads\FRST (1).exe
2015-02-07 22:08 - 2015-02-07 22:09 - 01124352 _____ (Farbar) C:\Users\newuser\Downloads\FRST.exe
2015-02-07 20:55 - 2015-02-09 05:31 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-07 20:15 - 2015-02-07 21:10 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-07 20:15 - 2015-02-07 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-07 20:14 - 2015-02-07 21:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-07 20:14 - 2015-02-07 20:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-07 20:14 - 2014-11-21 06:23 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-07 20:14 - 2014-11-21 06:23 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-07 20:14 - 2014-11-21 06:23 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-07 20:06 - 2015-02-07 20:06 - 00609112 _____ () C:\Users\newuser\Downloads\Unconfirmed 792788.crdownload
2015-02-07 19:55 - 2015-02-07 20:01 - 20447176 _____ (Malwarebytes Corporation ) C:\Users\newuser\Downloads\mbam-setup.exe
2015-02-07 19:00 - 2015-02-07 19:24 - 00000000 ____D () C:\AdwCleaner
2015-02-07 18:56 - 2015-02-07 18:58 - 02112512 _____ () C:\Users\newuser\Downloads\AdwCleaner.exe
2015-02-07 08:07 - 2015-02-07 08:48 - 00000000 ____D () C:\Users\newuser\Desktop\Cards
2015-02-07 07:08 - 2015-02-07 07:08 - 00000000 ____D () C:\Users\newuser\AppData\Roaming\Template
2015-02-07 07:02 - 2015-02-07 07:02 - 00000000 _____ () C:\Users\newuser\AppData\Roaming\wklnhst.dat
2015-02-04 06:43 - 2015-02-04 06:43 - 00001913 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2015-02-04 06:43 - 2015-02-04 06:43 - 00001901 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
2015-02-04 06:43 - 2015-02-04 06:43 - 00000000 ____D () C:\Program Files\Belarc
2015-02-04 06:40 - 2015-02-04 06:41 - 03683312 _____ () C:\Users\newuser\Downloads\advisorinstaller.exe
2015-02-04 06:34 - 2015-02-04 06:34 - 00000879 _____ () C:\Users\Public\Desktop\KeyFinder.lnk
2015-02-04 06:34 - 2015-02-04 06:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
2015-02-04 06:34 - 2015-02-04 06:34 - 00000000 ____D () C:\Program Files\Magical Jelly Bean
2015-02-04 06:32 - 2015-02-04 06:32 - 01178272 _____ (Magical Jelly Bean ) C:\Users\newuser\Downloads\KeyFinderInstaller.exe
2015-02-01 11:50 - 2015-02-01 11:51 - 00000000 ____D () C:\Users\newuser\Desktop\memory book
2015-02-01 09:27 - 2015-02-01 21:11 - 00795281 _____ () C:\Users\newuser\Desktop\Hagemann Memory Book.pptx
2015-02-01 09:27 - 2015-02-01 20:22 - 00712064 _____ () C:\Users\newuser\Desktop\6B767E13.tmp
2015-02-01 07:39 - 2015-02-07 07:05 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-01 07:39 - 2015-02-01 07:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-01 07:35 - 2015-02-07 22:46 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-01 07:34 - 2015-02-09 05:31 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-01 07:34 - 2015-02-01 07:39 - 00000000 ____D () C:\Users\newuser\AppData\Local\Google
2015-02-01 07:34 - 2015-02-01 07:38 - 00000000 ____D () C:\Program Files\Google
2015-02-01 07:33 - 2015-02-01 07:34 - 00000000 ____D () C:\Users\newuser\AppData\Local\Deployment
2015-02-01 07:33 - 2015-02-01 07:33 - 00000000 ____D () C:\Users\newuser\AppData\Local\Apps\2.0
2015-02-01 07:19 - 2015-02-01 07:19 - 00000154 _____ () C:\Users\newuser\Desktop\What are the types of Facebook pages and which category is right for your business  MarketingGum.com.url
2015-02-01 07:13 - 2015-02-01 07:13 - 00000051 _____ () C:\Users\newuser\Desktop\gmailaccounts.txt
2015-01-28 08:53 - 2015-01-28 08:53 - 00000083 _____ () C:\Users\newuser\Desktop\dog camp.txt
2015-01-25 19:44 - 2015-01-25 19:44 - 00000235 _____ () C:\Users\newuser\Desktop\Shop Women's New Arrivals - White House  Black Market - White House  Black Market.url
2015-01-25 19:19 - 2015-01-25 19:19 - 00000220 _____ () C:\Users\newuser\Desktop\Hand-Lettered & Illustrated Goods by Emily by emilymcdowelldraws.url
2015-01-25 07:14 - 2015-01-25 07:14 - 00000000 ____D () C:\Users\newuser\Desktop\Zipped Files
2015-01-25 07:03 - 2015-01-25 07:04 - 00000000 ____D () C:\Users\newuser\Desktop\CDLLC
2015-01-25 07:02 - 2015-01-25 07:05 - 00000000 ____D () C:\Users\newuser\Desktop\Personal
2015-01-25 07:01 - 2015-01-25 07:04 - 00000000 ____D () C:\Users\newuser\Desktop\Dollhouse
2015-01-25 06:57 - 2015-01-25 06:58 - 00000000 ____D () C:\Users\newuser\Desktop\Sweater
2015-01-25 06:56 - 2015-02-01 07:10 - 00000000 ____D () C:\Users\newuser\Desktop\Thank You Cards
2015-01-25 06:54 - 2015-01-25 07:07 - 00000000 ____D () C:\Users\newuser\Desktop\Kaybee Studios
2015-01-22 13:44 - 2015-01-22 13:44 - 00000000 ____D () C:\Users\Public\Documents\Adobe
2015-01-22 13:44 - 2015-01-22 13:44 - 00000000 ____D () C:\Users\newuser\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2015-01-21 20:19 - 2015-01-21 20:19 - 00002111 _____ () C:\Users\newuser\Desktop\Safe Money.lnk
