Hello! I've been having this problem on my laptop for maybe a month or so now. Almost everyday, I experience "Unable to connect to proxy server" when I open up my laptop. Usually, I just untick the tab thing because I don't know what else to do. Even when I do so, it automatically ticks the option later on in the day. I've tried deleting the proxy settings, resetting my Google Chrome settings, uninstalling it and reinstalling it, and I even tried a method from a similar problem on these forums. I'd really like to be able to use my laptop without having to worry about this weird proxy. Thank you so much!
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93098 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Google Chrome keeps connecting to an unknown proxy. [Solved]
Started by
smalls56
, Jul 13 2015 11:11 AM
proxy google chrome internet
-
This topic is locked
20 replies to this topic
Register to Remove
#2
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 13 July 2015 - 05:29 PM
Lets do a few things
Download MiniToolBox and save it to your desktop, right click on it and select RUN AS ADMINISTRATOR
Checkmark the following boxes:
- Flush DNS
- Reset IE Proxy Settings
Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.
=========================================================
Please download aswMBR to your desktop.- Right click the aswMBR icon and select Run as Administrator
- XP users just Double Click it to run
- If it says that this computer supports VIRTUALIZATION TECHNOLOGY do you want to use it say Yes
- Click the Scan button to start scan.
- Select Quickscan on the dropdown list
- If you are asked to update the Avast Virus database please allow it to do so.
- The scan could take 20 minutes or more , please be patient and let it finish
- It will say Scan Finished when its done.
- When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
I just want to see the report....Please Do Not Fix Anything
============================================================================
Please download Farbar Recovery Scan Tool and save it to your DESKTOP
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
A simple way to check your system: Start --> Computer (right click) --> Properties
- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- Please make sure All Users is checked
- Just keep the defaults as in the picture checkmarked
- Press Scan button.
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please copy and paste log back here.
- The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#3
smalls56
-
- Authentic Member
-
- 11 posts
New Member
Posted 13 July 2015 - 07:56 PM
Hello! Thank you so much for responding. Here is what came up for MiniToolBox:
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
aswMBR
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-07-13 18:15:40
-----------------------------
18:15:40.788 OS Version: Windows x64 6.2.9200
18:15:40.789 Number of processors: 4 586 0x4501
18:15:40.791 ComputerName: LEONARD UserName: Rachel
18:15:44.350 Initialize success
18:15:44.350 VM: initialized successfully
18:15:44.365 VM: Intel CPU BiosDisabled
18:15:47.530 AVAST engine defs: 15071301
18:16:33.291 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002d
18:16:33.302 Disk 0 Vendor: ST500LM000-SSHD-8GB LVD3 Size: 476940MB BusType: 11
18:16:33.570 Disk 0 MBR read successfully
18:16:33.579 Disk 0 MBR scan
18:16:33.804 Disk 0 unknown MBR code
18:16:33.812 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
18:16:34.012 Disk 0 scanning C:\windows\system32\drivers
18:16:49.953 Service scanning
18:17:17.915 Modules scanning
18:17:17.934 Disk 0 trace - called modules:
18:17:17.971 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
18:17:17.998 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000b2561060]
18:17:18.029 3 CLASSPNP.SYS[fffff801ac402170] -> nt!IofCallDriver -> [0xffffe000afab0200]
18:17:18.045 5 ACPI.sys[fffff801ab485c21] -> nt!IofCallDriver -> \Device\0000002d[0xffffe000b07c5060]
18:17:29.325 AVAST engine scan C:\windows
18:17:40.378 AVAST engine scan C:\windows\system32
18:21:46.276 AVAST engine scan C:\windows\system32\drivers
18:22:19.334 AVAST engine scan C:\Users\Rachel
18:40:28.409 AVAST engine scan C:\ProgramData
18:42:40.154 Disk 0 statistics 4482619/0/0 @ 1.94 MB/s
18:42:40.178 Scan finished successfully
18:46:08.762 Disk 0 MBR has been saved successfully to "C:\Users\Rachel\Desktop\MBR.dat"
18:46:08.778 The log file has been saved successfully to "C:\Users\Rachel\Desktop\savelog.txt"
FRST.txt
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(AVAST Software) C:\Users\Rachel\Desktop\aswMBR.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-05-19] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-05-19] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-13] (AVAST Software)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-82478299-2973199985-2317619839-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22012688 2015-06-20] (Google)
HKU\S-1-5-21-82478299-2973199985-2317619839-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28787840 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-82478299-2973199985-2317619839-1001\...\MountPoints2: {24da203d-ae1c-11e4-8276-8086f2a704a8} - "E:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-82478299-2973199985-2317619839-1001\...\MountPoints2: {24da206a-ae1c-11e4-8276-8086f2a704a8} - "E:\VZW_Software_upgrade_assistant.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-05-19]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-05-04]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rachel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rachel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rachel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rachel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rachel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rachel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rachel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rachel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-13] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-82478299-2973199985-2317619839-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-82478299-2973199985-2317619839-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-82478299-2973199985-2317619839-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com
HKU\S-1-5-21-82478299-2973199985-2317619839-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-13] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-05-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-02-08] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-13] (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-02-08] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5BDD01E1-876A-423C-9F07-50728D2D6232}: [DhcpNameServer] 61.15.0.66
Tcpip\..\Interfaces\{67D09C7F-3FCD-4D56-A368-6E5D558AA9BE}: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw_1218158.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-10-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-13]
Chrome:
=======
CHR Profile: C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-14]
