Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Adobe Flashplayer Update Browser Hijacker Flashplayer.hta


  • This topic is locked This topic is locked
8 replies to this topic

#1 pstgh

pstgh

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 13 December 2016 - 01:59 PM

Hi-

 

I am getting these random browser redirects (hijacker) loading a bogus website while appearing as though my Adobe Flash needs to be updated.  It then says to either run the update from there, or go in my downloads and execute the Flashplayer.hta.  I've meticulously gone through all of the above checks only to find zero threats.  Plus, I even ran an updated copy of Adwcleaner 6.04 and nothing is ever found.

 

Does anyone here know of a good way to root out this particular hijacker?  I have experienced it on both IE (v11) and Chrome (v 54.xx)- more so on IE though.

 

I've run each of these (after some necessary updates):

Security Check

Farbar Serv Scan (FSS)

MiniToolBox

Malewarebytes Anti-Malware

Malewarebytes Anti-Rootkit

Rkill

and Adwcleaner

 

Literally nothing is showing up!?

 

Thanks for your thoughts!

Philip



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:26 PM

Posted 14 December 2016 - 10:05 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

Please post the logs.

Wait for further instructions.

#3 pstgh

pstgh
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 14 December 2016 - 11:24 AM

OK- thanks- here you go....

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by HagerHouse (administrator) on HAGERHOUSE (14-12-2016 11:18:41)
Running from C:\Users\HagerHouse\Desktop\PC Fix Stuff\Dec 2016
Loaded Profiles: HagerHouse & UpdatusUser (Available Profiles: HagerHouse & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
() C:\Windows\SysWOW64\spdsvc.exe
(Sling Media Inc.) C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(© 2015 Microsoft Corporation) C:\Users\HagerHouse\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display\dthtml.exe
(Portrait Displays Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2011-08-24] (Hewlett-Packard )
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [7172096 2011-11-24] (Broadcom Corporation)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-03-22] (Adobe Systems Incorporated)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DT HPO] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121648 2011-09-15] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-10-05] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300400 2010-03-10] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2014-05-11] (PDF Complete Inc)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2313408 2016-04-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKU\S-1-5-21-639736396-2184136638-4060683705-1001\...\Run: [DVDFab Passkey] => C:\Program Files (x86)\DVDFab Passkey\DVDFabPasskey.exe [1419296 2013-09-04] (Fengtao Software Inc.)
HKU\S-1-5-21-639736396-2184136638-4060683705-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2016-11-29] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-639736396-2184136638-4060683705-1001\...\Run: [BingSvc] => C:\Users\HagerHouse\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-11] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-639736396-2184136638-4060683705-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-10-05] (Apple Inc.)
HKU\S-1-5-21-639736396-2184136638-4060683705-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27017856 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-639736396-2184136638-4060683705-1001\...\RunOnce: [Adobe Speed Launcher] => 1481289370
HKU\S-1-5-21-639736396-2184136638-4060683705-1001\...\MountPoints2: {3febc4f0-f054-11e5-b7ad-9cb70dd034c2} - F:\MotoCastSetup.exe -a
HKU\S-1-5-21-639736396-2184136638-4060683705-1001\...\MountPoints2: {633a55e8-a9b6-11e3-b5b2-9b4fb9ce7f1f} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-639736396-2184136638-4060683705-1001\...\MountPoints2: {7c9d595e-8636-11e4-8a3b-9cb70dd034c2} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-639736396-2184136638-4060683705-1001\...\MountPoints2: {7c9d5baa-8636-11e4-8a3b-9cb70dd034c2} - G:\MotoCastSetup.exe -a
HKU\S-1-5-21-639736396-2184136638-4060683705-1001\...\MountPoints2: {d067762c-d71d-11e2-8f79-9cb70dd034c2} - F:\MotoCastSetup.exe -a
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2016-11-29] (Garmin Ltd. or its subsidiaries)
Lsa: [Notification Packages] scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-12-04]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\HagerHouse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2013-09-04]
ShortcutTarget: EvernoteClipper.lnk -> C:\Users\HagerHouse\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\HagerHouse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-02-08]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{74143142-733A-485E-825D-CA76B52CB76B}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{C98F5CCF-DE6A-42CE-B9A4-CD60EDF35FE5}: [NameServer] 192.168.10.1,75.75.75.75