2015-01-21 20:08 - 2015-01-21 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-01-21 20:08 - 2015-01-21 20:06 - 00002009 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-01-21 20:00 - 2015-02-09 05:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-21 20:00 - 2015-01-21 20:00 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2015-01-21 19:58 - 2014-12-13 17:21 - 00699576 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-01-21 19:58 - 2014-11-28 17:19 - 00120008 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-01-21 19:58 - 2014-10-22 20:13 - 00036040 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-01-19 19:53 - 2015-01-19 19:53 - 00000221 _____ () C:\Users\newuser\Desktop\Dog Science Fair Project Do Dogs Understand English  Education.com.url
2015-01-17 17:04 - 2015-02-07 22:27 - 00000000 ____D () C:\ProgramData\{929b3e75-60da-22df-929b-b3e7560df9d5}
2015-01-17 10:41 - 2015-01-17 10:41 - 00000206 _____ () C:\Users\newuser\Desktop\▶ Quickbooks 2014 Tutorial Part 1 - YouTube.url
2015-01-16 18:11 - 2015-01-16 18:11 - 00000000 ____D () C:\Users\newuser\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2015-01-16 17:56 - 2015-01-16 17:56 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-01-16 17:54 - 2015-01-16 17:54 - 00001431 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6.lnk
2015-01-16 17:54 - 2015-01-16 17:54 - 00000000 ____D () C:\ProgramData\ALM
2015-01-16 17:53 - 2015-01-16 17:53 - 00000962 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
2015-01-16 17:50 - 2015-01-16 17:50 - 00001308 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2015-01-16 17:50 - 2015-01-16 17:50 - 00001146 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2015-01-16 17:49 - 2015-01-16 17:49 - 00000874 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2015-01-16 17:49 - 2015-01-16 17:49 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-16 17:49 - 2015-01-16 17:49 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-16 02:06 - 2014-12-18 18:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-16 02:01 - 2014-12-05 21:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-16 02:01 - 2014-12-05 21:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-16 02:01 - 2014-12-05 21:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-16 02:00 - 2014-12-05 21:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 19:38 - 2015-01-15 19:38 - 00000000 ____D () C:\Users\newuser\Desktop\Adobe Illustrator CS6
2015-01-15 19:34 - 2015-01-16 17:22 - 00000000 ____D () C:\Users\newuser\Desktop\Adobe Illustrator CS6 LS6
2015-01-14 16:30 - 2015-01-14 16:30 - 00015049 ____H () C:\Users\newuser\Desktop\~WRL1492.tmp
2015-01-13 04:40 - 2015-01-13 04:40 - 00000165 ____H () C:\Users\newuser\Desktop\~$Caitlyn Thank you_001.pptx
2015-01-11 18:52 - 2015-01-11 18:52 - 00000165 ____H () C:\Users\newuser\Desktop\~$Talon Thank You.pptx
2015-01-11 18:45 - 2015-01-11 18:46 - 00000052 _____ () C:\Windows\system32\DOErrors.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-09 05:31 - 2014-11-28 22:26 - 00048461 _____ () C:\ProgramData\nvModes.001
2015-02-09 05:31 - 2014-11-28 22:25 - 00048461 _____ () C:\ProgramData\nvModes.dat
2015-02-09 05:31 - 2014-04-07 08:11 - 00000246 _____ () C:\ProgramData\hpqp.ini
2015-02-09 05:31 - 2006-11-02 07:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-09 05:31 - 2006-11-02 06:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-09 05:31 - 2006-11-02 06:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-09 05:30 - 2008-01-20 20:47 - 00246356 _____ () C:\Windows\PFRO.log
2015-02-07 23:03 - 2006-11-02 07:01 - 00019254 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-07 23:02 - 2014-04-07 08:00 - 01594783 _____ () C:\Windows\WindowsUpdate.log
2015-02-07 22:11 - 2014-12-26 19:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-07 20:27 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-07 19:21 - 2006-11-02 04:33 - 00758370 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-06 18:13 - 2014-12-26 19:01 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-06 18:13 - 2014-12-26 19:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-01 20:11 - 2014-12-17 19:38 - 00003584 _____ () C:\Users\newuser\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-25 07:06 - 2014-12-17 19:25 - 00000000 ____D () C:\Users\newuser\Desktop\Proofs
2015-01-21 20:07 - 2006-11-02 05:18 - 00000000 ___RD () C:\Users\Public
2015-01-19 04:50 - 2014-12-11 07:50 - 00000000 ____D () C:\Users\newuser\AppData\Local\Adobe
2015-01-19 04:49 - 2006-11-02 06:47 - 04287392 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-17 19:17 - 2014-11-18 22:29 - 00203112 _____ () C:\Users\newuser\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-17 11:21 - 2014-12-27 09:03 - 00000000 ____D () C:\Users\newuser\Desktop\DisneyPrints
2015-01-17 05:41 - 2014-11-28 18:07 - 00000000 ____D () C:\Users\newuser\AppData\Roaming\Adobe
2015-01-17 05:41 - 2008-10-25 17:59 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-16 17:53 - 2008-10-25 17:59 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-16 17:53 - 2008-10-25 17:59 - 00000000 ____D () C:\Program Files\Adobe
2015-01-16 17:49 - 2008-10-25 17:59 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-01-16 02:31 - 2014-11-30 20:26 - 00007808 _____ () C:\Users\newuser\AppData\Local\d3d9caps.dat
2015-01-16 02:06 - 2014-11-28 19:14 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 02:02 - 2006-11-02 04:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-01-15 19:34 - 2006-11-02 06:52 - 00111809 _____ () C:\Windows\setupact.log
 
