Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Infected? Proxy errors in all browsers [Solved]

Totally lost now

  • This topic is locked This topic is locked
13 replies to this topic

#1 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 31 October 2014 - 03:38 PM

Hello,

 

I started this topic in the browsers topic.  I posted some logs after running some scans per the request of the person who picked up my topic.  I received a reply from an admin to repost here.   I will copy and paste the topic and attach the logs. 

 

Here is the link to that post:

http://forums.whatth...howtopic=128895

 

Hello,

 

I am at my wits end and hope you all can help.  My coworker came to me yesterday and stated she was having issues connecting and could I look at her computer.  Everytime you clicked on one of the browsers it would just spin and time out.

I brought it home last night and looked it over.  She did not have any anti malware programs on so I thought simple, she must have some malware, I will install malwarebytes and clean up the machine.

 

Her machine is:

HP Windows 8 machine

AMD E-300 APU with Radeon

4GB Ram

64 bit operating system

no touch screen

 

I was able to install malwarebytes via flash drive and it updated via my wifi and ran it.  Found almost 500 threats.  Nothing on virus scan.(After it cleaned 2 threats previously ~~ per coworker. I did not at this point see reason to run it after the other scan.)

Rebooted and tried to go online.  Now instead of the spinning and timing out I get proxy errors on both Chrome and IE.  She has no other browsers installed.

I noticed some windows updates were needed and was able to get them installed without browsers but still the proxy errors existed.  I went into settings on both and went to LAN and tried to uncheck the use proxy box but it would not stay.  So I assumed more malware.

There are also a couple of items that the HP Assistant states need updating I was able to download (so it looked per screen) but apparently failed on install because all 3 are still showing after numeros attempts.

     HP System Event Utility

     Qualcomm Atheros AR9000 Series Wireless LAN Driver for Microsoft Windows

     Cyberlink MediaSuite 10-desktop

 

Reran malwarebytes, came back clean.  Installed and ran Malwarebytes anti root kit came back clean.

I have not been able to run or uninstall AVG even with removal tool.

I ran rogue killer and reset proxy.

I have turned off (who knew you couldn't uninstall IE in Windows 8?) and uninstalled Chrome.

Rebooted and turned IE back on.  Still proxy errors.

I installed HJT and ran it but it flashed a msg about hosts and then would not let me save a log to notepad when it was done.  I was also unsuccessful in trying to highlight and copy and paste it into notepad. 

 

Every time I check the wireless settings it states I am connected to the internet. All other machines, tablets and phones in house are fine in connections and browsing etc...

 

So here I am coming to you with no logs and a huge amount of frustration at my inexperience with Windows 8 hoping that someone will be able to provide me some hope in what my next steps would be.

 

Thanking you in advance......

 

My response after their scan and reset of host file suggestions:

Ok reset host file no change>

Also forgot to mention that I did do a system restore with no change either.

I tried to boot in safe mode no luck.

Once again no luck uninstalling AVG either via control panel nor removal tool.

I have not downloaded a newer version and transferred it yet.

As I was not told to, I did not do anything with the scans except run them.  No fixes run etc.....

Please note when having me run and download things, that while I AM connected per wireless settings I CAN NOT access any web sites on my coworkers machine.  I must download and transfer via USB drive from my machine.  Being this is the case would I still be able to transfer ESET and run one of those scans?

 