CHR Extension: (Google Drive) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-14]
CHR Extension: (YouTube) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-14]
CHR Extension: (Google Search) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-14]
CHR Extension: (XKit) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-07-14]
CHR Extension: (SwagButton) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2015-07-12]
CHR Extension: (Avast Online Security) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-13]
CHR Extension: (Evernote Web) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-07-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Totoro Rainy Day) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmiagjknjjfockcklibjlfdojojaffff [2015-07-12]
CHR Extension: (Google Wallet) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-14]
CHR Extension: (MegaStar Sliding) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfaogkfljpdfmodbmbogiiblppijleen [2014-09-30]
CHR Extension: (Gmail) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-13]
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - No Path Or update_url value
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-05-04] (Adobe Systems) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [432528 2013-05-02] (Nuance Communications, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-09-12] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1872152 2015-05-09] (Maxthon)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-09-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-09-12] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-09-12] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-12-05] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [184800 2013-12-05] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [161072 2013-08-07] (PointGrab LTD)
S4 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [345408 2013-08-07] (PointGrab LTD)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-05-19] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)
S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-13] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-13] (AVAST Software)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-12-05] (McAfee, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows ® Win 7 DDK provider)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118728 2013-09-18] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-01] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-01] ()
R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-01] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-01] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-12-05] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-12-05] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2013-12-05] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-12-05] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782616 2013-12-05] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-12-05] (McAfee, Inc.)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3434464 2014-03-13] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [423128 2013-07-24] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-18] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
U2 TMAgent; No ImagePath
U3 aswMBR; \??\C:\Users\Rachel\AppData\Local\Temp\aswMBR.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-13 18:50 - 2015-07-13 18:51 - 00024698 _____ C:\Users\Rachel\Desktop\FRST.txt
2015-07-13 18:48 - 2015-07-13 18:50 - 00000000 ____D C:\FRST
2015-07-13 18:47 - 2015-07-13 18:47 - 02133504 _____ (Farbar) C:\Users\Rachel\Desktop\FRST64.exe
2015-07-13 18:46 - 2015-07-13 18:46 - 00000512 _____ C:\Users\Rachel\Desktop\MBR.dat
2015-07-13 18:14 - 2015-07-13 18:14 - 05198336 _____ (AVAST Software) C:\Users\Rachel\Desktop\aswMBR.exe
2015-07-13 18:12 - 2015-07-13 18:12 - 00000541 _____ C:\Users\Rachel\Desktop\Result.txt
2015-07-13 18:10 - 2015-07-13 18:10 - 00892928 _____ (Farbar) C:\Users\Rachel\Desktop\MiniToolBox (1).exe
2015-07-13 18:09 - 2015-07-13 18:09 - 00892928 _____ (Farbar) C:\Users\Rachel\Downloads\MiniToolBox.exe
2015-07-13 16:48 - 2015-07-13 16:48 - 00000450 _____ C:\windows\DCEBOOT.RST
2015-07-13 16:48 - 2015-07-13 16:48 - 00000000 _____ C:\windows\DCEBOOT.LOG
2015-07-13 14:50 - 2015-07-13 11:38 - 00378880 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2015-07-13 14:47 - 2015-07-13 14:50 - 00023576 _____ (Trend Micro Inc.) C:\windows\DCEBoot64.exe
2015-07-13 11:40 - 2015-07-13 11:40 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\AVAST Software
2015-07-13 11:39 - 2015-07-13 14:51 - 00001949 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-07-13 11:39 - 2015-07-13 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-13 11:38 - 2015-07-13 14:50 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-07-13 11:38 - 2015-07-13 11:38 - 00447944 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2015-07-13 11:38 - 2015-07-13 11:38 - 00274808 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2015-07-13 11:38 - 2015-07-13 11:38 - 00150160 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2015-07-13 11:38 - 2015-07-13 11:38 - 00093528 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2015-07-13 11:38 - 2015-07-13 11:38 - 00090968 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2015-07-13 11:38 - 2015-07-13 11:38 - 00065224 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2015-07-13 11:38 - 2015-07-13 11:38 - 00043112 _____ (AVAST Software) C:\windows\avastSS.scr
2015-07-13 11:38 - 2015-07-13 11:38 - 00028656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2015-07-13 11:38 - 2015-07-13 11:37 - 01048856 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2015-07-13 11:36 - 2015-07-13 11:36 - 00000000 ____D C:\Program Files\AVAST Software
2015-07-13 11:34 - 2015-07-13 11:34 - 05499984 _____ (Avast Software s.r.o.) C:\Users\Rachel\Downloads\avast_free_antivirus_setup_online.exe
2015-07-13 11:34 - 2015-07-13 11:34 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-12 14:24 - 2015-07-12 14:24 - 00001622 _____ C:\Users\Rachel\Desktop\Pokémon Trading Card Game Online.lnk
2015-07-12 14:23 - 2015-07-12 14:24 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokémon Trading Card Game Online
2015-07-12 14:21 - 2015-07-12 14:23 - 123901952 _____ C:\Users\Rachel\Downloads\PokemonInstaller.msi
2015-07-12 11:56 - 2015-07-12 11:56 - 00002285 _____ C:\Users\Rachel\Desktop\JRT.txt
2015-07-12 11:45 - 2015-07-12 11:45 - 00000207 _____ C:\windows\tweaking.com-regbackup-LEONARD-Windows-8.1-(64-bit).dat
2015-07-12 11:45 - 2015-07-12 11:45 - 00000000 ____D C:\RegBackup
2015-07-12 11:44 - 2015-07-12 11:44 - 03034102 _____ (Malwarebytes Corporation) C:\Users\Rachel\Downloads\JRT (2).exe
2015-07-12 11:34 - 2015-07-12 11:34 - 03034102 _____ (Malwarebytes Corporation) C:\Users\Rachel\Downloads\JRT (1).exe
2015-07-12 11:27 - 2015-07-12 11:27 - 03034102 _____ (Malwarebytes Corporation) C:\Users\Rachel\Downloads\JRT.exe
2015-07-12 11:15 - 2015-07-12 11:21 - 00000000 ____D C:\AdwCleaner
2015-07-12 11:15 - 2015-07-12 11:15 - 02248704 _____ C:\Users\Rachel\Downloads\AdwCleaner.exe