==================== Files in the root of some directories =======
 
2015-02-07 07:02 - 2015-02-07 07:02 - 0000000 _____ () C:\Users\newuser\AppData\Roaming\wklnhst.dat
2014-11-18 22:31 - 2014-11-18 22:31 - 0000000 _____ () C:\Users\newuser\AppData\Local\AtStart.txt
2014-11-30 20:26 - 2015-01-16 02:31 - 0007808 _____ () C:\Users\newuser\AppData\Local\d3d9caps.dat
2014-12-17 19:38 - 2015-02-01 20:11 - 0003584 _____ () C:\Users\newuser\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-18 22:31 - 2014-11-18 22:31 - 0000000 _____ () C:\Users\newuser\AppData\Local\DSwitch.txt
2014-11-18 22:31 - 2014-11-18 22:31 - 0000000 _____ () C:\Users\newuser\AppData\Local\QSwitch.txt
2014-04-07 08:11 - 2015-02-09 05:31 - 0000246 _____ () C:\ProgramData\hpqp.ini
2014-11-28 22:26 - 2015-02-09 05:31 - 0048461 _____ () C:\ProgramData\nvModes.001
2014-11-28 22:25 - 2015-02-09 05:31 - 0048461 _____ () C:\ProgramData\nvModes.dat
2014-04-07 08:15 - 2014-04-07 08:15 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2008-10-25 18:10 - 2008-10-25 18:10 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2014-04-07 08:14 - 2014-04-07 08:14 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2008-10-25 18:01 - 2008-10-25 18:03 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-04-07 08:12 - 2014-04-07 08:12 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2014-04-07 08:14 - 2014-04-07 08:14 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2008-10-25 18:00 - 2008-10-25 18:01 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2008-10-25 18:03 - 2008-10-25 18:10 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2014-04-07 08:15 - 2014-04-07 08:15 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
 