Internet Explorer:
==================
HKU\S-1-5-21-639736396-2184136638-4060683705-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-639736396-2184136638-4060683705-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-639736396-2184136638-4060683705-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM -> {FE5D4910-6E82-4117-B3F2-F3E5B6F731B8} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-639736396-2184136638-4060683705-1001 -> DefaultScope {35177CF3-79BD-4FFB-A957-9BD58658DBE7} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-639736396-2184136638-4060683705-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-639736396-2184136638-4060683705-1001 -> {287C61B7-AA50-4A0E-A7E7-D599F2DDE3E2} URL = hxxp://www.youtube.com/results?search_query={searchTerms}
SearchScopes: HKU\S-1-5-21-639736396-2184136638-4060683705-1001 -> {35177CF3-79BD-4FFB-A957-9BD58658DBE7} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-639736396-2184136638-4060683705-1001 -> {3B3F843B-DDFD-4F73-B3DF-FD10A759D862} URL =
SearchScopes: HKU\S-1-5-21-639736396-2184136638-4060683705-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKU\S-1-5-21-639736396-2184136638-4060683705-1001 -> {FE5D4910-6E82-4117-B3F2-F3E5B6F731B8} URL =
SearchScopes: HKU\S-1-5-21-639736396-2184136638-4060683705-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-639736396-2184136638-4060683705-1003 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-639736396-2184136638-4060683705-1003 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-639736396-2184136638-4060683705-1003 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-639736396-2184136638-4060683705-1003 -> {FE5D4910-6E82-4117-B3F2-F3E5B6F731B8} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-28] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-28] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc.)
Toolbar: HKU\S-1-5-21-639736396-2184136638-4060683705-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-10] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-10] (Citrix Systems, Inc.)