2015-07-10 16:37 - 2015-07-10 16:37 - 00414554 _____ C:\Users\Rachel\AppData\Local\recently-used.xbel
2015-07-08 14:58 - 2015-07-08 14:58 - 01083342 _____ C:\Users\Rachel\Downloads\PokemonSinglesBuylist.csv
2015-07-01 15:16 - 2015-07-01 15:16 - 08436954 _____ C:\Users\Rachel\Downloads\Soul Eater OPENING 2 (HD)-SD.mp4
2015-06-30 15:35 - 2015-06-30 15:35 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\LolClient
2015-06-30 14:01 - 2015-06-30 14:01 - 00000000 ____D C:\ProgramData\Riot Games
2015-06-30 13:59 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_1.dll
2015-06-30 13:59 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_2.dll
2015-06-30 13:59 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_39.dll
2015-06-30 13:59 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_39.dll
2015-06-30 13:59 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_39.dll
2015-06-30 13:58 - 2015-06-30 13:58 - 00001625 _____ C:\Users\Public\Desktop\League of Legends.lnk
2015-06-30 13:58 - 2015-06-30 13:58 - 00000000 ____D C:\Riot Games
2015-06-30 13:56 - 2015-06-30 13:59 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\Riot Games
2015-06-30 13:55 - 2015-06-30 13:55 - 27864920 _____ (Riot Games) C:\Users\Rachel\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exe
2015-06-19 16:40 - 2015-06-19 16:40 - 00000000 _____ C:\Users\Rachel\AppData\Roaming\3B7F.tmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-13 18:49 - 2015-04-08 19:37 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\Skype
2015-07-13 18:48 - 2015-05-19 18:52 - 00305152 ___SH C:\Users\Rachel\Downloads\Thumbs.db
2015-07-13 18:10 - 2014-05-19 00:47 - 01950646 _____ C:\windows\WindowsUpdate.log
2015-07-13 18:00 - 2013-08-22 08:36 - 00000000 ____D C:\windows\system32\sru
2015-07-13 17:55 - 2014-07-14 21:27 - 00000922 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-13 17:00 - 2014-07-14 21:22 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-82478299-2973199985-2317619839-1001
2015-07-13 16:49 - 2014-07-14 21:27 - 00000918 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-13 16:49 - 2014-07-14 21:19 - 00000000 ___DO C:\Users\Rachel\OneDrive
2015-07-13 16:49 - 2013-08-22 07:46 - 00068045 _____ C:\windows\setupact.log
2015-07-13 16:48 - 2013-10-07 11:23 - 66811402 _____ C:\windows\PFRO.log
2015-07-13 16:48 - 2013-08-22 07:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-13 16:48 - 2013-08-22 06:25 - 01048576 ___SH C:\windows\system32\config\BBI
2015-07-13 16:47 - 2014-05-19 02:24 - 00018944 _____ C:\windows\system32\VfService.trf
2015-07-13 16:46 - 2014-07-15 20:59 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-07-13 16:46 - 2014-07-15 20:53 - 00000000 ____D C:\ProgramData\Trend Micro
2015-07-13 16:46 - 2013-08-22 08:36 - 00000000 ___HD C:\windows\ELAMBKUP
2015-07-13 16:45 - 2014-07-15 09:12 - 00000000 ____D C:\Users\Rachel\AppData\Local\Trend Micro
2015-07-13 15:08 - 2014-07-14 21:23 - 00003926 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{715878C2-5848-4514-AF95-E948AE4D5939}
2015-07-13 14:53 - 2014-09-11 20:34 - 00234520 _____ (Trend Micro Inc.) C:\windows\RegBootClean64.exe
2015-07-13 14:36 - 2013-08-22 06:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-07-13 09:37 - 2015-05-22 17:42 - 00003280 _____ C:\windows\System32\Tasks\Jelbruss Secure Web Cleaner
2015-07-13 09:09 - 2014-07-14 22:17 - 00000000 ____D C:\Users\Rachel\AppData\Local\CrashDumps
2015-07-12 21:34 - 2013-10-07 11:27 - 00865408 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-10 16:53 - 2015-05-20 20:00 - 00000000 ____D C:\Users\Rachel\.gimp-2.8
2015-07-10 16:37 - 2015-05-20 20:06 - 00000000 ____D C:\Users\Rachel\AppData\Local\gtk-2.0
2015-07-10 15:57 - 2015-05-20 18:57 - 00000000 ____D C:\KMPlayer
2015-07-09 19:09 - 2014-07-15 21:59 - 00000010 _____ C:\Users\Rachel\AppData\Local\sponge.last.runtime.cache
2015-07-09 15:55 - 2014-08-21 20:16 - 00002069 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-07-09 15:55 - 2014-08-21 20:16 - 00002067 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-07-09 15:55 - 2014-08-21 20:16 - 00002057 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-07-09 15:55 - 2014-08-21 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-07-09 10:23 - 2013-08-22 08:20 - 00000000 ____D C:\windows\CbsTemp
2015-07-07 23:13 - 2014-07-14 21:28 - 00002282 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-06 14:24 - 2014-10-16 11:35 - 00792568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-06 14:24 - 2014-10-16 11:35 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-23 16:39 - 2014-10-27 19:02 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-20 23:07 - 2015-01-20 19:54 - 00000000 ____D C:\Users\Rachel\Documents\Pokemon cards
2015-06-16 16:06 - 2013-08-22 08:36 - 00000000 ___RD C:\windows\ToastData
2015-06-15 19:15 - 2013-08-22 08:36 - 00000000 ____D C:\windows\rescache
==================== Files in the root of some directories =======
2015-06-19 16:40 - 2015-06-19 16:40 - 0000000 _____ () C:\Users\Rachel\AppData\Roaming\3B7F.tmp
2014-07-16 17:31 - 2014-07-16 17:31 - 0000000 _____ () C:\Users\Rachel\AppData\Roaming\tmcef.log
2014-07-15 20:52 - 2014-07-15 20:52 - 0000036 _____ () C:\Users\Rachel\AppData\Local\housecall.guid.cache
2015-07-10 16:37 - 2015-07-10 16:37 - 0414554 _____ () C:\Users\Rachel\AppData\Local\recently-used.xbel
2014-07-15 21:59 - 2015-07-09 19:09 - 0000010 _____ () C:\Users\Rachel\AppData\Local\sponge.last.runtime.cache
2014-05-19 01:43 - 2014-05-19 01:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Rachel\AppData\Local\Temp\5132.tmp.exe
C:\Users\Rachel\AppData\Local\Temp\6525.tmp.exe
C:\Users\Rachel\AppData\Local\Temp\8E9A.tmp.exe
C:\Users\Rachel\AppData\Local\Temp\9CD0.tmp.exe
C:\Users\Rachel\AppData\Local\Temp\A043.exe
C:\Users\Rachel\AppData\Local\Temp\Couponscom.exe
C:\Users\Rachel\AppData\Local\Temp\DefaultPack.exe
C:\Users\Rachel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpikbuum.dll
C:\Users\Rachel\AppData\Local\Temp\hp_238583.exe
C:\Users\Rachel\AppData\Local\Temp\hp_u_823824.exe
C:\Users\Rachel\AppData\Local\Temp\KMPAddedCode_KMP_adpageopen_Step1.exe
C:\Users\Rachel\AppData\Local\Temp\oct8D9E.tmp.exe
C:\Users\Rachel\AppData\Local\Temp\Quarantine.exe
C:\Users\Rachel\AppData\Local\Temp\SPSetup.exe
C:\Users\Rachel\AppData\Local\Temp\sqlite3.dll
C:\Users\Rachel\AppData\Local\Temp\tasks.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-08 16:55
==================== End of log ============================
Addition.txt
==================== Accounts: =============================
Administrator (S-1-5-21-82478299-2973199985-2317619839-500 - Administrator - Disabled)
Guest (S-1-5-21-82478299-2973199985-2317619839-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-82478299-2973199985-2317619839-1003 - Limited - Enabled)
Rachel (S-1-5-21-82478299-2973199985-2317619839-1001 - Administrator - Enabled) => C:\Users\Rachel
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software)
BitTorrent (HKU\S-1-5-21-82478299-2973199985-2317619839-1001\...\BitTorrent) (Version: 7.9.3.40299 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Dragon Assistant Application en-US version 1.5.8 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.8 - Nuance Communications, Inc.)