Some content of TEMP:
====================
C:\Users\newuser\AppData\Local\Temp\HPQSi.exe
C:\Users\newuser\AppData\Local\Temp\Quarantine.exe
C:\Users\newuser\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-09 05:37
 
==================== End Of Log ============================


#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:22 AM

Posted 09 February 2015 - 04:08 PM

Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

7D1476CD1EF5}\localserver32 -> C:\Users\newuser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HX1H1AX9\Ameri (the data entry has 47 more characters).
HKU\S-1-5-21-2201929852-2870477119-2444475307-1000\...\Run: [AdobeBridge] => [X]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
EmptyTemp:
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • fixlog.txt report
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 kathi

kathi
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 11 February 2015 - 05:05 PM

Ok.....so I'm having a really difficult time due to redirects and popups and pages closing...I missed that I needed to fun the Fix via FRST before installing combofix so that was installed before I went back and ran Fix...was that ok?  Also, I had disabled my Kaspersky but long story short it ended up enabled again (sigh) so when Combofix was run I got the message to disable it before "clicking ok", which i did...but when I clicked ok nothing happened.  I didn't want to run Combofix again without checking in with you.  Just what you see has taken ..oh..3 hours or so (c;  agh! 



#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:22 AM

Posted 11 February 2015 - 09:28 PM

Please boot the computer into the Safe Mode then run ComboFix.  It's safe to ignore any warnings you get about Kaspersky being active if you are in the safe mode.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 kathi

kathi
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 15 February 2015 - 07:39 AM

Thanks for your help!  Below are the Fixlog and Combofix reports:

 

Fixlog:

 

ix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-02-2015 02
Ran by newuser at 2015-02-11 15:06:42 Run:1
Running from C:\Users\newuser\Downloads
Loaded Profiles: newuser &  (Available profiles: newuser)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
7D1476CD1EF5}\localserver32 -> C:\Users\newuser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HX1H1AX9\Ameri (the data entry has 47 more characters).
HKU\S-1-5-21-2201929852-2870477119-2444475307-1000\...\Run: [AdobeBridge] => [X]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
EmptyTemp:
*****************
 
7D1476CD1EF5}\localserver32 -> C:\Users\newuser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HX1H1AX9\Ameri (the data entry has 47 more characters). => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2201929852-2870477119-2444475307-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully.
EmptyTemp: => Removed 1.3 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 15:11:15 ====
 
Combofix log:
 
