WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93085 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware and Proxy server running - cant remove - Please Help [Solved]

Started by hondaspeed05 , Oct 27 2014 06:12 PM

Proxy server malware proxy server malware proxy

This topic is locked

24 replies to this topic

#1 hondaspeed05

New Member

Authentic Member
15 posts

Posted 27 October 2014 - 06:12 PM

Hi there!

I have recent had issues with my computer giving lots of random pop up and the internet browsers running very slow. When I do a search in Google for example, I see a bunch of websites fly past before my search results pop up now. everytime I log onto the computer Hitman Pro does a scan and find a "Proxy server on this computer" running everytime it scans. (log below, if it of any help) Hitman will occasionally find other "threats" and removes them.

I am looking for guidance to figure out what exactly the issue is and how to remove it.

Thanks in advance for your help!!

Scan date . . . . . . : 2014-10-27 19:37:22
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 9m 29s
   Disk access mode . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot . . . . . . . : No

   Threats . . . . . . . : 1
   Traces . . . . . . . : 4

   Objects scanned . . . : 1,779,527
   Files scanned . . . . : 27,535
   Remnants scanned . . : 306,275 files / 1,445,717 keys

Malware _____________________________________________________________________

   C:\Users\Megan325\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\74ZQGJXX\spstub[2].exe -> Quarantined
      Size . . . . . . . : 177,432 bytes
      Age . . . . . . . : 17.9 days (2014-10-09 22:18:24)
      Entropy . . . . . : 7.8
      SHA-256 . . . . . : 0B72985E7FD1990E804BC4A395692BA2B653B9925A4A2BD8157760819402037F
      RSA Key Size . . . : 2048
      Source URL . . . . : hxxp://sp-storage.spccinta.com/stub/spstub.exe
      Authenticode . . . : Valid
    > Kaspersky . . . . : not-a-virus:WebToolbar.Win32.Agent.axo
      Fuzzy . . . . . . : 108.0
      Forensic Cluster
         -0.1s C:\Users\Megan325\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\74ZQGJXX\downloadstub[1].json
          0.0s C:\Users\Megan325\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\74ZQGJXX\spstub[2].exe
          3.3s C:\Users\Megan325\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\74ZQGJXX\OrbiterInstaller[1].exe
          9.1s C:\Users\Megan325\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E8IEAZXI\ct3332201[1].json

Potential Unwanted Programs _________________________________________________

   ask.com
   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Web Data

Repairs _____________________________________________________________________

   Proxy server on this computer (User)
   127.0.0.1:49439

   Proxy server on this computer (User)
   127.0.0.1:49439

[/code]

Advertisements

Register to Remove

#2 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 27 October 2014 - 07:23 PM

:welcome:

Lets run a few scans and see where we stand

Please download aswMBR to your desktop.

Double click the aswMBR icon to run it.

Click the Scan button to start scan.

If you are asked to update the Avast Virus database please allow it to do so.

When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

I just want to see the report....Please Do Not Fix Anything

============================================================================

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

A simple way to check your system: Start --> Computer (right click) --> Properties

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Please make sure All Users is checked

Do not check

*List BCD

*Drivers MD5

*Shortcut txt

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#3 hondaspeed05

New Member

Authentic Member
15 posts

Posted 27 October 2014 - 08:20 PM

Hi Ken545, thanks for your quick reply! here is the log from ASW:

aswMBR version 1.0.1.2161 Copyright© 2014 AVAST Software
Run date: 2014-10-27 21:51:00
-----------------------------
21:51:00.589    OS Version: Windows x64 6.1.7601 Service Pack 1
21:51:00.589    Number of processors: 4 586 0x2A07
21:51:00.590    ComputerName: MEGAN325-PC UserName: Megan325
21:51:01.100    Initialize success
21:51:01.124    VM: initialized successfully
21:51:01.133    VM: Intel CPU supported
21:51:08.115    VM: supported disk I/O iaStor.sys
21:51:10.050    AVAST engine defs: 14062601
22:01:11.541    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:01:11.543    Disk 0 Vendor: ST932032 0003 Size: 305245MB BusType: 3
22:01:11.751    VM: Disk 0 MBR read successfully
22:01:11.753    Disk 0 MBR scan
22:01:12.149    Disk 0 Windows 7 default MBR code
22:01:12.170    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    25600 MB offset 2048
22:01:12.275    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       122098 MB offset 52430848
22:01:12.281    Disk 0 default boot code
22:01:12.449    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       157545 MB offset 302487552
22:01:12.679    Disk 0 scanning C:\Windows\system32\drivers
22:01:25.135    Service scanning
22:01:29.167    Service clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe **INFECTED** Win64:Evo-gen [Susp]
22:01:48.673    Modules scanning
22:01:48.678    Disk 0 trace - called modules:
22:01:48.696    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
22:01:48.701    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800700b060]
22:01:48.704    3 CLASSPNP.SYS[fffff88000dbe43f] -> nt!IofCallDriver -> [0xfffffa80047b5e40]
22:01:48.708    5 ACPI.sys[fffff88000f1d7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80047b7050]
22:01:48.972    AVAST engine scan C:\Windows
22:01:51.041    AVAST engine scan C:\Windows\system32
22:04:42.762    AVAST engine scan C:\Windows\system32\drivers
22:04:56.276    AVAST engine scan C:\Users\Megan325
22:06:38.381    File: C:\Users\Megan325\AppData\Local\Temp\jlu1av5i.adq.exe **INFECTED** Win32:Evo-gen [Susp]
22:11:25.512    AVAST engine scan C:\ProgramData
22:12:40.553    Disk 0 MBR has been saved successfully to "C:\Users\Megan325\Desktop\fixer log 10-27-2014\MBR.dat"
22:12:40.562    The log file has been saved successfully to "C:\Users\Megan325\Desktop\fixer log 10-27-2014\aswMBR.txt"