Here is the DDS scan results:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17116
Run by Sheila at 13:48:52 on 2014-10-31
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3682.2420 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Windows\system32\dashost.exe
c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\LogonUI.exe
C:\Windows\System32\dwm.exe
C:\Windows\system32\dwm.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Users\Sheila\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://search.coupons.com/
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [SkyDrive] "C:\Users\Sheila\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
mRunOnce: [AVG_uninstallation_survey] C:\Program Files\Internet Explorer\iexplore.exe
StartupFolder: C:\Users\Sheila\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 204.186.80.251 216.144.187.101 216.144.187.199
TCP: Interfaces\{C00DBA34-2415-4173-9B77-07BBA891F271} : DHCPNameServer = 204.186.80.251 216.144.187.101 216.144.187.199
TCP: Interfaces\{C00DBA34-2415-4173-9B77-07BBA891F271}\D496C6C65627D27657563747 : DHCPNameServer = 204.186.80.251 216.144.187.101 216.144.187.199
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-11-30 80552]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-11-30 26280]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2014-8-6 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2014-6-17 31512]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\Drivers\avgdiska.sys [2014-6-30 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2014-7-21 244504]
R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2014-6-30 270104]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2013-11-23 92536]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-11-23 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-14 241152]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-3-14 361984]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-7-2 2436280]
R2 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-4-24 227904]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [2013-12-25 1039160]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-11-23 2468496]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-29 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-29 968504]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE [2013-11-23 239176]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2013-2-14 94208]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2014-10-29 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\Drivers\MBAMSwissArmy.sys [2014-10-29 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\Drivers\mwac.sys [2014-10-29 64216]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2013-11-23 288328]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-11-23 760032]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-11-23 58536]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-31 20800]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2013-9-4 20496]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2014-6-17 235800]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-8-25 3242000]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-8-25 289328]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 203344]
S3 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-9-1 647736]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2013-5-7 29424]
S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2013-5-7 33008]
.
=============== Created Last 30 ================
.
2014-10-31 01:11:56    388096    ----a-r-    C:\Users\Sheila\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-10-31 01:11:54    --------    d-----w-    C:\Program Files (x86)\Trend Micro
2014-10-30 23:56:32    11627712    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D1D4ACF6-B8D1-4B70-AB30-89AB7E067D0C}\mpengine.dll
2014-10-30 23:56:22    275080    ------w-    C:\Windows\System32\MpSigStub.exe
2014-10-30 22:33:24    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-30 03:14:31    3915264    ----a-w-    C:\Windows\System32\drivers\athw8x.sys
2014-10-30 02:19:53    2885120    ----a-w-    C:\Windows\System32\msi.dll
2014-10-30 02:19:47    2416128    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-10-30 02:19:18    693248    ----a-w-    C:\Windows\System32\aepdu.dll
2014-10-30 02:19:18    275968    ----a-w-    C:\Windows\System32\generaltel.dll
2014-10-30 02:19:16    556544    ----a-w-    C:\Windows\System32\aeinv.dll
2014-10-30 02:19:01    462760    ----a-w-    C:\Windows\System32\NotificationUI.exe
2014-10-30 02:19:01    198656    ----a-w-    C:\Windows\System32\Windows.ApplicationModel.Store.dll
2014-10-30 02:19:00    581016    ----a-w-    C:\Windows\System32\AutoUpdate.exe
2014-10-30 02:19:00    568832    ----a-w-    C:\Windows\SysWow64\WSShared.dll
2014-10-30 02:19:00    163840    ----a-w-    C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-30 02:19:00    125952    ----a-w-    C:\Windows\System32\WinSetupUI.dll
2014-10-30 02:18:59    695808    ----a-w-    C:\Windows\System32\WSShared.dll
2014-10-30 02:18:59    124928    ----a-w-    C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-30 01:38:00    129752    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-30 01:37:09    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-30 01:37:09    64216    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-10-30 01:37:09    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-10-30 01:01:02    --------    d-----w-    C:\Users\Sheila\AppData\Local\Avg2014
2014-10-29 23:18:03    --------    d-----w-    C:\Windows\System32\AutoUpdateLicense
2014-10-29 21:59:20    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-10-29 21:59:20    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-29 21:58:20    --------    d-----w-    C:\Users\Sheila\AppData\Local\Programs
2014-10-23 00:23:09    --------    d-----w-    C:\Users\Sheila\AppData\Roaming\AVG2015
2014-10-23 00:16:55    --------    d-----w-    C:\ProgramData\AVG2015
2014-10-23 00:11:27    --------    d-----w-    C:\Users\Sheila\AppData\Local\Avg2015
2014-10-21 22:20:38    104904    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-21 22:20:37    705480    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-10-21 11:34:47    269992    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10248.bin
2014-10-20 16:10:04    3262976    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-10-20 16:10:03    1824784    ----a-w-    C:\Windows\System32\ntdll.dll
2014-10-20 16:06:36    674304    ----a-w-    C:\Windows\System32\drivers\srv2.sys
2014-10-20 03:04:26    8858112    ----a-w-    C:\Windows\SysWow64\twinui.dll
2014-10-20 03:04:26    754176    ----a-w-    C:\Windows\SysWow64\actxprxy.dll
2014-10-20 03:04:22    2146304    ----a-w-    C:\Windows\System32\actxprxy.dll
2014-10-20 03:04:22    10115072    ----a-w-    C:\Windows\System32\twinui.dll
2014-10-20 03:04:18    2306560    ----a-w-    C:\Windows\System32\authui.dll
2014-10-20 03:04:18    2037760    ----a-w-    C:\Windows\SysWow64\authui.dll
2014-10-20 03:01:13    585728    ----a-w-    C:\Windows\System32\rastls.dll
2014-10-20 03:01:13    510464    ----a-w-    C:\Windows\SysWow64\rastls.dll
2014-10-20 03:01:10    79360    ----a-w-    C:\Windows\System32\packager.dll
2014-10-20 03:01:10    68096    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-10-19 18:38:51    4068352    ----a-w-    C:\Windows\System32\win32k.sys
2014-10-03 17:26:42    3885792    ----a-w-    C:\Windows\SysWow64\uninstall.exe
.
==================== Find3M  ====================
.
2014-09-20 05:17:42    2236928    ----a-w-    C:\Windows\System32\wininet.dll
2014-09-20 05:17:32    915968    ----a-w-    C:\Windows\System32\uxtheme.dll
2014-09-20 05:17:32    53760    ----a-w-    C:\Windows\System32\UXInit.dll
2014-09-20 05:16:11    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2014-09-20 05:16:07    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2014-09-20 05:16:07    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2014-09-20 05:15:22    1508864    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-09-20 03:57:57    1762816    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-09-20 03:57:50    44032    ----a-w-    C:\Windows\SysWow64\UXInit.dll
2014-09-20 03:57:04    2861568    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-09-20 03:57:01    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-09-20 03:57:01    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2014-09-20 03:56:33    1440768    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-09-20 03:38:36    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-09-20 03:33:44    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-09-20 01:06:59    534528    ----a-w-    C:\Windows\SysWow64\uxtheme.dll
2014-09-13 06:24:47    2233152    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2014-09-03 02:48:48    141824    ----a-w-    C:\Windows\SysWow64\rpchttp.dll
2014-09-03 02:22:00    188928    ----a-w-    C:\Windows\System32\rpchttp.dll
2014-09-03 02:21:28    212992    ----a-w-    C:\Windows\System32\dnsrslvr.dll
2014-08-29 04:17:04    227328    ----a-w-    C:\Windows\SysWow64\WsmWmiPl.dll
2014-08-29 04:17:04    2043392    ----a-w-    C:\Windows\SysWow64\WsmSvc.dll
2014-08-29 04:04:22    309248    ----a-w-    C:\Windows\System32\WsmWmiPl.dll
2014-08-29 04:04:22    2837504    ----a-w-    C:\Windows\System32\WsmSvc.dll
2014-08-28 06:05:35    35328    ----a-w-    C:\Windows\SysWow64\wuapp.exe
2014-08-28 06:05:17    86528    ----a-w-    C:\Windows\SysWow64\wudriver.dll
2014-08-28 06:05:17    128000    ----a-w-    C:\Windows\SysWow64\wuwebv.dll
2014-08-28 06:04:00    499712    ----a-w-    C:\Windows\SysWow64\FXSCOMEX.dll
2014-08-28 06:04:00    227840    ----a-w-    C:\Windows\SysWow64\FXSAPI.dll
2014-08-28 06:02:15    40448    ----a-w-    C:\Windows\System32\wuapp.exe
2014-08-28 06:01:45    253440    ----a-w-    C:\Windows\System32\WUSettingsProvider.dll
2014-08-28 06:01:45    144384    ----a-w-    C:\Windows\System32\wuwebv.dll
2014-08-28 06:01:45    100352    ----a-w-    C:\Windows\System32\wudriver.dll
2014-08-28 06:01:44    17920    ----a-w-    C:\Windows\System32\wuaext.dll
2014-08-28 06:01:44    1623552    ----a-w-    C:\Windows\System32\wucltux.dll
2014-08-28 06:01:15    176640    ----a-w-    C:\Windows\System32\storewuauth.dll
2014-08-28 05:59:55    616448    ----a-w-    C:\Windows\System32\FXSAPI.dll
2014-08-28 05:59:55    609280    ----a-w-    C:\Windows\System32\FXSCOMEX.dll
2014-08-28 05:59:55    432640    ----a-w-    C:\Windows\System32\FXSTIFF.dll
2014-08-28 05:59:55    254976    ----a-w-    C:\Windows\System32\FXST30.dll
2014-08-09 08:30:18    148480    ----a-w-    C:\Windows\System32\poqexec.exe
2014-08-09 08:29:32    144896    ----a-w-    C:\Windows\System32\tssdisai.dll
2014-08-06 14:50:04    123672    ----a-w-    C:\Windows\System32\drivers\avgmfx64.sys
.
============= FINISH: 13:51:23.96 ===============
 

 

Do I need to go back and run the other scans? Did not do them yet as was told to transfer to this post and I thought I simply had a browser issue???