omboFix 15-02-09.01 - newuser 02/15/2015   5:59.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1790.1386 [GMT -6:00]
Running from: c:\users\newuser\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll
.
.
(((((((((((((((((((((((((   Files Created from 2015-01-15 to 2015-02-15  )))))))))))))))))))))))))))))))
.
.
2015-02-15 12:06 . 2015-02-15 12:06 -------- d-----w- c:\users\newuser\AppData\Local\temp
2015-02-15 12:06 . 2015-02-15 12:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-08 04:13 . 2015-02-11 21:11 -------- d-----w- C:\FRST
2015-02-08 02:55 . 2015-02-15 11:48 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-08 02:14 . 2014-11-21 12:23 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-08 02:14 . 2014-11-21 12:23 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-08 02:14 . 2014-11-21 12:23 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-08 02:14 . 2015-02-08 02:14 -------- d-----w- c:\programdata\Malwarebytes
2015-02-08 02:14 . 2015-02-08 03:10 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-02-08 01:00 . 2015-02-08 01:24 -------- d-----w- C:\AdwCleaner
2015-02-07 13:08 . 2015-02-07 13:08 -------- d-----w- c:\users\newuser\AppData\Roaming\Template
2015-02-07 00:29 . 2014-12-02 11:01 9054624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D07560D4-34CA-4B32-835A-F30D9A846AA4}\mpengine.dll
2015-02-04 12:43 . 2015-02-04 12:43 -------- d-----w- c:\program files\Belarc
2015-02-04 12:34 . 2015-02-04 12:34 -------- d-----w- c:\program files\Magical Jelly Bean
2015-02-01 13:34 . 2015-02-01 13:38 -------- d-----w- c:\program files\Google
2015-02-01 13:34 . 2015-02-01 13:39 -------- d-----w- c:\users\newuser\AppData\Local\Google
2015-02-01 13:33 . 2015-02-01 13:33 -------- d-----w- c:\users\newuser\AppData\Local\Apps
2015-02-01 13:33 . 2015-02-01 13:34 -------- d-----w- c:\users\newuser\AppData\Local\Deployment
2015-01-22 19:44 . 2015-01-22 19:44 -------- d-----w- c:\users\newuser\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2015-01-22 02:00 . 2015-02-15 11:48 -------- d-----w- c:\programdata\Kaspersky Lab
2015-01-22 02:00 . 2015-01-22 02:00 -------- d-----w- c:\program files\Kaspersky Lab
2015-01-22 01:58 . 2014-11-28 23:19 120008 ----a-w- c:\windows\system32\drivers\klflt.sys
2015-01-22 01:58 . 2014-10-23 02:13 36040 ----a-w- c:\windows\system32\drivers\klhk.sys
2015-01-17 23:04 . 2015-02-08 04:27 -------- d-----w- c:\programdata\{929b3e75-60da-22df-929b-b3e7560df9d5}
2015-01-17 00:11 . 2015-01-17 00:11 -------- d-----w- c:\users\newuser\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2015-01-16 23:56 . 2015-01-16 23:56 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2015-01-16 23:54 . 2015-01-16 23:54 -------- d-----w- c:\programdata\ALM
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-07 00:13 . 2014-12-27 01:01 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-02-07 00:13 . 2014-12-27 01:01 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-06 09:36 . 2014-11-29 00:26 249488 ------w- c:\windows\system32\MpSigStub.exe
2014-12-19 00:25 . 2015-01-16 08:06 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-18 13:48 . 2014-12-18 13:54 81408 ----a-w- c:\windows\system32\E_TD4BHSA.DLL
2014-12-18 13:48 . 2014-12-18 13:37 95232 ----a-w- c:\windows\system32\E_TLBHSA.DLL
2014-12-06 03:14 . 2015-01-16 08:00 153600 ----a-w- c:\windows\system32\profsvc.dll
2014-12-06 03:14 . 2015-01-16 08:01 48640 ----a-w- c:\windows\system32\nlaapi.dll
2014-12-06 03:14 . 2015-01-16 08:01 174080 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 03:14 . 2015-01-16 08:01 93184 ----a-w- c:\windows\system32\ncsi.dll
2014-12-03 20:53 . 2014-12-03 20:53 86528 ----a-w- c:\windows\system32\iesysprep.dll
2014-12-03 20:53 . 2014-12-03 20:53 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-12-03 20:53 . 2014-12-03 20:53 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-12-03 20:53 . 2014-12-03 20:53 63488 ----a-w- c:\windows\system32\tdc.ocx
2014-12-03 20:53 . 2014-12-03 20:53 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-12-03 20:53 . 2014-12-03 20:53 161792 ----a-w- c:\windows\system32\msls31.dll
2014-12-03 20:53 . 2014-12-03 20:53 74752 ----a-w- c:\windows\system32\iesetup.dll
2014-12-03 20:53 . 2014-12-03 20:53 35840 ----a-w- c:\windows\system32\imgutil.dll
2014-12-03 20:53 . 2014-12-03 20:53 23552 ----a-w- c:\windows\system32\licmgr10.dll
2014-12-03 20:53 . 2014-12-03 20:53 152064 ----a-w- c:\windows\system32\wextract.exe
2014-12-03 20:53 . 2014-12-03 20:53 150528 ----a-w- c:\windows\system32\iexpress.exe
2014-12-03 20:53 . 2014-12-03 20:53 101888 ----a-w- c:\windows\system32\admparse.dll