FireFox:
========
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-04-07] (Adobe Systems)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin-x32: @google.com/tvswebplugin -> C:\Windows\system32\nptvswebplugin.dll [No File]
FF Plugin-x32: @google.com/zxwebplugin -> C:\Windows\SysWOW64\nptvswebplugin.dll [2015-03-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tenvis.com/vlc,version=2.1.5 -> C:\Program Files (x86)\TENVIS EasySetup\plug-in\LT\LT_Trd_Lib\npvlc.dll [2014-11-18] (VideoLAN)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-04-07] (Adobe Systems)
FF Plugin HKU\S-1-5-21-639736396-2184136638-4060683705-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\HagerHouse\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-639736396-2184136638-4060683705-1001: @talk.google.com/O1DPlugin -> C:\Users\HagerHouse\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-639736396-2184136638-4060683705-1001: @tools.google.com/Google Update;version=3 -> C:\Users\HagerHouse\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-639736396-2184136638-4060683705-1001: @tools.google.com/Google Update;version=9 -> C:\Users\HagerHouse\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\HagerHouse\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\HagerHouse\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch
CHR Profile: C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Default [2015-12-23]
CHR Extension: (Google Drive) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Google Groups) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfmbadcfdhiklafcdohpfphhhakmiakk [2015-06-24]
CHR Extension: (Google Calendar) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-15]
CHR Extension: (Google Finance) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp [2015-05-28]
CHR Extension: (Google Docs Offline) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-02]
CHR Extension: (Google Calendar (by Google)) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2015-10-15]
CHR Extension: (Lunar phases) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\gonoapcaanboccgahfbaegafbckgmceh [2015-06-24]
CHR Extension: (Inoreader - RSS, News and Social Reader) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhglljfmpijadbpkalkclnhlncncdono [2015-08-26]
CHR Extension: (Google Voice (by Google)) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2015-05-28]
CHR Extension: (Google Maps) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Picasa) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2015-06-10]
CHR Extension: (Gmail) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-23]
CHR Profile: C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-12-14]
CHR Extension: (Google Docs) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-02]
CHR Extension: (Google Drive) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-02]
CHR Extension: (Google Groups) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bfmbadcfdhiklafcdohpfphhhakmiakk [2015-12-02]
CHR Extension: (YouTube) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-02]
CHR Extension: (Google Search) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-02]
CHR Extension: (Google Calendar) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-12-02]
CHR Extension: (Google Finance) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp [2015-12-02]
CHR Extension: (Google Docs Offline) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Google Calendar (by Google)) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2016-08-26]
CHR Extension: (Lunar phases) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gonoapcaanboccgahfbaegafbckgmceh [2015-12-02]
CHR Extension: (Google Photos) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hcglmfcclpfgljeaiahehebeoaiicbko [2016-10-03]
CHR Extension: (Inoreader - RSS, News and Social Reader) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hhglljfmpijadbpkalkclnhlncncdono [2015-12-02]
CHR Extension: (Todoist: To-Do list and Task Manager) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh [2016-09-06]
CHR Extension: (Google Voice (by Google)) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2015-12-02]
CHR Extension: (Google Maps) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-12-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Picasa) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2015-12-02]
CHR Extension: (Gmail) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-02]
CHR Extension: (Chrome Media Router) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-13]
CHR Profile: C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-12-14]
CHR Extension: (Google Slides) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-06]
CHR Extension: (Google Docs) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-06]
CHR Extension: (Google Drive) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-06]
CHR Extension: (YouTube) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-06]
CHR Extension: (Google Calendar) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-09-21]
CHR Extension: (Google Sheets) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-06]
CHR Extension: (Google Docs Offline) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-06]
CHR Extension: (Gmail) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-06]
CHR Extension: (Chrome Media Router) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-14]
CHR Profile: C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\System Profile [2016-12-13]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
S3 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [694464 2016-04-07] (Adobe Systems Incorporated)
S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [133936 2011-09-15] (Portrait Displays, Inc.)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1029648 2016-11-29] (Garmin Ltd. or its subsidiaries)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1332360 2014-05-11] (PDF Complete Inc)
R2 Samsung Printer Dianostics Service; C:\Windows\SysWOW64\\spdsvc.exe [491328 2015-11-05] ()
R2 SlingAgentService; C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [93960 2009-09-25] (Sling Media Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5856256 2011-11-24] (Broadcom Corporation) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2011-10-19] (Broadcom Corporation.)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [24376 2010-03-01] ()
S3 cqcpu; C:\Windows\System32\drivers\cqcpu.sys [24376 2010-03-01] ()
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
R3 dvdfab; C:\Windows\System32\drivers\dvdfab.sys [79232 2011-08-15] (Fengtao Software Inc.)
S3 leafnets; C:\Windows\System32\DRIVERS\leafnets.sys [29696 2014-10-20] (Leaf Networks)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R2 NPF; C:\Windows\system32\drivers\NPF.sys [36496 2014-10-20] (Riverbed Technology, Inc.)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
S3 Fwleaf; system32\DRIVERS\fwleaf.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-13 17:43 - 2016-12-13 17:43 - 00567686 _____ C:\Users\HagerHouse\Desktop\Hager Repair Receipt.pdf
2016-12-13 11:28 - 2016-12-13 11:32 - 00002218 _____ C:\Users\HagerHouse\Desktop\Rkill.txt
2016-12-13 10:42 - 2016-12-13 11:23 - 00000000 ____D C:\Users\HagerHouse\Desktop\mbar
2016-12-13 10:42 - 2016-12-13 11:23 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-12-13 10:39 - 2016-12-13 10:39 - 00001063 _____ C:\Users\HagerHouse\Desktop\MWB SCAN 2016-12-13.txt
2016-12-13 10:11 - 2016-12-13 10:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-13 10:11 - 2016-12-13 10:11 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-12-13 10:11 - 2016-12-13 10:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-12-13 10:10 - 2016-12-13 10:42 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-12-13 10:10 - 2016-12-13 10:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-12-13 10:10 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-12-13 10:10 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-12-13 09:34 - 2016-12-14 11:18 - 00000000 ____D C:\FRST
2016-12-08 13:38 - 2016-12-08 13:38 - 00635540 _____ C:\Users\HagerHouse\Desktop\2016 Visa Dispute.pdf
2016-12-05 13:10 - 2016-12-05 13:12 - 00000043 _____ C:\Users\HagerHouse\Desktop\Gift Ideas 2016.txt
2016-12-02 04:17 - 2016-12-02 04:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-11-28 12:57 - 2016-11-28 12:57 - 00000056 _____ C:\Users\HagerHouse\Desktop\HP ink pricing.txt
2016-11-21 07:53 - 2016-11-21 07:53 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-11-21 07:53 - 2016-11-21 07:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-11-21 07:52 - 2016-11-21 07:53 - 00000000 ____D C:\Program Files\iTunes
2016-11-21 07:52 - 2016-11-21 07:52 - 00000000 ____D C:\Program Files\iPod
2016-11-21 07:49 - 2016-11-21 07:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-11-20 14:57 - 2016-11-20 14:57 - 00302110 _____ C:\Users\HagerHouse\Desktop\Patagonia Coupon Code.pdf
2016-11-17 16:26 - 2016-11-17 16:26 - 00690556 _____ C:\Users\HagerHouse\Desktop\ASO Cert.pdf
2016-11-16 11:17 - 2016-11-16 11:17 - 00000000 ____D C:\Users\HagerHouse\Desktop\2014-2015
2016-11-16 11:16 - 2016-11-16 11:17 - 00000000 ____D C:\Users\HagerHouse\Desktop\2015-2016
2016-11-15 18:42 - 2016-11-15 18:42 - 00031232 _____ C:\Users\HagerHouse\Desktop\U15Spring2017.xls