 

Attached Files


    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 31 October 2014 - 06:27 PM

:welcome:

 

Lets run a new program that will tell us more than DDS and also lets see if your infected with a rootkit

 

 

1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
  •  
    I just want to see the report....Please Do Not Fix Anything
     
    ============================================================================
     
     
     
     

    Please download Farbar Recovery Scan Tool and save it to your desktop.
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
     
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
    A simple way to check your system: Start --> Computer (right click) --> Properties
     
     
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Do not check 
  • *List BCD
    *Drivers MD5
    *Shortcut txt
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #3 mickey7

    mickey7

      Silver Member

    • Authentic Member
    • PipPipPip
    • 254 posts

    Posted 31 October 2014 - 08:18 PM

    OK here are the results of the scans..... I hope there is an answer in there somewhere... :)

     

    aswMBR version 1.0.1.2172 Copyright© 2014 AVAST Software
    Run date: 2014-10-31 21:31:27
    -----------------------------
    21:31:27.484    OS Version: Windows x64 6.2.9200
    21:31:27.484    Number of processors: 2 586 0x200
    21:31:27.484    ComputerName: SHEILA  UserName: Sheila
    21:31:31.056    Initialize success
    21:31:31.244    VM: initialized successfully
    21:31:31.244    VM: Amd CPU BiosDisabled
    21:31:31.290    supported disk I/O storport.sys
    21:31:37.904    AVAST engine download error: 0
    21:31:46.562    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000035
    21:31:46.577    Disk 0 Vendor: TOSHIBA_MQ01ABF032 AM002C Size: 305245MB BusType: 11
    21:31:46.702    Disk 0 MBR read successfully I/O
    21:31:46.702    Disk 0 MBR scan
    21:31:46.718    Disk 0 unknown MBR code
    21:31:46.733    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
    21:31:46.843    Disk 0 scanning C:\Windows\system32\drivers
    21:31:56.234    Service scanning
    21:32:26.124    Modules scanning
    21:32:26.139    Disk 0 trace - called modules:
    21:32:26.873    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
    21:32:26.873    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048785b0]
    21:32:26.888    3 CLASSPNP.SYS[fffff8800184ae0a] -> nt!IofCallDriver -> [0xfffffa8004393040]
    21:32:26.904    5 amd_xata.sys[fffff88000a7e634] -> nt!IofCallDriver -> \Device\00000035[0xfffffa8004397060]
    21:32:26.919    Disk 0 statistics 124903/5/0 @ 7.96 MB/s
    21:32:26.935    Scan finished successfully
    21:34:03.375    Disk 0 MBR has been saved successfully to "F:\MBR.dat"
    21:34:04.342    The log file has been saved successfully to "F:\aswMBR.txt"


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014 01
    Ran by Sheila (administrator) on SHEILA on 31-10-2014 21:37:12
    Running from C:\Users\Sheila\Desktop
    Loaded Profile: Sheila (Available profiles: Sheila)
    Platform: Windows 8 (X64) OS Language: English (United States)
    Internet Explorer Version 10
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
    (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
    (Microsoft Corporation) C:\Users\Sheila\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17074_none_6233bc1f5106b696\TiWorker.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-14] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-12-25] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-06-10] (Hewlett-Packard)
    HKU\S-1-5-21-588987159-3856549399-4189163861-1002\...\Run: [SkyDrive] => C:\Users\Sheila\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation)
    Startup: C:\Users\Sheila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
    SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CPNTDFJS
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CPNTDFJS
    SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CPNTDFJS
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CPNTDFJS
    SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CPNTDFJS
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CPNTDFJS
    SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Hosts: Hosts file not detected in the default directory
    Tcpip\Parameters: [DhcpNameServer] 204.186.80.251 216.144.187.101 216.144.187.199