#4 hondaspeed05

New Member

Authentic Member
15 posts

Posted 27 October 2014 - 08:21 PM

FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01
Ran by Megan325 (administrator) on MEGAN325-PC on 27-10-2014 22:15:58
Running from C:\Users\Megan325\Desktop\computer fix
Loaded Profile: Megan325 (Available profiles: Megan325)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Pentair Thermal Management) C:\Program Files (x86)\Pentair Thermal Management\DigiTrace Supervisor Master Server\SupervisorServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(ASUS) C:\Windows\AsScrPro.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VizorHtmlDialog.exe] => C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1654992 2011-10-26] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [213824 2011-10-04] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [416992 2011-08-02] (Trend Micro Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-03-06] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUS)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3273618889-1627324363-2844995654-1001\...\Run: [HLBackupScheduler] => "C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe"
HKU\S-1-5-21-3273618889-1627324363-2844995654-1001\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [3485728 2013-09-11] (Hewlett-Packard Co.)
HKU\S-1-5-21-3273618889-1627324363-2844995654-1001\...\MountPoints2: {2ab70772-e1e3-11e2-aa5c-10bf480e468e} - F:\MotoCastSetup.exe -a
HKU\S-1-5-21-3273618889-1627324363-2844995654-1001\...\MountPoints2: {4911a580-517a-11e3-a891-10bf480e468e} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3273618889-1627324363-2844995654-1001\...\MountPoints2: {b5b5094b-1ea3-11e4-aa10-10bf480e468e} - H:\MotoCastSetup.exe -a
HKU\S-1-5-21-3273618889-1627324363-2844995654-1001\...\MountPoints2: {b5b50a31-1ea3-11e4-aa10-10bf480e468e} - G:\VZW_Software_upgrade_assistant.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKCU - {23D4EAD8-0479-40FA-8DF4-BB7AFB6B6F72} URL = http://websearch.ask...F5-1808C3E20B89
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll (Trend Micro Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Megan325\AppData\Roaming\Mozilla\Firefox\Profiles\qfh3wg8k.default
FF Homepage: google.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Megan325\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: tdameritrade.com/thinkorswim -> C:\Program Files (x86)\thinkorswim\npthinkorswim.dll (TD Ameritrade)
FF Plugin HKCU: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkorswim\nptossc.dll (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Users\Megan325\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: Define Ext - C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com [2014-10-06]
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension [2012-03-06]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2012-03-06]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-11]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Windows LiveÃ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-16] (ASUS)
R2 DigiTraceSSSvc; C:\Program Files (x86)\Pentair Thermal Management\DigiTrace Supervisor Master Server\SupervisorServer.exe [32768 2013-06-17] (Pentair Thermal Management) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-10-11] (SurfRight B.V.)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R3 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [247072 2011-08-02] (Trend Micro Inc.)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 aswHwid; C:\Windows\System32\Drivers\aswHwid.sys [29208 2014-10-11] ()
U5 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [79184 2014-10-11] (AVAST Software)
U5 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-11] ()
U5 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1041168 2014-10-11] (AVAST Software)
U5 aswStm; C:\Windows\System32\Drivers\aswStm.sys [92008 2014-10-11] (AVAST Software)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [91920 2011-08-11] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [167696 2011-08-11] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [70928 2011-08-11] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-09-29] (Trend Micro Inc.)
U3 aswVmm; \??\C:\Users\Megan325\AppData\Local\Temp\aswVmm.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
U3 aswMBR; \??\C:\Users\Megan325\AppData\Local\Temp\aswMBR.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 22:14 - 2014-10-27 22:15 - 00000000 ____D () C:\FRST
2014-10-27 21:49 - 2014-10-27 22:15 - 00000000 ____D () C:\Users\Megan325\Desktop\computer fix
2014-10-27 21:01 - 2014-10-27 21:01 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-10-27 21:01 - 2014-10-27 21:01 - 00000296 _____ () C:\Windows\system32\bootdelete.lst
2014-10-27 20:39 - 2014-10-27 21:01 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-10-27 20:04 - 2014-10-27 22:12 - 00000000 ____D () C:\Users\Megan325\Desktop\fixer log 10-27-2014
2014-10-23 21:07 - 2014-10-23 21:07 - 00001304 _____ () C:\Users\Megan325\.recent_hist.xml
2014-10-14 20:13 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 20:13 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 20:13 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 20:13 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 20:13 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-14 20:13 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 20:13 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 20:13 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 20:13 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 20:13 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 20:13 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 20:13 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-14 20:13 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-14 20:13 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 20:13 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 20:13 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 20:13 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-14 20:13 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-14 20:13 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 20:13 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 20:13 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-14 20:13 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-14 20:13 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 20:13 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-14 20:13 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 20:13 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 20:13 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-14 20:13 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-14 20:13 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-14 20:13 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-14 20:13 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-14 20:13 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 20:13 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-14 20:13 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-14 20:13 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-14 20:13 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 20:13 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 20:13 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 20:13 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 20:13 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-14 20:13 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-14 20:13 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-14 20:13 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-14 20:13 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-14 20:13 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 20:13 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 20:13 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-14 20:13 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-14 20:13 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 20:13 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-14 20:13 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 