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-14 10:39 - 2013-04-21 12:34 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-13 20:26 - 2013-02-02 12:54 - 00000000 ____D C:\Users\HagerHouse\AppData\Local\VirtualStore
2016-12-13 17:39 - 2013-04-21 12:34 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-13 14:45 - 2014-05-15 06:49 - 00000000 ____D C:\Users\HagerHouse\Desktop\Notes
2016-12-13 13:58 - 2013-04-21 12:34 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-13 11:35 - 2015-12-23 18:29 - 00000000 ____D C:\AdwCleaner
2016-12-13 10:07 - 2013-12-23 17:54 - 00043008 ___SH C:\Users\HagerHouse\Thumbs.db
2016-12-13 10:00 - 2015-09-30 09:32 - 00000000 ____D C:\Users\HagerHouse\Desktop\PC Fix Stuff
2016-12-13 09:58 - 2013-02-05 13:03 - 00000000 ____D C:\Users\HagerHouse\AppData\Roaming\Skype
2016-12-13 09:32 - 2009-07-13 23:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-13 09:32 - 2009-07-13 23:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-12 21:18 - 2013-04-09 18:51 - 00000000 ____D C:\Users\HagerHouse\AppData\Roaming\HandBrake
2016-12-11 21:07 - 2013-03-15 15:01 - 00000000 ____D C:\Users\HagerHouse\AppData\Local\CrashDumps
2016-12-11 01:00 - 2013-02-06 03:55 - 00000000 ____D C:\Users\HagerHouse\AppData\Local\ElevatedDiagnostics
2016-12-09 12:01 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-09 12:01 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-12-09 08:23 - 2016-10-07 01:00 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-12-09 08:16 - 2014-08-30 01:00 - 00000000 ____D C:\Users\HagerHouse\AppData\Local\Adobe
2016-12-09 08:15 - 2012-12-04 16:25 - 00000000 ____D C:\ProgramData\PDFC
2016-12-09 08:14 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-06 11:13 - 2013-02-02 14:26 - 00000000 ____D C:\Users\HagerHouse\AppData\Local\PDFC
2016-12-06 06:45 - 2013-06-10 08:19 - 03607552 ___SH C:\Users\HagerHouse\Desktop\Thumbs.db
2016-12-02 12:40 - 2013-02-07 11:53 - 00000000 ____D C:\Users\HagerHouse\Documents\Jaq Docs
2016-12-02 04:17 - 2016-11-05 01:53 - 00001892 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2016-12-02 04:17 - 2014-09-10 07:31 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2016-12-02 04:17 - 2014-09-10 07:30 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-02 04:17 - 2013-10-26 16:39 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-12-01 21:36 - 2016-11-01 15:09 - 00000000 ____D C:\Users\HagerHouse\Downloads\30 Days
2016-12-01 21:12 - 2015-11-03 06:39 - 00000000 ____D C:\Users\HagerHouse\Downloads\30 Days of Dead 2015
2016-12-01 20:39 - 2015-02-19 16:50 - 00676864 ___SH C:\Users\HagerHouse\Downloads\Thumbs.db
2016-11-30 08:15 - 2013-02-02 15:36 - 00002154 _____ C:\Windows\epplauncher.mif
2016-11-30 08:15 - 2013-02-02 15:36 - 00002119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-11-30 08:14 - 2013-02-02 15:36 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-11-30 08:14 - 2013-02-02 15:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-11-29 17:30 - 2013-04-07 16:07 - 00000000 ____D C:\Users\UpdatusUser
2016-11-24 20:59 - 2014-01-03 17:22 - 00000000 ____D C:\ProgramData\Sonos,_Inc
2016-11-21 07:52 - 2013-02-06 13:44 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-11-19 15:07 - 2012-12-04 16:20 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-17 07:59 - 2015-11-05 13:52 - 00000000 ____D C:\Users\HagerHouse\AppData\Roaming\foobar2000
2016-11-15 17:24 - 2009-07-13 23:45 - 00515360 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-14 10:47 - 2013-02-06 12:41 - 00000000 ____D C:\Users\HagerHouse\AppData\Local\Microsoft Help