    FireFox:
    ========
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

    Chrome:
    =======
    CHR Profile: C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-14] (Advanced Micro Devices, Inc.) [File not signed]
    S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
    S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
    R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-12-25] (Hewlett-Packard Development Company, L.P.)
    S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
    S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-03-04] (Realtek Semiconductor)
    S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
    S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
    R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
    S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [270104 2014-06-30] (AVG Technologies CZ, s.r.o.)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-31] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
    R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-23] (Realtek Semiconductor Corp.)
    S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-05-07] (Synaptics Incorporated)
    S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-05-07] (Synaptics Incorporated)
    R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
    U3 aswMBR; \??\C:\Users\Sheila\AppData\Local\Temp\aswMBR.sys [X]
    U3 aswVmm; \??\C:\Users\Sheila\AppData\Local\Temp\aswVmm.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-31 21:37 - 2014-10-31 21:37 - 00013644 _____ () C:\Users\Sheila\Desktop\FRST.txt
    2014-10-31 21:36 - 2014-10-31 21:37 - 00000000 ____D () C:\FRST
    2014-10-31 21:36 - 2014-10-31 21:13 - 02113536 _____ (Farbar) C:\Users\Sheila\Desktop\FRST64.exe
    2014-10-31 21:30 - 2014-10-31 21:12 - 05192704 _____ (AVAST Software) C:\Users\Sheila\Desktop\aswMBR.exe
    2014-10-31 13:59 - 2014-10-31 14:02 - 00000000 ____D () C:\AdwCleaner
    2014-10-31 13:59 - 2014-10-31 13:33 - 01375089 _____ () C:\Users\Sheila\Desktop\AdwCleaner.exe
    2014-10-30 21:11 - 2014-10-30 21:11 - 00000000 ____D () C:\Users\Sheila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    2014-10-30 21:11 - 2014-10-30 21:11 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
    2014-10-30 21:01 - 2014-10-30 21:01 - 00001437 _____ () C:\Users\Sheila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-10-30 19:56 - 2014-10-30 07:25 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-10-30 19:06 - 2014-09-13 02:24 - 02233152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2014-10-30 19:06 - 2014-09-05 20:46 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
    2014-10-30 19:06 - 2014-09-02 22:48 - 00457728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
    2014-10-30 19:06 - 2014-09-02 22:48 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2014-10-30 19:06 - 2014-09-02 22:22 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2014-10-30 19:06 - 2014-09-02 22:21 - 00623104 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
    2014-10-30 19:06 - 2014-09-02 22:21 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
    2014-10-30 19:06 - 2014-08-29 00:17 - 02043392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
    2014-10-30 19:06 - 2014-08-29 00:17 - 00227328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
    2014-10-30 19:06 - 2014-08-29 00:04 - 02837504 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2014-10-30 19:06 - 2014-08-29 00:04 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2014-10-30 19:06 - 2014-08-28 02:04 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSCOMEX.dll
    2014-10-30 19:06 - 2014-08-28 02:04 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
    2014-10-30 19:06 - 2014-08-28 01:59 - 00616448 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
    2014-10-30 19:06 - 2014-08-28 01:59 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
    2014-10-30 19:06 - 2014-08-28 01:59 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\FXSTIFF.dll
    2014-10-30 19:06 - 2014-08-28 01:59 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\FXST30.dll
    2014-10-30 19:06 - 2014-07-24 09:12 - 00328512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
    2014-10-30 18:33 - 2014-10-30 18:59 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-10-29 23:14 - 2013-08-07 20:41 - 03915264 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athw8x.sys
    2014-10-29 22:38 - 2014-10-29 23:21 - 00022863 _____ () C:\Windows\diagwrn.xml
    2014-10-29 22:38 - 2014-10-29 23:21 - 00022863 _____ () C:\Windows\diagerr.xml
    2014-10-29 22:19 - 2014-10-21 23:34 - 00010777 _____ () C:\Windows\system32\AutoconfigV2.cab
    2014-10-29 22:19 - 2014-10-21 23:33 - 00581016 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
    2014-10-29 22:19 - 2014-10-21 23:33 - 00462760 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
    2014-10-29 22:19 - 2014-10-21 21:08 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
    2014-10-29 22:19 - 2014-10-21 21:01 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
    2014-10-29 22:19 - 2014-10-21 21:01 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-10-29 22:19 - 2014-10-21 21:00 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2014-10-29 22:19 - 2014-10-10 00:47 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-10-29 22:19 - 2014-10-10 00:47 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2014-10-29 22:19 - 2014-10-08 00:26 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-10-29 22:19 - 2014-09-17 19:24 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2014-10-29 22:19 - 2014-09-17 18:56 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-10-29 22:18 - 2014-10-21 21:08 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-10-29 22:18 - 2014-10-21 21:01 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
    2014-10-29 21:38 - 2014-10-31 21:22 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-10-29 21:37 - 2014-10-30 18:31 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-10-29 21:37 - 2014-10-29 22:29 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-10-29 21:37 - 2014-10-29 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-10-29 21:37 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-10-29 21:37 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-10-29 21:01 - 2014-10-29 21:01 - 00000000 ____D () C:\Users\Sheila\AppData\Local\Avg2014
    2014-10-29 19:18 - 2014-10-30 20:13 - 00000000 ____D () C:\Windows\system32\AutoUpdateLicense
    2014-10-29 18:57 - 2014-10-29 18:57 - 00063300 _____ () C:\102914.txt
    2014-10-29 17:59 - 2014-10-29 22:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-10-29 17:59 - 2014-10-29 17:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-10-24 12:58 - 2014-10-29 23:08 - 00003145 _____ () C:\Windows\comsetup.log
    2014-10-22 20:23 - 2014-10-22 20:23 - 00000000 ____D () C:\Users\Sheila\AppData\Roaming\AVG2015
    2014-10-22 20:16 - 2014-10-28 23:28 - 00000000 ____D () C:\ProgramData\AVG2015
    2014-10-22 20:11 - 2014-10-28 21:54 - 00000000 ____D () C:\Users\Sheila\AppData\Local\Avg2015
    2014-10-22 05:56 - 2014-10-22 05:56 - 00430392 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-10-21 18:20 - 2014-09-29 18:49 - 00705480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-10-21 18:20 - 2014-09-29 18:49 - 00104904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-10-20 12:10 - 2014-07-02 21:59 - 01824784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2014-10-20 12:09 - 2014-07-12 00:41 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\KBDRUM.DLL
    2014-10-20 12:09 - 2014-07-12 00:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
    2014-10-20 12:09 - 2014-07-12 00:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
    2014-10-20 12:09 - 2014-07-12 00:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
    2014-10-20 12:09 - 2014-07-12 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
    2014-10-20 12:09 - 2014-07-12 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
    2014-10-20 12:09 - 2014-07-12 00:16 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRUM.DLL
    2014-10-20 12:09 - 2014-07-12 00:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
    2014-10-20 12:09 - 2014-07-12 00:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
    2014-10-20 12:09 - 2014-07-12 00:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
    2014-10-20 12:09 - 2014-07-12 00:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
    2014-10-20 12:09 - 2014-07-12 00:15 - 00006144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
    2014-10-20 12:09 - 2014-07-11 20:02 - 00478352 _____ () C:\Windows\SysWOW64\locale.nls
    2014-10-20 12:09 - 2014-07-11 20:00 - 00478352 _____ () C:\Windows\system32\locale.nls
    2014-10-20 12:09 - 2014-07-08 18:33 - 00181248 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe
    2014-10-20 12:09 - 2014-07-08 18:32 - 01539584 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
    2014-10-20 12:09 - 2014-07-08 18:32 - 00340480 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
    2014-10-20 12:09 - 2014-07-08 18:30 - 01220608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
    2014-10-20 12:09 - 2014-07-07 01:52 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
    2014-10-20 12:09 - 2014-07-07 01:52 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
    2014-10-20 12:09 - 2014-07-04 06:52 - 00328000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
    2014-10-20 12:09 - 2014-07-02 20:30 - 01408952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2014-10-20 12:09 - 2014-06-28 03:01 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
    2014-10-20 12:09 - 2014-06-28 02:57 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2014-10-20 12:09 - 2014-06-28 02:56 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
    2014-10-20 12:09 - 2014-06-25 03:09 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2014-10-20 12:09 - 2014-06-25 03:07 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
    2014-10-20 12:09 - 2014-06-17 19:27 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2014-10-20 12:09 - 2014-06-17 19:23 - 02238464 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2014-10-20 12:09 - 2014-06-11 10:47 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
    2014-10-20 12:09 - 2014-06-11 00:40 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
    2014-10-20 12:09 - 2014-06-10 18:44 - 01403896 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2014-10-20 12:09 - 2014-05-29 19:31 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-10-20 12:09 - 2014-05-29 19:03 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-10-20 12:09 - 2014-02-04 06:57 - 01271664 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2014-10-20 12:07 - 2014-09-20 01:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-10-20 12:07 - 2014-09-20 01:17 - 02236928 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-10-20 12:07 - 2014-09-20 01:17 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-10-20 12:07 - 2014-09-20 01:17 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
    2014-10-20 12:07 - 2014-09-20 01:17 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