20:13 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-14 20:13 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 20:13 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 20:13 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 20:13 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 20:13 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 20:13 - 2014-08-18 23:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-14 20:13 - 2014-08-18 23:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-14 20:13 - 2014-08-18 23:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-14 20:13 - 2014-08-18 23:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-14 20:13 - 2014-08-18 23:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-14 20:13 - 2014-08-18 23:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-14 20:13 - 2014-08-18 22:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-14 20:13 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-14 20:13 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-14 20:13 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-14 20:13 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-14 20:13 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-14 20:13 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-14 20:13 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-14 20:13 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-14 20:13 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-14 20:13 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-14 20:13 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-14 20:13 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-14 20:13 - 2014-07-06 22:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-14 20:13 - 2014-07-06 22:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-14 20:13 - 2014-07-06 22:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-14 20:13 - 2014-07-06 22:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 20:13 - 2014-07-06 22:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-14 20:13 - 2014-07-06 22:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-14 20:13 - 2014-07-06 22:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-14 20:13 - 2014-07-06 22:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-14 20:13 - 2014-07-06 22:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-14 20:13 - 2014-07-06 22:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-14 20:13 - 2014-07-06 22:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-14 20:13 - 2014-07-06 22:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-14 20:13 - 2014-07-06 22:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-14 20:13 - 2014-07-06 22:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-14 20:13 - 2014-07-06 22:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-14 20:13 - 2014-07-06 22:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-14 20:13 - 2014-07-06 22:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-14 20:13 - 2014-07-06 22:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-14 20:13 - 2014-07-06 22:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-14 20:13 - 2014-07-06 22:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-14 20:13 - 2014-07-06 22:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-14 20:13 - 2014-07-06 22:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-14 20:13 - 2014-07-06 22:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-14 20:13 - 2014-07-06 22:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-14 20:13 - 2014-07-06 22:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-14 20:13 - 2014-07-06 21:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-14 20:13 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-14 20:13 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-14 20:13 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-14 20:13 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-14 20:13 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-14 20:13 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-14 20:13 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-14 20:13 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-14 20:13 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-14 20:13 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-14 20:13 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-14 20:13 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-14 20:13 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-14 20:13 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-14 20:13 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-14 20:13 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-14 20:13 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-14 20:13 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-14 20:13 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-14 20:13 - 2014-07-06 21:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-14 20:13 - 2014-07-06 21:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-14 20:13 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-14 20:13 - 2014-06-27 20:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-14 20:13 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-14 20:13 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 20:13 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 20:13 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-14 20:13 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-14 20:13 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 20:13 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-14 20:13 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-14 20:12 - 2014-10-09 22:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-14 20:12 - 2014-10-09 22:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-14 20:12 - 2014-10-09 22:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-14 20:12 - 2014-08-18 23:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-14 20:12 - 2014-08-18 23:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-14 20:12 - 2014-08-18 23:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-14 20:12 - 2014-08-18 23:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-14 20:12 - 2014-08-18 22:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-14 20:12 - 2014-08-18 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-14 20:12 - 2014-07-06 22:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-14 20:12 - 2014-07-06 22:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-14 20:12 - 2014-07-06 22:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-14 20:12 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-14 20:12 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-14 20:12 - 2014-07-06 22:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-14 20:12 - 2014-07-06 22:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 20:12 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-14 20:12 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-14 20:12 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-14 20:12 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-14 20:12 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-14 20:12 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-14 20:12 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-14 20:11 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 20:11 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 20:10 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 20:10 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 20:10 - 2014-09-04 22:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 20:10 - 2014-09-04 21:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-14 20:10 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 20:10 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-14 20:10 - 2014-08-28 22:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-14 20:10 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-14 20:10 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 20:10 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 20:10 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 20:10 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-14 20:10 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-14 20:10 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-14 20:10 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-14 20:10 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-14 20:10 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 20:10 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-12 17:56 - 2014-10-12 17:56 - 00000308 _____ () C:\Windows\system32\.crusader
