Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is svchost.exe showing evidence of remote access?


  • Please log in to reply
4 replies to this topic

#1 Tergiversada

Tergiversada

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:45 AM

Posted 11 March 2015 - 03:16 PM

I am running genuine Windows 7 Professional SP1 32 bit, with all Windows Updates current and Kaspersky Internet Security 2015, which has never indicated any malware issues. It's a standalone PC, not joined to a network or a domain. There is no file or printer sharing. NetBIOS is disabled, as are all services related to Remote Access, Remote Desktop, Offline Files, Bitlocker, and Encrypted File System. There is no wireless card on this system, it's strictly wired Ethernet. "Allow Remote Assistance to this computer" has been disabled. 

 

1) I often check Event Viewer, and noticed that all user account logons are recorded in Event Viewer\Applications and Services\Microsoft\Windows\Terminal Server\ Local Session Manager\Operational, rather than \Winlogon, which to me makes more sense.

I noticed something else odd in Event Viewer. In January, a driver was installed for a PS/2 Compatible Mouse, and i8042prt and service was installed. I did not do this. The PS/2 Mouse has a yellow triangle next to it in Device Manager, which means it's malfunctioning, or doesn't have all its drivers installed. Stranger still, it will appear and disappear in Device Manager every few days--Gone on 3/7, back on 3/8, gone on 3/9, back on 3/11. I don't know what to make of this.

 

2) In System Information\Software Environment\Loaded Modules, there are DLLs loaded for Remote Access Auto-Dial Helper (rasadhlp.dll) Remote Access Svcs API (rasapi32), rasmandll, and Netshell.dll--a remote network Administration command-line tool.

 

3) So I ran Process Explorer to look at things in more detail. In several svchost.exe processes (all originating from the system 32 folder) I found DLLs for Domain Join, Active Directory Domain Services, Windows Remote Desktop Session Host Server SDK APIs, Remote Access AutoDial Helper. I found Handles for Base Named Object: Term Srv Ready Event and Base Named Object: Nla Private Port and Nla Private Ports 1, 2, and 3.

 

4) In svchost.exe, I found all the process handles related to security: Cryptography, SAM Library, System Certificates, Enterprise Certificates, CA, ROOT, Auth Root, Disallowed, Smart Card Root, Trusted People, Trusted, My, and Cert DLL Create Cert Chain Config Engine, MS Trust Verification APIs, along with Remote Desktop Session Host Server, Remote Access Auto Dialer, Remote Access Connection Manager, Domain Join, and Active Directory Domain Services.  

It also shows Tokens for NT Authority\Network Services 3e4, Network Authority\Local Service 3e5, Network Authority\Anonymous Logon 3e6, and Network Authority\System 3e7. Does this mean that an authorization/access token was actually granted to Network Authority\Anonymous Logon 3e6? The Server service is disabled, so that should not be registering a null connection. These Anonymous Logons are not recorded in Event Viewer.

 

5) In Process Explorer, Under System, I found File\Device\HarddiskVolume3, with an address of 0X881AEF80, Quota Charges Paged, 0, Non-Paged, 0.

There's also a File \Device\HarddiskVolume3붆, with an address of 0X88B9B2A0, Quota Charges Paged 1024, Non-Paged 248. The Korean Hangul character is a "counting word" that means "people". I have no idea of its significance; nor do I know why HarddiskVolume3 is shown twice with two different addresses.

I have run CHKDSK. Everything was fine. I ran sfc. Everything was fine. I frequently run netstat -anobv, nothing looks out of the ordinary.  

I apologize for this post's verbosity. I wanted y'all to understand the reasons for my concern. Any advice for me? Thanks for your help.



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:45 PM

Posted 11 March 2015 - 11:22 PM

>> Is svchost.exe showing evidence of remote access? <<

 

Hello and Welcome,

A "very general reply" to your Headline and Question is NO.. Event Viewer can be deceptive, as this is what the "Fraudsters" use to tell you that there are ongoing problems.

 

We can treat this as a basic invasion if you like, which is most likely the best option

 

To check if you have any protection, please run this program,

Download Screen317 Security Check from Here or Here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please Copy and Paste the contents of that document.