    2014-10-20 12:07 - 2014-09-20 01:16 - 19280896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-10-20 12:07 - 2014-09-20 01:16 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-10-20 12:07 - 2014-09-20 01:16 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-10-20 12:07 - 2014-09-20 01:16 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-10-20 12:07 - 2014-09-20 01:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-10-20 12:07 - 2014-09-20 01:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-10-20 12:07 - 2014-09-20 01:16 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-10-20 12:07 - 2014-09-20 01:16 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-10-20 12:07 - 2014-09-20 01:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2014-10-20 12:07 - 2014-09-20 01:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-10-20 12:07 - 2014-09-20 01:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-10-20 12:07 - 2014-09-20 01:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-10-20 12:07 - 2014-09-20 01:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-10-20 12:07 - 2014-09-20 01:15 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-10-20 12:07 - 2014-09-20 01:15 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-10-20 12:07 - 2014-09-20 01:15 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-10-20 12:07 - 2014-09-19 23:57 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-10-20 12:07 - 2014-09-19 23:57 - 13757952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-10-20 12:07 - 2014-09-19 23:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-10-20 12:07 - 2014-09-19 23:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-10-20 12:07 - 2014-09-19 23:57 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-10-20 12:07 - 2014-09-19 23:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-10-20 12:07 - 2014-09-19 23:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2014-10-20 12:07 - 2014-09-19 23:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-10-20 12:07 - 2014-09-19 23:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-10-20 12:07 - 2014-09-19 23:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-10-20 12:07 - 2014-09-19 23:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2014-10-20 12:07 - 2014-09-19 23:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-10-20 12:07 - 2014-09-19 23:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-10-20 12:07 - 2014-09-19 23:57 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
    2014-10-20 12:07 - 2014-09-19 23:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-10-20 12:07 - 2014-09-19 23:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-10-20 12:07 - 2014-09-19 23:56 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-10-20 12:07 - 2014-09-19 23:56 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-10-20 12:07 - 2014-09-19 23:56 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-10-20 12:07 - 2014-09-19 23:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-10-20 12:07 - 2014-09-19 23:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-10-20 12:07 - 2014-09-19 21:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
    2014-10-20 12:06 - 2014-07-24 09:50 - 00447296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
    2014-10-20 12:06 - 2014-07-16 19:28 - 00027648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
    2014-10-20 12:06 - 2014-07-16 18:59 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
    2014-10-20 12:06 - 2014-07-16 18:59 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
    2014-10-20 12:06 - 2014-07-12 02:45 - 01549824 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
    2014-10-20 12:06 - 2014-07-12 00:36 - 00674304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2014-10-20 12:06 - 2014-07-12 00:36 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2014-10-20 12:06 - 2014-07-12 00:34 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2014-10-20 12:06 - 2014-07-12 00:34 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2014-10-20 12:06 - 2014-07-07 01:53 - 01125376 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2014-10-20 12:06 - 2014-07-07 01:52 - 03248128 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2014-10-20 12:06 - 2014-07-07 01:52 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2014-10-20 12:06 - 2014-07-07 01:52 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
    2014-10-20 12:06 - 2014-07-07 01:51 - 05982208 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2014-10-20 12:06 - 2014-07-07 00:01 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2014-10-20 12:06 - 2014-07-07 00:01 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
    2014-10-20 12:06 - 2014-07-07 00:00 - 05095424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2014-10-20 12:06 - 2014-07-06 23:59 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2014-10-20 12:06 - 2014-06-28 02:57 - 01341952 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
    2014-10-20 12:06 - 2014-06-27 22:23 - 01126400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
    2014-10-19 23:04 - 2014-08-30 01:48 - 10115072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
    2014-10-19 23:04 - 2014-08-30 01:46 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2014-10-19 23:04 - 2014-08-30 00:05 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
    2014-10-19 23:04 - 2014-08-30 00:03 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2014-10-19 23:04 - 2014-06-12 19:34 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
    2014-10-19 23:04 - 2014-06-12 19:29 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
    2014-10-19 23:01 - 2014-09-13 01:29 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2014-10-19 23:01 - 2014-09-13 00:02 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2014-10-19 23:01 - 2014-09-02 22:48 - 00510464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
    2014-10-19 23:01 - 2014-09-02 22:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
    2014-10-19 14:38 - 2014-09-28 00:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-10-03 13:26 - 2014-10-12 08:01 - 03885792 _____ () C:\Windows\SysWOW64\uninstall.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-31 21:30 - 2014-01-21 19:23 - 01342323 _____ () C:\Windows\WindowsUpdate.log
    2014-10-31 21:26 - 2014-01-21 19:28 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E3EE149E-C54D-4461-827B-67C6D998169C}
    2014-10-31 21:24 - 2014-08-30 07:39 - 00941114 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-10-31 21:23 - 2014-09-17 20:20 - 00004970 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for SHEILA-Sheila Sheila
    2014-10-31 21:20 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-10-31 16:00 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru
    2014-10-31 14:43 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache
    2014-10-31 14:07 - 2014-03-24 15:54 - 00000000 ____D () C:\ProgramData\MFAData
    2014-10-31 13:23 - 2012-07-26 01:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
    2014-10-30 21:27 - 2014-01-21 19:51 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-588987159-3856549399-4189163861-1002
    2014-10-30 21:13 - 2014-01-21 19:24 - 00000000 ____D () C:\Users\Sheila\AppData\Local\VirtualStore
    2014-10-30 21:03 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\NDF
    2014-10-30 20:56 - 2012-07-26 03:59 - 00000000 ____D () C:\Windows\CbsTemp
    2014-10-30 20:50 - 2012-07-26 01:26 - 00000741 _____ () C:\Windows\system32\Drivers\etc\hosts.old
    2014-10-30 19:56 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
    2014-10-30 19:34 - 2012-08-03 18:23 - 00237358 _____ () C:\Windows\PFRO.log
    2014-10-30 19:26 - 2014-09-22 19:13 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-10-30 19:21 - 2014-01-22 21:30 - 00000000 ____D () C:\Users\Sheila\AppData\Roaming\HpUpdate
    2014-10-29 23:42 - 2014-09-23 20:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-10-29 23:42 - 2014-09-17 20:28 - 00000000 ___RD () C:\Users\Sheila\OneDrive
    2014-10-29 23:42 - 2012-07-26 04:12 - 00000000 ___RD () C:\Windows\ToastData
    2014-10-29 23:42 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\WinStore
    2014-10-29 23:41 - 2014-02-02 17:31 - 00000000 ____D () C:\Windows\system32\MRT
    2014-10-29 23:34 - 2014-02-02 17:31 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-10-29 23:21 - 2012-07-26 03:21 - 00821985 _____ () C:\Windows\setupact.log
    2014-10-29 23:19 - 2012-08-03 18:40 - 00014672 _____ () C:\Windows\iis.log
    2014-10-29 23:19 - 2012-07-26 04:13 - 00006211 _____ () C:\Windows\DtcInstall.log
    2014-10-29 23:15 - 2013-11-23 07:31 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros
    2014-10-29 23:14 - 2013-11-23 07:30 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
    2014-10-29 23:12 - 2012-08-03 20:02 - 00000000 ____D () C:\SWSetup
    2014-10-29 23:10 - 2013-06-01 14:31 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
    2014-10-29 23:08 - 2013-11-23 07:40 - 00000000 ____D () C:\ProgramData\install_clap
    2014-10-29 23:07 - 2013-11-23 07:41 - 00000000 ____D () C:\Program Files (x86)\CyberLink
    2014-10-29 23:07 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\registration
    2014-10-29 22:43 - 2014-09-24 11:57 - 00000000 ___HD () C:\$Windows.~BT
    2014-10-29 22:13 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\Speech
    2014-10-29 20:57 - 2014-01-21 19:23 - 00000000 ____D () C:\Users\Sheila
    2014-10-29 20:52 - 2012-07-26 04:12 - 00000000 __RHD () C:\Users\Public\Libraries
    2014-10-29 20:52 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\setup
    2014-10-29 20:51 - 2012-07-26 01:38 - 00000000 ____D () C:\Windows\system32\Sysprep
    2014-10-29 20:50 - 2014-03-24 15:59 - 00000000 ____D () C:\Users\Sheila\AppData\Roaming\AVG2014
    2014-10-29 20:49 - 2014-04-04 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2014-10-29 20:49 - 2014-03-24 15:58 - 00000000 ____D () C:\ProgramData\AVG2014
    2014-10-29 20:49 - 2013-11-23 07:21 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
    2014-10-29 20:49 - 2013-06-01 14:47 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
    2014-10-29 20:48 - 2014-03-24 15:57 - 00000000 ____D () C:\Program Files (x86)\AVG
    2014-10-29 20:44 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\SysWOW64\networklist
    2014-10-29 20:44 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\SysWOW64\MsDtc
    2014-10-28 21:29 - 2014-05-20 22:41 - 00134144 ___SH () C:\Users\Sheila\Desktop\Thumbs.db
    2014-10-27 08:27 - 2014-09-11 14:52 - 00000000 ____D () C:\Users\Sheila\Documents\Outlook Files
    2014-10-22 20:22 - 2014-03-24 15:58 - 00000000 ___HD () C:\$AVG
    2014-10-22 14:42 - 2014-01-21 19:37 - 00000000 ____D () C:\Users\Sheila\AppData\Local\CrashDumps
    2014-10-21 18:14 - 2012-07-26 04:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-10-21 15:39 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent
    2014-10-21 15:36 - 2014-01-21 19:34 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2014-10-19 14:42 - 2014-01-21 19:24 - 00000000 ____D () C:\Users\Sheila\AppData\Local\Packages