==================== Files in the root of some directories =======

2013-03-19 13:15 - 2013-03-19 13:16 - 0000173 _____ () C:\Users\HagerHouse\AppData\Roaming\hpmirrordriver.log
2016-01-11 22:25 - 2016-01-11 22:25 - 0986058 _____ () C:\Users\HagerHouse\AppData\Local\JPG-to-PDF-Converter_1014.rar
2013-09-04 08:13 - 2016-08-25 09:03 - 0000600 _____ () C:\Users\HagerHouse\AppData\Local\PUTTY.RND
2013-07-18 15:57 - 2013-07-18 15:57 - 0000017 _____ () C:\Users\HagerHouse\AppData\Local\resmon.resmoncfg
2014-11-14 13:48 - 2014-11-14 13:48 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-02-08 19:36 - 2016-04-13 07:53 - 0001095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\HagerHouse\AppData\Local\Temp\AAMHelper.exe
C:\Users\HagerHouse\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\HagerHouse\AppData\Local\Temp\BingSvc.exe
C:\Users\HagerHouse\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\HagerHouse\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\HagerHouse\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpype80_.dll
C:\Users\HagerHouse\AppData\Local\Temp\handbrake-setup.exe
C:\Users\HagerHouse\AppData\Local\Temp\i4jdel0.exe
C:\Users\HagerHouse\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\HagerHouse\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\HagerHouse\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\HagerHouse\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\HagerHouse\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\HagerHouse\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\HagerHouse\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\HagerHouse\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\HagerHouse\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\HagerHouse\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\HagerHouse\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\HagerHouse\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\HagerHouse\AppData\Local\Temp\mssinstaller.exe
C:\Users\HagerHouse\AppData\Local\Temp\Quarantine.exe
C:\Users\HagerHouse\AppData\Local\Temp\readSTILog.dll
C:\Users\HagerHouse\AppData\Local\Temp\SkypeSetup.exe
C:\Users\HagerHouse\AppData\Local\Temp\SpOrder.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-14 00:49