Note 1:: If any security program requests permission to access the Internet, allow it to
Note 2. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message, (or similar) restart computer and Security Check should run

 

 

Next -

Please download MiniToolBox  to desktop to run it.
 Checkmark the following boxes:

  • List content of Hosts
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 Click Go and Copy / Paste the result. (result.txt)

 

Next -

Please download RKill by Grinler to your desktop

  • If you have an old version, please delete it first
  • Right click on the new Red icon and select Run as Administrator
  • A black DOS box will appear for a short time and then disappear.
  • This is normal and indicates the tool ran successfully.
  • At most the tool will usually run for about 2 minutes
  • Please Copy and Paste the small log back here.

 

 

 

Next :

  • Download AdwCleaner by Xplode from Here or Here and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
     * Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button (only once)
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button only once for accuracy.
  • A report (AdwCleaner[R0].txt) will open in Notepad for your review.
  • Check the listed removals and see if you are OK with them.
  • If you have questions, post the Report log back here.

 NOW

  • Click on the Clean button only once for accuracy
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK finally to allow AdwCleaner to Restart the computer and complete the removal process.
  • After rebooting, a log report (AdwCleaner[S0].txt) will open automatically.
  • **Copy and Paste the contents of that log in your next reply.**
  • To restore an item that has been deleted by accident : Open the program again,
  • Go to Tools (top left) > Quarantine Manager > check what you want restored > now click on Restore.

Note: With most Adware / Junkware / PUPs it is strongly recommended to deal with it like a legitimate program and uninstall from Programs and Features or Add/Remove Programs in the Control Panel. In many cases, using the uninstaller of the adware not only removes the adware more effectively, but it also restores any changed configuration. After uninstallation, then you can run specialized tools like AdwCleaner and JRT to fix any remaining entries they may find.

 

 

 

Next - If you already have a current version installed, Please update it
Please download Malwarebytes Anti-Malware

  • Follow the simple directions to install the program to desktop
  • Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
  • Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
  • Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
  • If you find malware and tick it to remove it, you may be asked to re-boot the computer to finish cleaning.
  • Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

These will give us a good idea of the problems, and keep you occupied for a while.

Post the logs 1 at a time or several in each post (as it suits you).

Please include any changes in your system (better or worse) ......

 

Thank You -



#3 Tergiversada

Tergiversada
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:45 AM

Posted 12 March 2015 - 12:43 AM

Thank you for your reply.

 