Dragon Assistant Core Recognition Service version 1.1.10 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.10 - Nuance Communications, Inc.)
Dragon Assistant Installer version 1.5.8 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.8 - Nuance Communications, Inc.)
Dragon Assistant Language Data en-US version 1.1.3 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.3 - Nuance Communications, Inc.)
Dropbox (HKU\S-1-5-21-82478299-2973199985-2317619839-1001\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.32 - Lenovo)
Energy Manager (x32 Version: 1.0.0.32 - Lenovo) Hidden
EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version: - SEIKO EPSON Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Drive (HKLM-x32\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel Experience Center - Configuration (x32 Version: 1.9.0.8 - Intel) Hidden
Intel® Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420}) (Version: 1.9.0.8 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}) (Version: 4.2.40.2418 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{b9007812-6a61-4dfc-8a0c-4c726c7dc43f}) (Version: 17.0.1 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.0.128 - PandoraTV)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.)
Lenovo Motion Control (HKLM-x32\...\InstallShield_{A7B68D5F-A468-493F-AD3D-625001293E19}) (Version: 2.0.0.0807 - PointGrab)
Lenovo Motion Control (x32 Version: 2.0.0.0807 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo Reach (HKLM-x32\...\{3245D8C8-7FE0-4FD4-B04B-2720A333D592}) (Version: 1.1.3.5 - Stoneware, Inc.)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.3.5000 - Maxthon International Limited)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4727.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Pokemon Showdown (HKLM-x32\...\Pokemon Showdown) (Version: - "Pokemon Showdown")
Pokémon Trading Card Game Online (HKLM-x32\...\{0D9304CD-1C83-4703-AFEF-0C46D1DB21F2}) (Version: 2.27.0 - The Pokémon Company International)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
StageLight (HKLM\...\StageLight) (Version: 1.3.0.4350 - Open Labs, LLC.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 70s, 80s, & 90s Stuff (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Fast Lane Stuff (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Movie Stuff (HKLM-x32\...\{D0087539-3C57-44E0-BEE7-D779D546CBE1}) (Version: 20.0.53 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Toontown Rewritten (HKLM-x32\...\Toontown Rewritten) (Version: 00.00.00.00 - The TTR Team)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden
VCRT for DirectPass x64 (Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
VCRT for DirectPass x86 (x32 Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-82478299-2973199985-2317619839-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Rachel\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-82478299-2973199985-2317619839-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Rachel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-82478299-2973199985-2317619839-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rachel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-82478299-2973199985-2317619839-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rachel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-82478299-2973199985-2317619839-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rachel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-82478299-2973199985-2317619839-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rachel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-82478299-2973199985-2317619839-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rachel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-82478299-2973199985-2317619839-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rachel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-82478299-2973199985-2317619839-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rachel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-82478299-2973199985-2317619839-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rachel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
30-06-2015 13:57:00 Installed Microsoft Visual C++ 2005 Redistributable (x64)
30-06-2015 13:57:56 Installed League of Legends
30-06-2015 13:58:34 Installed DirectX
09-07-2015 10:21:56 Windows Update
13-07-2015 11:35:46 avast! antivirus system restore point
13-07-2015 14:49:20 avast! antivirus system restore point
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0AA4345E-E140-43B0-BCA9-C17B8D02EEE2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-06-09] (Microsoft Corporation)
Task: {1046BF97-C3D9-4028-8728-F26F6241861C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-14] (Google Inc.)
Task: {212C1FFE-0861-48F3-B60D-9BC7F2CFE2D1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-13] (AVAST Software)
Task: {464C80D6-E600-49A4-9181-184DAA6FA59D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {657950F3-A0B2-46A6-9900-F1EB97CDA1B3} - System32\Tasks\{CF6F375D-11C4-4A9C-9FEA-F0CBC57B283E} => pcalua.exe -a C:\Users\Rachel\AppData\Roaming\Gameo\uninstall.exe
Task: {7DC67968-697C-42B3-9EC9-0373B184EE2D} - System32\Tasks\PC Defender Cleaner => C:\Program Files (x86)\PC Defender\PCDefender.exe [2015-05-26] (Secure Updater)
Task: {84C5AF47-1764-489C-928B-A4027A6FE331} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-14] (Google Inc.)
Task: {9239D4E0-88F3-48ED-B271-E17E03BA99A4} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {AC49EE93-37A7-4137-BFE6-4818BEAE5957} - System32\Tasks\Jelbruss Secure Web Cleaner => C:\Program Files (x86)\Jelbruss Secure Web\jswtask.exe [2015-05-22] (SecureSoft) <==== ATTENTION
Task: {B20DFCE8-4B6B-46C4-BF1A-A660F7209862} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-28] (Microsoft Corporation)
Task: {B45E2D73-0D99-416E-89F3-3A66E5A53D9D} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-14] (Synaptics Incorporated)
Task: {B5E2ECB4-16B0-49C7-8375-CFDC6EDE125D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B9D128D1-3CD4-4E04-9384-2735D4C12C3A} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2013-10-13] (Maxthon International ltd.)