    Files to move or delete:
    ====================
    C:\ProgramData\pclunst.exe


    Some content of TEMP:
    ====================
    C:\Users\Sheila\AppData\Local\Temp\ntdll_dump.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-10-24 13:01

    ==================== End Of Log ============================

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2014 01
    Ran by Sheila at 2014-10-31 21:39:42
    Running from C:\Users\Sheila\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
    Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
    AMD Catalyst Install Manager (HKLM\...\{CB4C08E3-800F-65F6-9C00-06814A6B7CE7}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
    AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
    AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
    AVG 2015 (Version: 15.0.4181 - AVG Technologies) Hidden
    Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.6326 - CyberLink Corp.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
    Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
    Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
    House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
    HP Deskjet 2510 series Basic Device Software (HKLM\...\{293CC68A-32BA-4BA4-84BD-0DCF6583566F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
    HP Deskjet 2510 series Help (HKLM-x32\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard)
    HP Deskjet 2510 series Product Improvement Study (HKLM\...\{4B3264AA-951A-4A6B-B837-125224261F12}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
    HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
    HP Documentation (HKLM-x32\...\{8C1ADF61-4F87-44BC-804C-C20FC70D98BB}) (Version: 1.4.0.0 - Hewlett-Packard)
    HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
    HP System Event Utility (HKLM-x32\...\{F35EE4BC-95E1-4417-BA36-7C32FF24A59A}) (Version: 1.0.11 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
    HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
    HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
    Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)
    Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
    MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
    Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
    OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
    Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6937 - Realtek Semiconductor Corp.)
    Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.29053 - Realtek Semiconductor Corp.)
    Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    RocketTab (HKLM-x32\...\RocketTab) (Version:  - RocketTab) <==== ATTENTION
    Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
    Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
    Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
    Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-588987159-3856549399-4189163861-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Sheila\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-588987159-3856549399-4189163861-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Sheila\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-588987159-3856549399-4189163861-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Sheila\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-588987159-3856549399-4189163861-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Sheila\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-588987159-3856549399-4189163861-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Sheila\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points  =========================

    17-10-2014 18:10:10 Scheduled Checkpoint
    21-10-2014 19:36:40 Windows Update
    23-10-2014 00:15:14 Installed AVG 2015
    23-10-2014 00:17:14 Installed AVG 2015
    29-10-2014 23:04:16 Windows Update
    30-10-2014 00:12:38 Restore Operation
    31-10-2014 00:56:55 Windows Modules Installer

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
    Task: {200501AB-DAC9-4AC1-B047-C7B80DF40EE1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
    Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    Task: {2E5CEE34-B0DE-4426-A342-5CFD09D89D24} - \RocketTab Update Task No Task File <==== ATTENTION
    Task: {39467453-5DBA-4C44-B41F-646E3A773F69} - \PastaQuotes No Task File <==== ATTENTION
    Task: {39FE8CBC-FFF1-4C62-B01F-B7EE9AB1CBFC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
    Task: {3DD39168-4E36-4E26-931D-B9E2C3B40DBA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
    Task: {3F10E342-704C-4715-8336-2537938B6B54} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-10-29] (Microsoft Corporation)
    Task: {483538BF-AD0C-415D-8085-F5A252B28C16} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
    Task: {4AA72AE5-2AB9-4E67-8C66-E13F8761E720} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
    Task: {4CB6F6A3-5AB6-47C3-92D1-73047A9883E2} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
    Task: {5F6BF886-8062-4E98-AF68-905C0556B15C} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-07] (Synaptics Incorporated)
    Task: {7170F442-967C-4E0C-BEBA-27FCA4A5878A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
    Task: {7DD6DF14-B04E-4ADF-8468-DB1733C984A3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
    Task: {81AFF33F-FA4E-43CE-8408-996E1798BA8D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-25] (Microsoft Corporation)
    Task: {836B444C-CBAF-41A1-B208-D2B4EE6CF2ED} - System32\Tasks\Microsoft\Windows\Setup\Windows Setup Resume Task => C:\$Windows.~BT\Sources\SetupHost.Exe [2014-09-18] (Microsoft Corporation)
    Task: {95358F30-C3AF-47D1-ADD2-2F9557A01CFF} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install ping => C:\Windows\system32\AutoUpdate.exe [2014-10-21] (Microsoft Corporation)
    Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
    Task: {ABBAB743-316C-42B7-B683-7BCFF4C47D41} - System32\Tasks\HPCustParticipation HP Deskjet 2510 series => C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
    Task: {B1A7A3D3-B2C5-4476-B2D8-1FC3CF4B8BBB} - \RocketTab No Task File <==== ATTENTION
    Task: {B43BDC80-031A-4C8E-BCB4-DEC575F2A8C1} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
    Task: {B82BDAC1-97A9-4684-BCBF-D45C49D1FB0E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
    Task: {B9F01CB9-D3BF-4154-915C-153989D3C664} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
    Task: {BF0AEAFA-0B75-4AAF-9ABC-70CEEB567CA5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2012-09-27] (Hewlett-Packard Company)
    Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
    Task: {C782C425-C1B0-4CF0-BEF0-6AAC33810E24} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2014-02-14] (Realtek Semiconductor)
    Task: {C9D89A58-285C-40F2-8C77-F4A6B456F122} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
    Task: {D26CCF53-77CD-49BB-98AE-3C04A774A209} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install v2 => C:\Windows\system32\AutoUpdate.exe [2014-10-21] (Microsoft Corporation)
    Task: {E17590E2-13F3-4256-92D0-D0D05B508341} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    Task: {EADC0C55-2174-478C-B35C-ADEB8CB445BC} - System32\Tasks\Microsoft Office 15 Sync Maintenance for SHEILA-Sheila Sheila => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-16] (Microsoft Corporation)
    Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
    Task: C:\Windows\Tasks\HPCeeScheduleForSheila.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-03-14 03:41 - 2013-03-14 03:41 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2014-07-02 11:31 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2014-10-21 07:34 - 2014-09-09 10:59 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-06-02 09:10 - 2014-06-02 09:11 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
    2013-03-14 03:41 - 2013-03-14 03:41 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    2013-11-23 07:57 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2012-06-08 15:34 - 2012-06-08 15:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2014-09-25 14:08 - 2014-09-26 07:25 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
    2014-09-25 14:07 - 2014-09-25 14:07 - 00081056 _____ () C:\Users\Sheila\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dll
    2014-09-25 14:08 - 2014-09-26 07:25 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-588987159-3856549399-4189163861-500 - Administrator - Disabled)
    Guest (S-1-5-21-588987159-3856549399-4189163861-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-588987159-3856549399-4189163861-1004 - Limited - Enabled)
    Sheila (S-1-5-21-588987159-3856549399-4189163861-1002 - Administrator - Enabled) => C:\Users\Sheila