==================== End of FRST.txt ============================

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:26 PM

Posted 14 December 2016 - 02:08 PM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(© 2015 Microsoft Corporation) C:\Users\HagerHouse\AppData\Local\Microsoft\BingSvc\BingSvc.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-639736396-2184136638-4060683705-1001\...\Run: [BingSvc] => C:\Users\HagerHouse\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-11] (© 2015 Microsoft Corporation)
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-639736396-2184136638-4060683705-1003 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-639736396-2184136638-4060683705-1003 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
Toolbar: HKU\S-1-5-21-639736396-2184136638-4060683705-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @google.com/tvswebplugin -> C:\Windows\system32\nptvswebplugin.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-06]
CHR Extension: (Chrome Media Router) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-14]
S3 Fwleaf; system32\DRIVERS\fwleaf.sys [X]
CustomCLSID: HKU\S-1-5-21-639736396-2184136638-4060683705-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\HagerHouse\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
Task: {4B76346C-EEBF-4AD6-99F3-6B76F729EDBD} - System32\Tasks\{DC5EEE6F-C643-447A-B970-C21BCCA40FD8} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.5.0.101.272/en/go/help.faq.installer?LastError=1603
AlternateDataStreams: C:\Users\HagerHouse\Photo on 2013-11-13 at 19.51.jpg:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\HagerHouse\Photo on 2013-11-13 at 19.55.jpg:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\HagerHouse\Photo on 2013-11-13 at 19.56.jpg:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\HagerHouse\Photo on 2013-11-13 at 20.00.jpg:AFP_AfpInfo [122]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE and restart the browsee.
===

Update these programs.

ADOBE READER
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.
<<<>>>

ADOBE AIR

Navigate to this page and follow the instructions to get the latest version.
https://get.adobe.com/air/

Remove the old versions via the Control Panel > Programs > Programs and Features.
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

===

Please post the Fixlog.txt and let me know what problem persists with this computer.

#5 pstgh

pstgh
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 14 December 2016 - 02:25 PM

OK- thank you very much for the help- before I do this,

 

please tell me if I should include the words "start" and "end" in the fixlist.txt file created by the notepad.

 

I am just trying to be exact on what goes into that .txt file because I know it's important and I'm not experienced enough with how this frst program works.

 

Thanks



#6 pstgh

pstgh
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 14 December 2016 - 05:13 PM

OK- all went according to plan except that I didn't re-install adobe air yet.... here's the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by HagerHouse (14-12-2016 15:24:45) Run:1
Running from C:\Users\HagerHouse\Desktop\PC Fix Stuff\Dec 2016
Loaded Profiles: HagerHouse & UpdatusUser (Available Profiles: HagerHouse & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(© 2015 Microsoft Corporation) C:\Users\HagerHouse\AppData\Local\Microsoft\BingSvc\BingSvc.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-639736396-2184136638-4060683705-1001\...\Run: [BingSvc] => C:\Users\HagerHouse\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-11] (© 2015 Microsoft Corporation)
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-639736396-2184136638-4060683705-1003 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-639736396-2184136638-4060683705-1003 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
Toolbar: HKU\S-1-5-21-639736396-2184136638-4060683705-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @google.com/tvswebplugin -> C:\Windows\system32\nptvswebplugin.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-06]
CHR Extension: (Chrome Media Router) - C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-14]
S3 Fwleaf; system32\DRIVERS\fwleaf.sys [X]
CustomCLSID: HKU\S-1-5-21-639736396-2184136638-4060683705-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\HagerHouse\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
Task: {4B76346C-EEBF-4AD6-99F3-6B76F729EDBD} - System32\Tasks\{DC5EEE6F-C643-447A-B970-C21BCCA40FD8} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.5.0.101.272/en/go/help.faq.installer?LastError=1603
AlternateDataStreams: C:\Users\HagerHouse\Photo on 2013-11-13 at 19.51.jpg:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\HagerHouse\Photo on 2013-11-13 at 19.55.jpg:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\HagerHouse\Photo on 2013-11-13 at 19.56.jpg:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\HagerHouse\Photo on 2013-11-13 at 20.00.jpg:AFP_AfpInfo [122]