Task: {CE445B4B-3E80-49BF-9645-D38DFE8FBB5C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {E2F4C327-E7F1-4241-8186-65E522F1A937} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {E7C01170-4A5C-45E6-AA14-4E23999204AA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {F16DA869-F5CD-411B-A5E0-D1E2DA678B6D} - \Win Update No Task File <==== ATTENTION
Task: {F4D8654A-24FD-4B4C-BF81-AE0D4A081B46} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2014-10-27 19:02 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-08-01 17:31 - 2013-08-01 17:31 - 00198120 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-08-01 17:31 - 2013-08-01 17:31 - 00054760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-01 17:31 - 2013-08-01 17:31 - 00034792 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll
2014-05-19 02:21 - 2012-04-24 19:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-05-19 02:24 - 2014-05-19 02:24 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-05-19 02:24 - 2014-05-19 02:24 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2015-03-15 09:55 - 2015-01-27 08:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-19 02:24 - 2013-05-02 11:26 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll
2014-05-19 02:24 - 2013-05-02 11:26 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll
2014-05-19 02:24 - 2013-05-02 11:26 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll
2014-05-19 02:24 - 2013-05-02 11:26 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll
2014-05-19 02:24 - 2013-05-02 11:26 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll
2014-05-19 02:24 - 2013-05-02 11:26 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll
2014-05-19 02:24 - 2013-05-02 11:25 - 00027648 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll
2015-07-13 11:38 - 2015-07-13 11:38 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-07-13 11:38 - 2015-07-13 11:38 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-13 11:38 - 2015-07-13 11:38 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2013-08-07 16:12 - 2013-08-07 16:12 - 02428416 _____ () C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterFilter.ax
2015-03-15 09:55 - 2015-01-27 07:13 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-07-07 16:56 - 2015-07-06 20:49 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libglesv2.dll
2015-07-07 16:56 - 2015-07-06 20:49 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libegl.dll
2014-05-19 01:29 - 2013-09-04 08:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-07-13 11:38 - 2015-07-13 11:38 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15071301\algo.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Rachel\OneDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-82478299-2973199985-2317619839-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rachel\Pictures\Camera Roll\108072 (1).jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKU\S-1-5-21-82478299-2973199985-2317619839-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_837FAF2DA4916372E0203606918A0A5D"
HKU\S-1-5-21-82478299-2973199985-2317619839-1001\...\StartupApproved\Run: => "Pokki"
HKU\S-1-5-21-82478299-2973199985-2317619839-1001\...\StartupApproved\Run: => "GoogleDriveSync"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{12224BD1-D1DC-4DDF-8207-14E2D23D6337}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{2E8B7372-7E92-486F-B447-184E72504841}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{794CAC83-749F-4B6F-BC6A-4C92C97055EA}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{15EF7773-F1D9-435F-9028-FE1B9DDDE883}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{A4EE462B-C8D9-4481-8B89-5635D14F326E}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{29F0E932-2B35-4AD6-9D66-2765CA5ADB7D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{28DE5F82-BE4C-4863-9B31-053E8F0A3FBC}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{1FD08428-7845-4719-A891-6CDAA39B6381}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{54FBE080-6BF7-423C-9CBA-DE141BD59AE7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{896BB8E5-E470-4274-A05A-0E0693F58D97}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3E7AAFD9-FD08-4D6D-A778-72C542C21FD3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2F3B7ED3-A5D9-45FB-B0B2-31104DC028AD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1E941FBF-C6AF-42F5-A50D-809118A553F2}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{113FA44A-0E12-4EA3-B3E1-11AD13F6F3FD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{DFA7CF84-423A-453A-8BDC-6045D4E22B3B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{1A723F00-E843-4CAD-8D1C-738EE2CF435C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{EF7A2938-C552-425F-9D32-3C2F890BCF1A}] => (Allow) C:\Users\Rachel\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F0B1B490-B3B3-44D1-BA9C-519FDB6990A9}] => (Allow) C:\Users\Rachel\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{2E240E68-7E10-418E-80C0-4946707FECD4}C:\users\rachel\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\rachel\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{479B529C-8311-4E5B-8E46-83DC83DBA66B}C:\users\rachel\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\rachel\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{41E118F5-10FE-42B8-B866-8D03CEF3D7BF}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{2CA5E0F1-E55A-4317-8CDC-BF39035BF415}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{EB7FD2A9-B777-4B63-944C-76A32A0A3B42}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{6561B8C3-4742-4537-9EDB-A42B95C56A98}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{DC1B63B9-8F28-4D0A-A384-026B100572D8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{D02E3908-D9A4-481D-8BCC-2796A67609D6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{748CFA0B-4A39-42ED-AC5D-7B0CB8447414}] => (Allow) C:\Users\Rachel\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{3FB5AE3D-E0C0-46C7-8EC8-A9228D19C359}] => (Allow) C:\Users\Rachel\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{ACCE6A37-B78D-455F-B114-5E5CFA6E9E1C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/13/2015 03:10:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.17415, time stamp: 0x545042b7
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17415, time stamp: 0x54503c4d
Exception code: 0xc000027b
Fault offset: 0x0000000000063c1f
Faulting process id: 0x1a04
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5
Error: (07/13/2015 10:06:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1c68
Start Time: 01d0bd8d8baab02f
Termination Time: 4294967295
Application Path: C:\windows\system32\wwahost.exe
Report Id: 7ed66d5d-2981-11e5-82a2-8086f2a704a8
Faulting package full name: CrackleInc.Crackle_1.1.0.92_x64__gn1at2342eymg
Faulting package-relative application ID: App
Error: (07/13/2015 09:59:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1f34
Start Time: 01d0bd8c9965f932
Termination Time: 4294967295
Application Path: C:\windows\system32\wwahost.exe
Report Id: 8c6dc47d-2980-11e5-82a2-8086f2a704a8
Faulting package full name: CrackleInc.Crackle_1.1.0.92_x64__gn1at2342eymg
Faulting package-relative application ID: App
Error: (07/13/2015 09:47:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 24dc
Start Time: 01d0bd8a805fcbf5
Termination Time: 4294967295
Application Path: C:\windows\system32\wwahost.exe
Report Id: cd6c7b27-297e-11e5-82a2-8086f2a704a8
Faulting package full name: CrackleInc.Crackle_1.1.0.92_x64__gn1at2342eymg