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/31/2014 09:30:26 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -2143485936

    Error: (10/31/2014 09:30:26 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
    Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {8F111CA2-4163-4629-B4F1-C32F9EA9B828}

    Error: (10/31/2014 09:30:24 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
    Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {8F111CA2-4163-4629-B4F1-C32F9EA9B828}

    Error: (10/31/2014 01:35:52 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x5154efc9
    Faulting module name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x5154efc9
    Exception code: 0xc0000005
    Fault offset: 0x000000000002ea19
    Faulting process id: 0x574
    Faulting application start time: 0xatieclxx.exe0
    Faulting application path: atieclxx.exe1
    Faulting module path: atieclxx.exe2
    Report Id: atieclxx.exe3
    Faulting package full name: atieclxx.exe4
    Faulting package-relative application ID: atieclxx.exe5

    Error: (10/30/2014 05:55:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SHEILA)
    Description: Activation of app AD2F1837.HPGames_v10z8vjag6ke6!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (10/30/2014 05:55:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program wwahost.exe version 6.2.9200.16420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 32c

    Start Time: 01cff48c06c9314c

    Termination Time: 4294967295

    Application Path: C:\Windows\system32\wwahost.exe

    Report Id: 516d691a-607f-11e4-bee0-a01d486f7e38

    Faulting package full name: AD2F1837.HPGames_1.0.0.50_neutral__v10z8vjag6ke6

    Faulting package-relative application ID: App

    Error: (10/30/2014 05:54:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: SHEILA)
    Description: App AD2F1837.HPGames_v10z8vjag6ke6!App did not launch within its allotted time.

    Error: (10/30/2014 00:08:28 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x5154efc9
    Faulting module name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x5154efc9
    Exception code: 0xc0000005
    Fault offset: 0x000000000002ea19
    Faulting process id: 0xf24
    Faulting application start time: 0xatieclxx.exe0
    Faulting application path: atieclxx.exe1
    Faulting module path: atieclxx.exe2
    Report Id: atieclxx.exe3
    Faulting package full name: atieclxx.exe4
    Faulting package-relative application ID: atieclxx.exe5

    Error: (10/29/2014 11:10:13 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: SHEILA)
    Description: Application or service 'HPWMISVC' could not be restarted.

    Error: (10/29/2014 10:29:50 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: ScheduledTask.exe, version: 1.2.1.0, time stamp: 0x53a141f0
    Faulting module name: KERNELBASE.dll, version: 6.2.9200.16864, time stamp: 0x531d2be6
    Exception code: 0xe0434352
    Fault offset: 0x00010f22
    Faulting process id: 0xdf0
    Faulting application start time: 0xScheduledTask.exe0
    Faulting application path: ScheduledTask.exe1
    Faulting module path: ScheduledTask.exe2
    Report Id: ScheduledTask.exe3
    Faulting package full name: ScheduledTask.exe4
    Faulting package-relative application ID: ScheduledTask.exe5


    System errors:
    =============
    Error: (10/31/2014 09:20:29 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (10/31/2014 09:20:29 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (10/31/2014 09:20:15 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (10/31/2014 09:20:15 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (10/31/2014 09:20:13 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (10/31/2014 09:20:09 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with the following service-specific error:
    %%3758213659

    Error: (10/31/2014 09:20:05 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 3:51:54 PM on ‎10/‎31/‎2014 was unexpected.

    Error: (10/31/2014 03:23:54 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (10/31/2014 01:43:50 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (10/31/2014 01:43:47 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.


    Microsoft Office Sessions:
    =========================
    Error: (10/31/2014 09:30:26 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -2143485936

    Error: (10/31/2014 09:30:26 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
    Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {8F111CA2-4163-4629-B4F1-C32F9EA9B828}

    Error: (10/31/2014 09:30:24 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
    Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {8F111CA2-4163-4629-B4F1-C32F9EA9B828}

    Error: (10/31/2014 01:35:52 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: atieclxx.exe6.14.11.11435154efc9atieclxx.exe6.14.11.11435154efc9c0000005000000000002ea1957401cff5311bf0ab9dC:\Windows\system32\atieclxx.exeC:\Windows\system32\atieclxx.exe5bb00a9f-6124-11e4-bee6-a01d486f7e38

    Error: (10/30/2014 05:55:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SHEILA)
    Description: AD2F1837.HPGames_v10z8vjag6ke6!App-2144927142

    Error: (10/30/2014 05:55:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: wwahost.exe6.2.9200.1642032c01cff48c06c9314c4294967295C:\Windows\system32\wwahost.exe516d691a-607f-11e4-bee0-a01d486f7e38AD2F1837.HPGames_1.0.0.50_neutral__v10z8vjag6ke6App

    Error: (10/30/2014 05:54:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: SHEILA)
    Description: AD2F1837.HPGames_v10z8vjag6ke6!App

    Error: (10/30/2014 00:08:28 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: atieclxx.exe6.14.11.11435154efc9atieclxx.exe6.14.11.11435154efc9c0000005000000000002ea19f2401cff3f7277e6adfC:\Windows\system32\atieclxx.exeC:\Windows\system32\atieclxx.exe666c4ff7-5fea-11e4-bee0-a01d486f7e38

    Error: (10/29/2014 11:10:13 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: SHEILA)
    Description: 0C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exeHPWMISVC03026217812040

    Error: (10/29/2014 10:29:50 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: ScheduledTask.exe1.2.1.053a141f0KERNELBASE.dll6.2.9200.16864531d2be6e043435200010f22df001cff3e92be25d5cC:\Program Files (x86)\pastaleads\ScheduledTask.exeC:\Windows\SYSTEM32\KERNELBASE.dll9f4d958b-5fdc-11e4-bedf-a01d486f7e38


    ==================== Memory info ===========================

    Processor: AMD E-300 APU with Radeon™ HD Graphics
    Percentage of memory in use: 50%
    Total physical RAM: 3682.26 MB
    Available physical RAM: 1807.54 MB
    Total Pagefile: 4322.26 MB
    Available Pagefile: 2156.29 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.78 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:275.36 GB) (Free:223.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (RECOVERY) (Fixed) (Total:21.96 GB) (Free:2.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive f: (HP v125w) (Removable) (Total:14.93 GB) (Free:4.13 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 298.1 GB) (Disk ID: 1E1F4777)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 1 (Size: 14.9 GB) (Disk ID: B719F1E8)
    Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)

    ==================== End Of Log ============================



    #4 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 01 November 2014 - 04:01 AM

    Hi

     

     
    Open notepad (Start --> All Programs --> Accessories --> Notepad).
    Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
    Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.
    You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.
     