End
*****************

Restore point was successfully created.
Processes closed successfully.
[4584] C:\Users\HagerHouse\AppData\Local\Microsoft\BingSvc\BingSvc.exe => process closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-639736396-2184136638-4060683705-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-639736396-2184136638-4060683705-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKU\S-1-5-21-639736396-2184136638-4060683705-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
HKU\S-1-5-21-639736396-2184136638-4060683705-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@google.com/tvswebplugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\HagerHouse\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
Fwleaf => service removed successfully
"HKU\S-1-5-21-639736396-2184136638-4060683705-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B76346C-EEBF-4AD6-99F3-6B76F729EDBD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B76346C-EEBF-4AD6-99F3-6B76F729EDBD}" => key removed successfully
C:\Windows\System32\Tasks\{DC5EEE6F-C643-447A-B970-C21BCCA40FD8} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DC5EEE6F-C643-447A-B970-C21BCCA40FD8}" => key removed successfully
C:\Users\HagerHouse\Photo on 2013-11-13 at 19.51.jpg => ":AFP_AfpInfo" ADS removed successfully.
C:\Users\HagerHouse\Photo on 2013-11-13 at 19.55.jpg => ":AFP_AfpInfo" ADS removed successfully.
C:\Users\HagerHouse\Photo on 2013-11-13 at 19.56.jpg => ":AFP_AfpInfo" ADS removed successfully.
C:\Users\HagerHouse\Photo on 2013-11-13 at 20.00.jpg => ":AFP_AfpInfo" ADS removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 216401362 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 1285628255 B
Edge => 0 B
Chrome => 483184144 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83385 B
systemprofile32 => 8908313 B
LocalService => 16512 B
NetworkService => 14636428 B
HagerHouse => 5903956083 B
UpdatusUser => 66228 B

RecycleBin => 0 B
EmptyTemp: => 7.4 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 15:28:27 ====



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:26 PM

Posted 15 December 2016 - 07:59 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#8 pstgh

pstgh
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 15 December 2016 - 08:40 AM

Thanks again for your assistance- from looking through that initial scan, what did you notice?  Thoughts/comments would be appreciated!

 

I had an issue with a slowing computer about a year or so ago which we looked into... couldn't find anything at all, and then I finally agreed to update one of the Adobe programs which I'd been postponing for a while and suddenly, the computer was fine.  I tell you that to tell you this- I hate Adobe, but I am somewhat of a sucker for their updates now because of that experience and I am wondering if I agreed to a fake update at some point along the way...?

 

If you could also comment on the process of becoming an assistant like you are - is it a very long process ?  I'm thinking of a good way to give back and am curious if that is something that I might consider doing.

 

Thanks again



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:26 PM

Posted 15 December 2016 - 10:11 AM



What exactly cause the problem is hard to say.
We (the Helpers) have evaluation tools and delete anything that was previously found.
If new files are identified we have to search and decide to remove it or nor.

If you link to take the training and to in your available time there is no time frame to complete it.

Try one these forums.

https://www.bleepingcomputer.com/forums/t/532535/malware-removal-training-program/

http://www.spywareinfoforum.com/topic/34-the-boot-camp-here-anti-malware-training/

Please do not subscribe to both of them.

Good luck, we need all the help we can get.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users