Results of screen317's Security Check version 0.99.97 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 Windows Firewall Disabled! 
Kaspersky Internet Security  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner    
 Java 8 Update 31 
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31 
 Adobe Flash Player  16.0.0.305 
 Adobe Reader XI 
 Mozilla Firefox (36.0.1)
````````Process Check: objlist.exe by Laurent```````` 
 Kaspersky Lab Kaspersky Internet Security 15.0.2 avp.exe 
 Kaspersky Lab Kaspersky Internet Security 15.0.2 avpui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

 

 

 

Here's MiniToolbox:

 

MiniToolBox by Farbar  Version: 09-03-2015
Ran by Nesciopequenito (administrator) on 11-03-2015 at 23:51:30
Running from "C:\Users\redchow\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Model: OptiPlex 390 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

 

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/10/2015 09:05:50 PM) (Source: Application Error) (User: )
Description: Faulting application name: hpqSTE08.exe, version: 130.0.373.0, time stamp: 0x4a162d96
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x00052d37
Faulting process id: 0x304
Faulting application start time: 0xhpqSTE08.exe0
Faulting application path: hpqSTE08.exe1
Faulting module path: hpqSTE08.exe2
Report Id: hpqSTE08.exe3

Error: (03/10/2015 08:53:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/10/2015 08:35:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/10/2015 05:26:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/10/2015 05:11:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/10/2015 04:17:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/10/2015 04:13:32 PM) (Source: Application Error) (User: )
Description: Faulting application name: procexp.exe, version: 16.4.0.0, time stamp: 0x5404afa6
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x00052d94
Faulting process id: 0x2264
Faulting application start time: 0xprocexp.exe0
Faulting application path: procexp.exe1
Faulting module path: procexp.exe2
Report Id: procexp.exe3

Error: (03/10/2015 04:08:55 PM) (Source: PerfNet) (User: )
Description:

Error: (03/10/2015 04:02:55 PM) (Source: PerfNet) (User: )
Description:

Error: (03/10/2015 04:00:49 PM) (Source: PerfNet) (User: )
Description:

System errors:
=============
Error: (03/10/2015 08:32:44 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (03/10/2015 05:27:19 PM) (Source: Microsoft-Windows-Application-Experience) (User: NT AUTHORITY)
Description: The Program Compatibility Assistant service failed to perform the phase two initialization.

Error: (03/04/2015 06:47:41 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/04/2015 06:47:41 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (03/02/2015 03:09:37 AM) (Source: DCOM) (User: ATRAVIESE)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}PCbigchowS-1-5-21-3618591344-3695950669-519290804-1001LocalHost (Using LRPC)

Error: (03/02/2015 03:09:33 AM) (Source: DCOM) (User: ATRAVIESE)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}PCbigchowS-1-5-21-3618591344-3695950669-519290804-1001LocalHost (Using LRPC)

Error: (03/02/2015 03:09:29 AM) (Source: DCOM) (User: ATRAVIESE)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}PCbigchowS-1-5-21-3618591344-3695950669-519290804-1001LocalHost (Using LRPC)

Error: (02/28/2015 00:05:32 AM) (Source: DCOM) (User: )
Description: {66C99B38-BC12-4134-90A2-C5D6ABFC5FFE}

Error: (02/26/2015 08:50:56 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/24/2015 09:21:22 AM) (Source: DCOM) (User: ATRAVIESE)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}PCbigchowS-1-5-21-3618591344-3695950669-519290804-1001LocalHost (Using LRPC)

Microsoft Office Sessions:
=========================
Error: (03/10/2015 09:05:50 PM) (Source: Application Error)(User: )
Description: hpqSTE08.exe130.0.373.04a162d96ntdll.dll6.1.7601.18247521ea91cc000000500052d3730401d05b9fe3eff2b0C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Windows\SYSTEM32\ntdll.dll231496fc-c793-11e4-ae22-d067e52b0719

Error: (03/10/2015 08:53:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/10/2015 08:35:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/10/2015 05:26:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/10/2015 05:11:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/10/2015 04:17:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/10/2015 04:13:32 PM) (Source: Application Error)(User: )
Description: procexp.exe16.4.0.05404afa6ntdll.dll6.1.7601.18247521ea91cc000000500052d94226401d05b73c6ffab51C:\Users\redchow\Desktop\ProcessExplorer\procexp.exeC:\Windows\SYSTEM32\ntdll.dll4de8860d-c76a-11e4-99e6-d067e52b0719

Error: (03/10/2015 04:08:55 PM) (Source: PerfNet)(User: )
Description:

Error: (03/10/2015 04:02:55 PM) (Source: PerfNet)(User: )
Description:

Error: (03/10/2015 04:00:49 PM) (Source: PerfNet)(User: )
Description:

CodeIntegrity Errors:
===================================
  Date: 2014-10-13 00:06:38.017
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-13 00:06:38.017
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-13 00:06:38.017
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-13 00:06:38.017
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-13 00:06:38.017
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-13 00:06:38.002
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-13 00:06:38.002
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-13 00:06:37.986
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-13 00:06:37.986
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-13 00:06:37.986
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

 

=========================== Installed Programs ============================
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
4500_G510nz_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden
Adobe Acrobat X Standard - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.13 - Adobe Systems)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Refresh Manager (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Catalina Savings Printer (HKLM\...\{4956ACE3-F537-4418-BB45-FD52395275A7}) (Version: 1.0.0 - Catalina Marketing Corp)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Conexant HD Audio (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 1.0.54.0 - Conexant)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated)
CyberLink PowerDVD 9.5 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.4418 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (Version: 9.5.1.4418 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB2956207) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{0E5D2277-B9CB-4FD2-92B7-7D145B0CE418}) (Version:  - Microsoft)
Dell Backup and Recovery Manager (HKLM\...\{B7FB9195-E9FC-4316-930E-D799D5D712F7}) (Version: 1.3.1 - Dell Inc.)
Dell Client System Update (HKLM\...\{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}) (Version: 1.2.1 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DocMgr (Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
FamilySearch Indexing 3.24.2 (HKLM\...\0591-8077-9297-0833) (Version: 3.24.2 - FamilySearch)