Faulting package-relative application ID: App
Error: (07/13/2015 09:09:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.17415, time stamp: 0x545042b7
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17415, time stamp: 0x54503c4d
Exception code: 0xc000027b
Fault offset: 0x0000000000063c1f
Faulting process id: 0xef8
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5
Error: (07/13/2015 08:57:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MangaTree.Windows.exe, version: 1.0.0.0, time stamp: 0x54ae93e2
Faulting module name: combase.dll, version: 6.3.9600.17415, time stamp: 0x54503d84
Exception code: 0xc000027b
Fault offset: 0x0012123d
Faulting process id: 0xb44
Faulting application start time: 0xMangaTree.Windows.exe0
Faulting application path: MangaTree.Windows.exe1
Faulting module path: MangaTree.Windows.exe2
Report Id: MangaTree.Windows.exe3
Faulting package full name: MangaTree.Windows.exe4
Faulting package-relative application ID: MangaTree.Windows.exe5
Error: (07/13/2015 08:45:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.17415, time stamp: 0x545042b7
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17415, time stamp: 0x54503c4d
Exception code: 0xc000027b
Fault offset: 0x0000000000063c1f
Faulting process id: 0x2768
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5
Error: (07/12/2015 09:10:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.17415, time stamp: 0x545042b7
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17415, time stamp: 0x54503c4d
Exception code: 0xc000027b
Fault offset: 0x0000000000063c1f
Faulting process id: 0x2958
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5
Error: (07/12/2015 07:24:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 216c
Start Time: 01d0bd124b01cab3
Termination Time: 4294967295
Application Path: C:\windows\system32\wwahost.exe
Report Id: 3e94b65a-2906-11e5-82a2-8086f2a704a8
Faulting package full name: CrackleInc.Crackle_1.1.0.92_x64__gn1at2342eymg
Faulting package-relative application ID: App
Error: (07/12/2015 06:24:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 12f8
Start Time: 01d0bd09efb81a12
Termination Time: 4294967295
Application Path: C:\windows\system32\wwahost.exe
Report Id: e3496f51-28fd-11e5-82a2-8086f2a704a8
Faulting package full name: CrackleInc.Crackle_1.1.0.92_x64__gn1at2342eymg
Faulting package-relative application ID: App
System errors:
=============
Error: (07/13/2015 04:48:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Avast Antivirus service failed to start due to the following error:
%%2
Error: (07/13/2015 04:47:57 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\windows\System32\IWMSSvc.dll
Error: (07/13/2015 04:47:57 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\windows\System32\IWMSSvc.dll
Error: (07/13/2015 04:47:55 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\windows\System32\IWMSSvc.dll
Error: (07/13/2015 04:43:42 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error:
%%5
Error: (07/13/2015 02:53:31 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error:
%%5
Error: (07/13/2015 02:53:11 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error:
%%5
Error: (07/13/2015 02:52:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error:
%%5
Error: (07/13/2015 02:52:39 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error:
%%5
Error: (07/13/2015 02:52:25 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error:
%%5
Microsoft Office:
=========================
Error: (07/13/2015 03:10:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415545042b7twinapi.appcore.dll6.3.9600.1741554503c4dc000027b0000000000063c1f1a0401d0bdb8b6fdc178C:\windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dllf77318dd-29ab-11e5-82a2-8086f2a704a839976Virblue.MyStudyLife_4.0.3.0_x64__pa3njxwv09jymApp
Error: (07/13/2015 10:06:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.174151c6801d0bd8d8baab02f4294967295C:\windows\system32\wwahost.exe7ed66d5d-2981-11e5-82a2-8086f2a704a8CrackleInc.Crackle_1.1.0.92_x64__gn1at2342eymgApp
Error: (07/13/2015 09:59:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.174151f3401d0bd8c9965f9324294967295C:\windows\system32\wwahost.exe8c6dc47d-2980-11e5-82a2-8086f2a704a8CrackleInc.Crackle_1.1.0.92_x64__gn1at2342eymgApp
Error: (07/13/2015 09:47:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.1741524dc01d0bd8a805fcbf54294967295C:\windows\system32\wwahost.execd6c7b27-297e-11e5-82a2-8086f2a704a8CrackleInc.Crackle_1.1.0.92_x64__gn1at2342eymgApp
Error: (07/13/2015 09:09:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415545042b7twinapi.appcore.dll6.3.9600.1741554503c4dc000027b0000000000063c1fef801d0bd864f7def20C:\windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll8dcd1d8f-2979-11e5-82a2-8086f2a704a839976Virblue.MyStudyLife_4.0.3.0_x64__pa3njxwv09jymApp
Error: (07/13/2015 08:57:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MangaTree.Windows.exe1.0.0.054ae93e2combase.dll6.3.9600.1741554503d84c000027b0012123db4401d0bd83b09f1f94C:\Program Files\WindowsApps\63247RisingRain.MangaTree_1.1.0.6_neutral__7d2jqgfyd5bxw\MangaTree.Windows.exeC:\windows\SYSTEM32\combase.dllddd8096a-2977-11e5-82a2-8086f2a704a863247RisingRain.MangaTree_1.1.0.6_neutral__7d2jqgfyd5bxwApp
Error: (07/13/2015 08:45:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415545042b7twinapi.appcore.dll6.3.9600.1741554503c4dc000027b0000000000063c1f276801d0bd4a4826e776C:\windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll2c97b45b-2976-11e5-82a2-8086f2a704a839976Virblue.MyStudyLife_4.0.3.0_x64__pa3njxwv09jymApp
Error: (07/12/2015 09:10:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415545042b7twinapi.appcore.dll6.3.9600.1741554503c4dc000027b0000000000063c1f295801d0bd21d4541888C:\windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll140b8895-2915-11e5-82a2-8086f2a704a839976Virblue.MyStudyLife_4.0.3.0_x64__pa3njxwv09jymApp
Error: (07/12/2015 07:24:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17415216c01d0bd124b01cab34294967295C:\windows\system32\wwahost.exe3e94b65a-2906-11e5-82a2-8086f2a704a8CrackleInc.Crackle_1.1.0.92_x64__gn1at2342eymgApp
Error: (07/12/2015 06:24:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.1741512f801d0bd09efb81a124294967295C:\windows\system32\wwahost.exee3496f51-28fd-11e5-82a2-8086f2a704a8CrackleInc.Crackle_1.1.0.92_x64__gn1at2342eymgApp
CodeIntegrity Errors:
===================================
Date: 2015-07-13 16:51:23.999
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-25 10:20:04.034
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-24 09:41:21.839
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-16 16:26:23.812
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-16 16:09:33.631
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-09 16:27:32.768
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-06-05 14:59:35.266
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-05-25 20:10:30.680
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-05-25 20:10:25.519
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-05-12 08:41:04.401
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 50%
Total physical RAM: 8115.27 MB
Available physical RAM: 3992.1 MB
Total Virtual: 9395.27 MB
Available Virtual: 4928.84 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:423.58 GB) (Free:328.58 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.86 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 45B056C6)
Partition: GPT Partition Type.