    Start
    CloseProcesses:
    C:\ProgramData\pclunst.exe
    Task: {2E5CEE34-B0DE-4426-A342-5CFD09D89D24} - \RocketTab Update Task No Task File <==== ATTENTION
    Task: {39467453-5DBA-4C44-B41F-646E3A773F69} - \PastaQuotes No Task File <==== ATTENTION
    Task: {B1A7A3D3-B2C5-4476-B2D8-1FC3CF4B8BBB} - \RocketTab No Task File <==== ATTENTION
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    End
    
     
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
     
    Then open FRST or FRST64 and click on fix
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
     
     
     
     
    You have Malwarebytes installed, open it and look on the Dashboard it should be version 2.0.3, do you have the free version installed ??  If its current run the Threat Scan and post the log please


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #5 mickey7

    mickey7

      Silver Member

    • Authentic Member
    • PipPipPip
    • 254 posts

    Posted 01 November 2014 - 09:20 AM

    Ran the Fix and rebooted per fix request. It did hang up the first time I tried it; I placed the file beneath it instead of beside it.  Rebooted and reran. Ran fine this time. (I thought those items might be some kind of culprit...)

    Verified the version of Malwarebytes and ran a scan. Came back clean. (As it did before which is why I was so frustrated. And yes it is the free version ~  She only had AVG on her computer and I don't always trust antiviruses to catch all the malware...)

    Please let me know if there is a way to also get rid of this version of AVG ~ As I tried a few times before both with Control Panel and importing a removal tool via USB [which failed to connect and therefore nothing])  Also is it fine for her to keep that or do you recommend another or just stick with Windows Defender?  I am not as familiar with Windows 8 as I should be (prefer to keep my 7 as l can lol).

     

    And as you requested here the results of those scans:

    First the Fix Log:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2014 01
    Ran by Sheila at 2014-11-01 10:22:19 Run:2
    Running from C:\Users\Sheila\Desktop
    Loaded Profile: Sheila (Available profiles: Sheila)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    C:\ProgramData\pclunst.exe
    Task: {2E5CEE34-B0DE-4426-A342-5CFD09D89D24} - \RocketTab Update Task No Task File <==== ATTENTION
    Task: {39467453-5DBA-4C44-B41F-646E3A773F69} - \PastaQuotes No Task File <==== ATTENTION
    Task: {B1A7A3D3-B2C5-4476-B2D8-1FC3CF4B8BBB} - \RocketTab No Task File <==== ATTENTION
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    End
    *****************

    Processes closed successfully.
    "C:\ProgramData\pclunst.exe" => File/Directory not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E5CEE34-B0DE-4426-A342-5CFD09D89D24}" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab Update Task" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39467453-5DBA-4C44-B41F-646E3A773F69}" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PastaQuotes" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1A7A3D3-B2C5-4476-B2D8-1FC3CF4B8BBB}" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab" => Key not found.

    =========  ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 337.2 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog ====

     

    And next the Malwarebytes log:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 11/1/2014
    Scan Time: 10:30:51 AM
    Logfile: mbam.txt
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.11.01.01
    Rootkit Database: v2014.10.22.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 8
    CPU: x64
    File System: NTFS
    User: Sheila

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 307063
    Time Elapsed: 29 min, 29 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)



    #6 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 01 November 2014 - 09:37 AM

    Just to let you know I wont be back online until late this evening, in the meantime run this scan please

     

     
    ESET Online Scanner
    I'd like us to scan your machine with ESET OnlineScan
     
    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
     
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
  • scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as
  • ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png
  • Please make sure you include the following items in your next post:
    The log that was produced after running ESET Online Scanner.


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #7 mickey7

    mickey7

      Silver Member

    • Authentic Member
    • PipPipPip
    • 254 posts

    Posted 01 November 2014 - 10:18 AM

    I will try again after 4pm est. (See above initial post.)  I am at work and will not ba able to run that lengthy a scan til I get home.. (Only 4 hours left here.)

    I am not sure if I will be able to run it though.  As the browsers only give me the can't connect due to proxy errors page.....

     

     

    UPDATE:

     

    As I feared, I cannot run the ESET Online scanner I receive the following msg:

    "Can not get update.  Is proxy configured?"

     

    On the website, there is an option for a trial installable version.  Shall I install and run that?


    Edited by mickey7, 01 November 2014 - 04:19 PM.


    #8 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 01 November 2014 - 06:35 PM

    Lets set all your browsers back to company defaults

     

     

  • Open IE
  • Go to Tools> Internet Options > Advanced Tab
  • Reset Internet Explorer Setting
  • Reset
  • This will take a few seconds
  • Close IE and then reopen it and see if it helped
  •  
     
     
     
  • Open Firefox
  • Click on Help > Troubleshooting Information > Reset Firefox to its default state
  •  
     
     
     
     
     
  • Click the Chrome menu Clipboard01_zps2e55f676.jpgon the browser toolbar.
  • Select Settings.
  • Scroll down to Show advanced settings...
  • Down on the bottom you will see an option for RESET BROWSER SETTINGS
  • Click on it and it will set Chome back to defaults


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #9 mickey7

    mickey7

      Silver Member

    • Authentic Member
    • PipPipPip
    • 254 posts

    Posted 01 November 2014 - 06:55 PM

    No change on IE.

    The proxy server is not responding.

     

    There is no Firefox nor Chrome on the laptop.



    #10 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 01 November 2014 - 07:21 PM

    What is your set up, are you using a cable modem and a router ?



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #11 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 01 November 2014 - 07:24 PM

    http://support.micro....com/kb/2289942

     

    Try running Microsoft Fix It



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #12 mickey7

    mickey7

      Silver Member

    • Authentic Member
    • PipPipPip
    • 254 posts

    Posted 01 November 2014 - 08:57 PM

    Yes cable modem and router.  Also tried connecting on fiber while at work today.  I have no problems with any of my devices in the household.... we have a variety smart tv, computers both laptop and desktop, tablets phones etc.... Just my coworkers laptop. 

     

    I tried doing the reset above via the manual method.... nothing changed.  Rebooted nothing changed.  When I goto IE via the windows start page I get the

    "This page can't be displayed" message and the reset connection button.  When I click it here it just spins for quite a few minutes then times out to same blank page and the usual steps to reset router, no airplane mode wireless on etc..

     

    When I switch to desktop screen I get the proxy is not responding error.  try resetting the connection. When I click on that button, the windows network diagnostics window opens scans and gives me the following message:

     

    "Problems found

      The remote device or resource won't accept the connection      Detected   (then the gif of yellow triangle with exclamation point)"

     

    I goto the wireless and I have disconnected and reconnected both on my main network and my guest one.  The same results on each.  When I check the connection on the laptop it tells me my estimated usage in the last 3 days (time spent on this) has been 402.95MB {on the main connection} [it was previously connected on guest for awhile but thought that maybe I needed the other connection so I switched]  so that means some kind of date is reaching the laptop, yes?  I am at a total loss here. 


    Edited by mickey7, 01 November 2014 - 09:00 PM.


    #13 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 02 November 2014 - 05:19 AM

    Mickey,

     

    At this point I dont believe its malware, I would say reset your router and cable modem but if all the other devices are ok I dont think there is a need for that

     

    Post back in the forum you started at and lets see what they say

     

    http://forums.whatth...howtopic=128895



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #14 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 06 November 2014 - 09:21 AM

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

    If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

    Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
    and start a New Topic.

     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users