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel® Identity Protection Technology 1.1.2.0 (HKLM\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java Auto Updater (Version: 2.8.31.13 - Oracle Corporation) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)
Kaspersky Internet Security (Version: 15.0.2.361 - Kaspersky Lab) Hidden
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 130.0.374.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
P@H-Protocol (HKLM\...\{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}) (Version: 3.0.7.0 - Valassis)
Photo Explosion (HKLM\...\{822944D4-BC5D-44AE-9315-16C174D318B0}) (Version: 4.0.0.12 - Nova Development)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0019 - Realtek)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 4.5 (KB2750147) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2750147) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805221) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805221) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805226) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805226) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2837601) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{53FAC141-5C6B-4F97-ABC4-E635ABBC59E5}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition (HKLM\...\{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{A7C2902F-C60B-428F-BDD7-ECE4DC0A2CA1}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{A7C2902F-C60B-428F-BDD7-ECE4DC0A2CA1}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition (HKLM\...\{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{A7C2902F-C60B-428F-BDD7-ECE4DC0A2CA1}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8BEEA2FC-D416-428A-B52A-A3ED45921151}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition (HKLM\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{8BEEA2FC-D416-428A-B52A-A3ED45921151}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A4F91D60-654C-4892-BFD3-0D41ADA649B6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition (HKLM\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{A12F43A5-CF0B-44E3-942F-2441CD442F0D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{0B7744D2-1FDD-4843-9987-7CE11B79F370}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8158D96B-083A-4FE4-8587-B5D0F49FE4B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D1C4AD0B-CC79-41D2-8D6A-571E7B30658C}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{C1954E2B-1672-4E5C-B564-F8CB2D08345B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{A7AA9E77-A9F4-4596-8AFD-4910FF258C3D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2920813) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{74BC74BD-9032-4646-B248-F9F45E6D1326}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2956141) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{53FDC948-3ABA-4BDE-BCEB-F1465C93D91C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition (HKLM\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{82148027-13B5-4920-97F3-6A44A29B83D0}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2956205) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{673FF853-6C60-4666-8E2F-CE9E2EB991AA}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2956128) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{FC666DD5-8A58-401B-9B1E-2CBB451932E8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2956203) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{4C42857F-202A-4CB2-8FF7-74624CE22318}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DF548669-AAED-467B-A074-AE2B72A4A871}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2878283) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{174382ED-333C-4C27-81BB-27288080CA16}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

========================= Memory info: ===================================

Percentage of memory in use: 40%
Total physical RAM: 3241.06 MB
Available physical RAM: 1923.16 MB
Total Pagefile: 6480.41 MB
Available Pagefile: 4515.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.98 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:453.96 GB) (Free:403.47 GB) NTFS

========================= Users: ========================================

User accounts for \\ATRAVIESE

Administrator            bigchow                  Guest                   
Nesciopequenito          redchow                  Tergiversada            

**** End of log ****

 

 

Here's RKill:

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/12/2015 12:01:57 AM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * Network Connections (Netman) is not Running.
   Startup Type set to: Disabled

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Disabled

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 03/12/2015 12:02:20 AM
Execution time: 0 hours(s), 0 minute(s), and 22 seconds(s)

 

 

Here are the results from AdwCleaner. I haven't run the Cleaner yet because I think what it found is related to the three coupon printers I have installed on my computer, and I'd like to keep those. One item found is a Browser Helper Object, which could be one of the BHOs from my Kaspersky Internet Security? I don't know what the Registry Key HKCU\Software\Microsoft\ Windows\Current Version\Internet Settings\Value: Proxy Override  Data *.local is. I have questions about what I should keep and what I should delete. Here's the log. Funny that ADWCleaner didn't find Mozilla Firefox, but found Chrome, which was downloaded as part of Java or Adobe but has never been installed:

 

# AdwCleaner v4.112 - Logfile created 12/03/2015 at 00:13:13
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : Nesciopequenito - ATRAVIESE
# Running from : C:\Users\redchow\Desktop\adwcleaner_4.112.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Program Files\Coupons
Folder Found : C:\Program Files\Coupons
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found : C:\Users\redchow\AppData\Roaming\catalina – print savings
Folder Found : C:\Users\redchow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\catalina – print savings

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.4

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [1984 bytes] - [12/03/2015 00:13:13]

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [2043 bytes] ##########

 

 

I'll post Malwarebytes once I get it installed.

 

 



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:45 PM

Posted 12 March 2015 - 03:59 AM

OK -

Thanks for the update, I will look back soon.

 

Regards -



#5 Tergiversada

Tergiversada
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:45 AM

Posted 12 March 2015 - 09:14 AM

Here's Malwarebytes. For some reason, it wouldn't connect to the update server last night several times, so I tried again this morning:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/12/2015
Scan Time: 8:42:45 AM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.12.04
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Nesciopequenito

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 459470
Time Elapsed: 15 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

No changes in system or system performance.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users