==================== End of log ============================
I hope I did everything correctly!
#4
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 14 July 2015 - 04:38 AM
Good Morning,
When you posted the FRST log you did not include the header which shows me the version of FRST or FRST64 your using and what directory your running it from, it will also show me what operating system your using. When any of our logs from any scans we may run they will open in Notepad, just go to the top of Notepad and select EDIT > SELECT ALL....................EDIT> COPY and then you can post the entire log into this thread
Your log is showing a IP address from HongKong, do you use this for any reason ?
Tcpip\..\Interfaces\{5BDD01E1-876A-423C-9F07-50728D2D6232}: [DhcpNameServer] 61.15.0.66
Your also using Bit Torrent, not all but most programs and files you download via the torrents can be infected, look at your Additions log under Firewall, Bit Torrent has permission to come in and out of your system freely and it can bring anything along for a ride that can be bundled with a file or program you download
Are you running FRST64 from your desktop and what version of Windows are you using, windows 7/ 8
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#5
smalls56
-
- Authentic Member
-
- 11 posts
New Member
Posted 14 July 2015 - 10:35 AM
Here's the top part of the FRST log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Rachel (administrator) on LEONARD on 13-07-2015 18:50:41
Running from C:\Users\Rachel\Desktop
Loaded Profiles: Rachel (Available Profiles: Rachel)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
Tcpip\..\Interfaces\{5BDD01E1-876A-423C-9F07-50728D2D6232}: [DhcpNameServer] 61.15.0.66
This does not look familiar to me, no.
And I am actually using a laptop and I have Windows 8.1.
#6
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 14 July 2015 - 01:47 PM
Hi,
Lets do a few things
Open notepad , Go to Start --> All Programs --> Accessories --> Notepad.
Please copy the entire contents Inside of the code box below beginning with START and ending with END
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Name the file Fixlist, Save it to your desktop where you have FRST/FRST64 or the fix wont work, . Then open up FRST/FRST64 and click on FIX (Not Scan) It won't take long, after your computer reboots you will find a FIXLOG.TXT on your desktop, post it please
Start
CloseProcesses:
CreateRestorePoint:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-82478299-2973199985-2317619839-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL
Tcpip\..\Interfaces\{5BDD01E1-876A-423C-9F07-50728D2D6232}: [DhcpNameServer] 61.15.0.66
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - No Path Or update_url value
2015-07-13 09:37 - 2015-05-22 17:42 - 00003280 _____ C:\windows\System32\Tasks\Jelbruss Secure Web Cleaner
Task: {AC49EE93-37A7-4137-BFE6-4818BEAE5957} - System32\Tasks\Jelbruss Secure Web Cleaner => C:\Program Files (x86)\Jelbruss Secure Web\jswtask.exe [2015-05-22] (SecureSoft) <==== ATTENTION
C:\Program Files (x86)\Jelbruss Secure Web
Task: {F16DA869-F5CD-411B-A5E0-D1E2DA678B6D} - \Win Update No Task File <==== ATTENTION
Hosts:
CMD: ipconfig /flushdns
EmptyTemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#7
smalls56
-
- Authentic Member
-
- 11 posts
New Member
Posted 14 July 2015 - 07:30 PM
Hello, here is my Fixlog.txt
Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Rachel at 2015-07-14 18:21:05 Run:1
Running from C:\Users\Rachel\Desktop
Loaded Profiles: Rachel (Available Profiles: Rachel)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-82478299-2973199985-2317619839-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL
Tcpip\..\Interfaces\{5BDD01E1-876A-423C-9F07-50728D2D6232}: [DhcpNameServer] 61.15.0.66
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - No Path Or update_url value
2015-07-13 09:37 - 2015-05-22 17:42 - 00003280 _____ C:\windows\System32\Tasks\Jelbruss Secure Web Cleaner
Task: {AC49EE93-37A7-4137-BFE6-4818BEAE5957} - System32\Tasks\Jelbruss Secure Web Cleaner => C:\Program Files (x86)\Jelbruss Secure Web\jswtask.exe [2015-05-22] (SecureSoft) <==== ATTENTION
C:\Program Files (x86)\Jelbruss Secure Web
Task: {F16DA869-F5CD-411B-A5E0-D1E2DA678B6D} - \Win Update No Task File <==== ATTENTION
Hosts:
CMD: ipconfig /flushdns
EmptyTemp:
End
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-82478299-2973199985-2317619839-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5BDD01E1-876A-423C-9F07-50728D2D6232}\\DhcpNameServer => value removed successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\idkknaphebegndgimgdpfnconcickdfn" => key removed successfully
C:\windows\System32\Tasks\Jelbruss Secure Web Cleaner => moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC49EE93-37A7-4137-BFE6-4818BEAE5957} => key not found.
C:\Windows\System32\Tasks\Jelbruss Secure Web Cleaner not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jelbruss Secure Web Cleaner" => key removed successfully
C:\Program Files (x86)\Jelbruss Secure Web => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F16DA869-F5CD-411B-A5E0-D1E2DA678B6D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F16DA869-F5CD-411B-A5E0-D1E2DA678B6D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Win Update" => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
EmptyTemp: => 3.4 GB temporary data Removed.
The system needed a reboot..
==== End of Fixlog 18:23:49 ====
#8
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 14 July 2015 - 09:32 PM
Good job 
Are you still having that proxy issue ??
Lets run Malwarebytes and depending on if and what if finds can determine if we have to look further
Download Malwarebytes' Anti-Malware TO YOUR DESKTOP
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#9
smalls56
-
- Authentic Member
-
- 11 posts
New Member
Posted 14 July 2015 - 10:15 PM
I haven't had the issue since the FRST fix this morning. However, whenever I think I fix it, it eventually happens again. 