2014-12-03 20:53 . 2014-12-03 20:53 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-12-03 20:51 . 2014-12-03 20:51 98816 ----a-w- c:\windows\system32\mfps.dll
2014-12-03 20:51 . 2014-12-03 20:51 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2014-12-03 20:51 . 2014-12-03 20:51 586240 ----a-w- c:\windows\system32\stobject.dll
2014-12-03 20:51 . 2014-12-03 20:51 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2014-12-03 20:51 . 2014-12-03 20:51 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2014-12-03 20:51 . 2014-12-03 20:51 2873344 ----a-w- c:\windows\system32\mf.dll
2014-12-03 20:51 . 2014-12-03 20:51 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2014-12-03 20:51 . 2014-12-03 20:51 209920 ----a-w- c:\windows\system32\mfplat.dll
2014-12-03 20:51 . 2014-12-03 20:51 847360 ----a-w- c:\windows\system32\OpcServices.dll
2014-12-03 20:51 . 2014-12-03 20:51 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2014-12-03 20:51 . 2014-12-03 20:51 478720 ----a-w- c:\windows\system32\dxgi.dll
2014-12-03 20:51 . 2014-12-03 20:51 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2014-12-03 20:51 . 2014-12-03 20:51 258048 ----a-w- c:\windows\system32\winspool.drv
2014-12-03 20:51 . 2014-12-03 20:51 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2014-12-03 20:51 . 2014-12-03 20:51 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2014-12-03 20:50 . 2014-12-03 20:50 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2014-12-03 20:50 . 2014-12-03 20:50 519680 ----a-w- c:\windows\system32\d3d11.dll
2014-12-03 20:50 . 2014-12-03 20:50 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2014-12-03 20:50 . 2014-12-03 20:50 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2014-12-03 20:50 . 2014-12-03 20:50 252928 ----a-w- c:\windows\system32\dxdiag.exe
2014-12-03 20:50 . 2014-12-03 20:50 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2014-12-03 20:50 . 2014-12-03 20:50 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-12-03 02:06 . 2014-12-14 18:26 278528 ----a-w- c:\windows\system32\schannel.dll
2014-11-24 20:44 . 2014-12-11 13:50 367104 ----a-w- c:\windows\system32\html.iec
2014-11-24 20:40 . 2014-12-11 13:50 1810944 ----a-w- c:\windows\system32\jscript9.dll
2014-11-24 20:35 . 2014-12-11 13:50 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-11-24 20:34 . 2014-12-11 13:51 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-24 20:33 . 2014-12-11 13:50 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-11-24 20:33 . 2014-12-11 13:51 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-11-24 20:32 . 2014-12-11 13:51 11776 ----a-w- c:\windows\system32\mshta.exe
2014-11-24 20:32 . 2014-12-11 13:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-18 19:56 . 2014-11-18 19:56 1202848 ----a-w- c:\windows\system32\FM20.DLL
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIHSA.EXE" [2014-12-18 220800]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"GoogleChromeAutoLaunch_BDEFB141687EA37EBDFAFC6F235D5C42"="c:\program files\Google\Chrome\Application\chrome.exe" [2015-02-04 843592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
c:\users\newuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-07 00:15 1086280 ----a-w- c:\program files\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-27 00:15]
.
2015-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-02-01 13:34]
.
2015-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-02-01 13:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{5547CE1F-74E9-41E5-9CBF-5211ECC37341} - {BB7DC12B-C59D-4138-AD28-BBB65DE62A3B} - c:\program files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} - c:\program files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll
BHO-{93BC2EA7-2F17-4729-948A-D2E03FFB2412} - c:\program files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll
BHO-{AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} - c:\program files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll
c:\users\newuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\American Sniper 2014 DVDSCR X264-PLAYNOW.lnk - c:\programdata\{929b3e75-60da-22df-929b-b3e7560df9d5}\American Sniper 2014 DVDSCR X264-PLAYNOW.exe --startup=1
SafeBoot-Wdf01000.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-02-15 06:06
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2015-02-15  06:08:47
ComboFix-quarantined-files.txt  2015-02-15 12:08
.
Pre-Run: 154,246,299,648 bytes free
Post-Run: 154,131,017,728 bytes free
.
- - End Of File - - 4D02DB9D9A8498BA4D2F8D8880E746DF
588AE8F0C685C02BA11F30D9CD7E61A0
 