Here are the Malwarebytes results:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 7/14/2015
Scan Time: 8:47 PM
Logfile:
Administrator: Yes
Version: 2.1.8.1057
Malware Database: v2015.07.14.07
Rootkit Database: v2015.07.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Rachel
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 346197
Time Elapsed: 21 min, 42 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 5
PUP.Optional.CouponBar.A, HKU\S-1-5-21-82478299-2973199985-2317619839-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [a80702df99f149ed5b14582e0af816ea],
PUP.Optional.CouponBar.A, HKU\S-1-5-21-82478299-2973199985-2317619839-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [a80702df99f149ed5b14582e0af816ea],
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\SPVC32LDR, Quarantined, [0aa5a73af89241f5ec110987b054e719],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [78375e833c4eec4ac45cc8b5b153e61a],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [505f90513753102620ffe8958282946c],
Registry Values: 7
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130524350038201250, Quarantined, [2d82627f26641d1900fceda373911de3]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130524350038201250, Quarantined, [f2bdfbe6e6a448eed8245a361be95fa1]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130524350038201250, Quarantined, [1e9135ace6a451e5ca32b7d9679df60a]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\iexplore.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130524350038201250, Quarantined, [545b23be5436b086fdff048cb94b18e8]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\SPVC32Ldr|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130524350038201250, Quarantined, [0aa5a73af89241f5ec110987b054e719]
PUP.Optional.Astromenda.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Astromenda\\, Quarantined, [b3fcd11029617db9bd68c73ee71cd12f]
PUM.Bad.Proxy, HKU\S-1-5-21-82478299-2973199985-2317619839-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, Quarantined, [07a858893b4f60d671961075fe0642be]
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 2
PUP.Optional.Jelbrus.A, C:\Users\Rachel\Downloads\Adobe_Photoshop_CS5.exe, Quarantined, [6649fae7ccbe261095eed48f9f66d42c],
PUP.Optional.SearchProtect, C:\Windows\apppatch\apppatch64\SPVCLdr64.dll, Quarantined, [1a95667b7317c17559c80a730cf87789],
Physical Sectors: 0
(No malicious items detected)
(end)
#10
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 15 July 2015 - 03:56 AM
Astromenda, Trovi, Jelbrus, SearchProtect, Couponbar, these are all infections that can alter your browsers, there considered PUPs ( Potentially Unwanted Program ) they most likely came bundled with something you downloaded via the torrents
I am sure there is more so let do this
-AdwCleaner-by Xplode
Click on this link to download : ADWCleaner TO YOUR DESKTOP
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
Use my link only, do not do a search for AdwCleaner as there is a bogus copy going around by scammers
Do not click on any links in the top Advertisment.
===============================================================================
Please download Junkware Removal Tool TO YOUR DESKTOP
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
Register to Remove
#11
smalls56
-
- Authentic Member
-
- 11 posts
New Member
Posted 15 July 2015 - 10:30 PM
ADWCleaner:
# AdwCleaner v4.208 - Logfile created 15/07/2015 at 21:01:51
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Rachel - LEONARD
# Running from : C:\Users\Rachel\Desktop\AdwCleaner.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Rachel\Documents\Updater
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17840
-\\ Google Chrome v43.0.2357.134
[C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://astromenda.com/?f=1&a=ast_ir_14_36_ch&cd=2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEyByEtDyEyEtBtDyByE0CtN0D0Tzu0SzyzztCtN1L2XzutAtFtBtFtCtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBtAyBtDzy0D0F0CtGyD0DtB0BtGyE0ByC0DtG0F0Fzz0DtGyCtCtA0ByD0CtAtB0F0Ezy0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzyyE0D0CtB0D0AtGyEtDyCyCtGyE0D0D0BtGzytDyCyDtG0D0D0BzztCtCtAzyzz0BtBtC2Q&cr=248997553&ir=
*************************
AdwCleaner[R0].txt - [12839 bytes] - [12/07/2015 11:16:38]
AdwCleaner[R1].txt - [1369 bytes] - [15/07/2015 20:59:08]
AdwCleaner[S0].txt - [12147 bytes] - [12/07/2015 11:20:20]
AdwCleaner[S1].txt - [1298 bytes] - [15/07/2015 21:01:51]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1357 bytes] ##########
Junkware Removal Tool
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.0 (07.15.2015:1)
OS: Windows 8.1 x64
Ran by Rachel on Wed 07/15/2015 at 21:14:12.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_837FAF2DA4916372E0203606918A0A5D
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Users\Rachel\appdata\local\google\chrome\user data\default\local storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage
Successfully deleted: [File] C:\Users\Rachel\appdata\local\google\chrome\user data\default\local storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage-journal
~~~ Folders
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Rachel\appdata\local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm
Successfully deleted: [Folder] C:\Users\Rachel\appdata\local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol
[C:\Users\Rachel\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Rachel\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
gngocbkfmikdgphklgmmehbjjlfgdemm
[C:\Users\Rachel\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Rachel\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
gngocbkfmikdgphklgmmehbjjlfgdemm,
lbfehkoinhhcknnbdgnnmjhiladcgbol
]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/15/2015 at 21:29:01.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#12
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 16 July 2015 - 03:57 AM
Good, how is your system behaving now ??
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#13
smalls56
-
- Authentic Member
-
- 11 posts
New Member
Posted 16 July 2015 - 11:20 AM
Thank you so much!! I have yet to have a problem with the proxy, but I will let you know if it comes back (which, in the past, it does 
)
#14
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 16 July 2015 - 12:22 PM
Ok, how about I leave this thread open for you for about 5 days so you can post back in case the problem surfaces again, if after 5 days this thread is closed just send me a PM and I will reopen it.
In the meantime do this
Double click on AdwCleaner.exe to run the tool again.
==========================================================
Please download DelFix and save the file to your Desktop.
This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually
==========================================================
How did I get infected in the first place ?
Safe Surfn
Ken
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#15
smalls56
-
- Authentic Member
-
- 11 posts
New Member
Posted 16 July 2015 - 06:35 PM
Got it, thank you so much!! 
Also tagged with one or more of these keywords: proxy, google chrome, internet
Software →
Browsers, Internet and email →
Cannot ping anyone?Started by Cactuscobbler , 27 Jun 2016  ping, internet
|
|
|
||
Software →
Microsoft Windows™ →
Why must I destroy everything I love?Started by brentorama , 03 Apr 2016 Windows 10, internet and 1 more...
|
|
|
||
Hardware →
Networking →
Rogue 3rd Party Router Detected: U-Verse Router/Modem ATT 5031NV-030Started by bilo , 17 Feb 2016 networking, router, modem, ATT and 6 more...
|
|
|
||
 |
Spyware / Malware / Virus Removal →
Virus, Spyware & Malware Removal →
Browser hijacked with pop up adsStarted by snoochieee , 18 Sep 2015 windows 8, google chrome and 1 more...
|
|
|
|
Software →
Mobile Apps →
why does Facebook suddenly look wrong on my mobile phone?Started by geriann , 21 May 2015 facebook, mobile, internet and 1 more...
|
|
|
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