 
As a footnote, I'm still seeing a Positive Finds ad on the left side of my screen now and just had a new tab added..so still there but the "attack" is slower if that makes sense...I could hardly work on this computer before because of the number of popups, new tabs, etc. 
 


#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:22 AM

Posted 15 February 2015 - 07:22 PM

Please do this next:

icon11.gif  Open Malwarebytes AntiMalware (MBAM)

  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

icon11.gif   Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Please include the following in your next post:
  • MBAM log
  • adwCleaner log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 kathi

kathi
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 15 February 2015 - 10:07 PM

MBAM Log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/15/2015
Scan Time: 7:37:18 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.15.07
Rootkit Database: v2015.02.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: newuser
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 323063
Time Elapsed: 22 min, 26 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.RiskwareTool.CK, C:\Users\newuser\Desktop\Adobe Illustrator CS6 LS6\amtlib.dll, Quarantined, [43cf91897713b581432b0c952ed43fc1], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
adwcleaner log:
 
# AdwCleaner v4.110 - Logfile created 15/02/2015 at 20:55:34
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)
# Username : newuser - NEWUSER-PC
# Running from : C:\Users\newuser\Desktop\adwcleaner_4.110.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\newuser\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\newuser\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16599
 
 
-\\ Google Chrome v40.0.2214.111
 
*************************
 
AdwCleaner[R2].txt - [1300 bytes] - [15/02/2015 20:41:42]
AdwCleaner[R3].txt - [946 bytes] - [15/02/2015 20:55:34]
AdwCleaner[S2].txt - [1374 bytes] - [15/02/2015 20:46:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1063 bytes] ##########
 
(just an fyi....still getting positive finds ad on this site and new tabs being added....)  Thanks for your help so far!
 


#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:22 AM

Posted 16 February 2015 - 02:11 PM

Are you experiencing this in IE, Chrome or both?


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 kathi

kathi
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 18 February 2015 - 02:43 PM

Only seems to be happening in Chrome....  I have only ever used IE and only recently switched to Chrome because "everyone" said it was better in terms of security (c;  I had disabled IE, but I'm using it now - no issues thus far and I've surfed around for a bit....



#12 kathi

kathi
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 18 February 2015 - 04:59 PM

I'm logging back in to say that although i'm not seeing any kind of Positive Finds issues, my IE is not running well... I don't even know if that is pertinent at this point but thought I would point it out just in case.  - I can't seem to get tabs to work well - which may be a setting issue for all I know but I didn't have any problems before - but I can't get some sites to even open (Facebook, Craigslist, etc) when I type them right into the browser bar.  To get Craigslist to finally load, I had to manage to get Google to load, then search for Craigslist. I couldn't even seem to get Google to load correctly at this point.... Also - possibly unrelated - AOL mail not opening -   When I posted earlier, I didn't seem to be having any issues but now it seems to really be struggling - again, all IE (anything to do with the new Malwarebytes icon I see by the Kaspersky logo??)

Again, purely for FYI purposes at this point.

 

Oh - and one more thing - I'm now getting a window that has opened asking to copy the following folder - "C:Users\newuser\AppData\Roaming\Macromedia\Flashpla...settings..sol folder does not exist or may have been moved or deleteted" ok to copy.  This is new.  I left it up.  Is it ok to click yes?  If I don't hear back, will hibernate computer, not sure if it will still be here later!



#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:22 AM

Posted 19 February 2015 - 05:22 PM

Please follow the instructions in this LINK to reset Chrome.  Let me know if that clears up the positive finds ads from Chrome.

 

Your logs also contain indications that you are likely using pirated software and movies.  That type of activity on your computer, besides being illegal, makes you very prone to malware and repeated, ongoing issues.....


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#14 kathi

kathi
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 20 February 2015 - 05:55 AM

I will follow the link and report back.. Interesting on the pirated info...I actually just recently purchased this computer - it is an exact duplicate of a computer that I already had that I loved that was on its deathbed. Found this one, with "new software installed".  *raising eyebrows now".  Obviously I'm not realy capable of finding, downloading and installing pirated anything (I had to google how to disable IE *smirk*).  Can you tell which software is pirated that may cause issues? I hate to uninstall anything I don't have to....

 

I will report back after I follow the Chrome instructions.



#15 kathi

kathi
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 20 February 2015 - 06:06 AM

Followed the instructions - after opening 3-4 tabs, positive finds popped back up and malwarebytes blocked a website.  )c; sigh....sorry! 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users