2014-10-12 17:55 - 2014-10-27 19:35 - 00001214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-11 16:44 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-11 16:43 - 2014-10-27 20:35 - 00000000 ____D () C:\AdwCleaner
2014-10-11 16:43 - 2014-10-11 16:43 - 01375089 _____ () C:\Users\Megan325\Downloads\adwcleaner_3.311.exe
2014-10-11 13:07 - 2014-10-11 13:07 - 00241248 _____ (Kaspersky Lab, Yury Parshin) C:\Windows\system32\Drivers\72488640.sys
2014-10-11 13:04 - 2014-10-11 13:05 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Megan325\Downloads\tdsskiller.exe
2014-10-11 12:52 - 2014-10-11 12:52 - 00000000 ____D () C:\Users\Megan325\AppData\Roaming\AVAST Software
2014-10-11 12:51 - 2014-10-27 21:09 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-11 12:51 - 2014-10-11 12:51 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-10-11 12:51 - 2014-10-11 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-10-11 12:50 - 2014-10-11 12:50 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-10-11 12:50 - 2014-10-11 12:50 - 00426848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-10-11 12:50 - 2014-10-11 12:50 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-10-11 12:50 - 2014-10-11 12:50 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-10-11 12:50 - 2014-10-11 12:50 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-10-11 12:50 - 2014-10-11 12:50 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-10-11 12:50 - 2014-10-11 12:50 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-10-11 12:50 - 2014-10-11 12:50 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-10-11 12:50 - 2014-10-11 12:50 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-10-11 12:50 - 2014-10-11 12:50 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-10-11 12:49 - 2014-10-11 12:49 - 00000000 ____D () C:\Program Files\AVAST Software
2014-10-11 12:48 - 2014-10-11 12:49 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-11 12:42 - 2014-10-11 12:43 - 91906368 _____ (AVAST Software) C:\Users\Megan325\Downloads\avast_free_antivirus_setup.exe
2014-10-11 12:33 - 2014-10-11 12:33 - 00001899 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-10-11 12:33 - 2014-10-11 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-10-11 12:33 - 2014-10-11 12:33 - 00000000 ____D () C:\Program Files\HitmanPro
2014-10-09 23:40 - 2014-10-09 23:40 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-09 23:40 - 2014-10-09 23:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-09 23:40 - 2014-10-09 23:40 - 00000000 ____D () C:\Windows\system32\Macromed
2014-10-09 23:40 - 2014-10-09 23:40 - 00000000 ____D () C:\Users\Megan325\AppData\Local\Macromedia
2014-10-07 22:24 - 2014-10-07 22:24 - 31766208 _____ (Microsoft Corporation) C:\Users\Megan325\Downloads\Windows-KB890830-x64-V5.16.exe
2014-10-06 20:24 - 2014-10-06 20:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-01 23:33 - 2014-10-01 23:33 - 00076854 _____ () C:\Users\Megan325\Desktop\HitmanPro_20141001_2333.log
2014-10-01 22:54 - 2014-10-01 23:33 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-01 22:53 - 2014-10-02 15:53 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-01 22:44 - 2014-10-01 22:53 - 11194928 _____ (SurfRight B.V.) C:\Users\Megan325\Downloads\HitmanPro_x64.exe
2014-09-30 20:15 - 2014-10-27 19:35 - 00003312 _____ () C:\Windows\System32\Tasks\Chrome Launcher
2014-09-30 20:15 - 2014-09-30 20:15 - 00000000 ____D () C:\Program Files (x86)\Techsnab
2014-09-30 20:10 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 20:10 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-29 22:35 - 2014-09-29 22:35 - 00000005 _____ () C:\Windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 21:48 - 2012-04-22 19:50 - 01712490 _____ () C:\Windows\WindowsUpdate.log
2014-10-27 21:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-27 21:44 - 2014-03-03 16:15 - 00000580 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3273618889-1627324363-2844995654-1001.job
2014-10-27 21:33 - 2012-03-06 06:49 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-27 21:28 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-27 21:28 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-27 20:37 - 2012-12-28 09:09 - 00000380 _____ () C:\Users\Megan325\AppData\Roaming\sp_data.sys
2014-10-27 20:37 - 2012-12-28 09:09 - 00000000 ___HD () C:\ASUS.DAT
2014-10-27 20:37 - 2012-12-28 09:08 - 00000000 ____D () C:\Users\Megan325
2014-10-27 20:37 - 2012-03-06 06:49 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-27 20:36 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-27 20:36 - 2009-07-14 00:51 - 00117165 _____ () C:\Windows\setupact.log
2014-10-27 20:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-10-23 21:05 - 2013-12-01 20:52 - 00001304 _____ () C:\Users\Megan325\Documents\.usr_app_ncr.dat
2014-10-23 21:05 - 2013-12-01 20:52 - 00001304 _____ () C:\Users\Megan325\AppData\Roaming\.starmoon_kst.cfg
2014-10-21 20:36 - 2014-03-03 16:15 - 00003618 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3273618889-1627324363-2844995654-1001
2014-10-21 20:29 - 2009-07-14 01:13 - 00891626 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-21 19:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 22:55 - 2009-07-14 01:08 - 00032656 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-15 22:55 - 2009-07-14 00:45 - 00410928 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 22:52 - 2014-05-07 22:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 22:52 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 22:52 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 20:27 - 2013-01-13 17:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 20:21 - 2013-08-20 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 20:12 - 2013-01-13 18:29 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-13 22:27 - 2013-12-01 20:52 - 00000000 ____D () C:\Users\Megan325\AppData\Roaming\MotiveWave
2014-10-11 16:55 - 2012-03-06 06:27 - 00184630 _____ () C:\Windows\PFRO.log
2014-10-11 13:09 - 2012-04-22 19:58 - 00001335 _____ () C:\Windows\system32\ServiceFilter.ini
2014-10-10 17:56 - 2014-09-05 17:56 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll
2014-10-09 23:39 - 2013-02-26 20:33 - 00000000 ____D () C:\Users\Megan325\AppData\Local\Adobe
2014-10-08 18:55 - 2013-11-25 14:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-07 21:22 - 2013-02-26 20:34 - 00000000 ____D () C:\Users\Megan325\Desktop\Jesse
2014-09-29 22:40 - 2013-06-30 20:34 - 00000000 ____D () C:\Program Files (x86)\Motorola Mobility
2014-09-29 22:36 - 2013-06-30 20:34 - 00000000 ____D () C:\ProgramData\Nero
2014-09-29 22:36 - 2013-06-30 20:33 - 00000000 ____D () C:\Users\Megan325\AppData\Roaming\Motorola
2014-09-29 22:36 - 2013-06-30 20:33 - 00000000 ____D () C:\Program Files (x86)\Motorola
2014-09-29 22:36 - 2012-04-22 19:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-29 21:53 - 2013-06-30 20:34 - 00000000 ____D () C:\Temp

Some content of TEMP:
====================
C:\Users\Megan325\AppData\Local\Temp\18be6784_.exe
C:\Users\Megan325\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvl0cbv.dll
C:\Users\Megan325\AppData\Local\Temp\GPUpd5414DE5A1.exe
C:\Users\Megan325\AppData\Local\Temp\GPUpd542018101.exe
C:\Users\Megan325\AppData\Local\Temp\GPUpd542B47882.exe
C:\Users\Megan325\AppData\Local\Temp\GPUpd54332F3E1.exe
C:\Users\Megan325\AppData\Local\Temp\GPUpd543492AE1.exe
C:\Users\Megan325\AppData\Local\Temp\GPUpd543741AF1.exe
C:\Users\Megan325\AppData\Local\Temp\HitmanPro.exe
C:\Users\Megan325\AppData\Local\Temp\jlu1av5i.adq.exe
C:\Users\Megan325\AppData\Local\Temp\jna6654794410531774277.dll
C:\Users\Megan325\AppData\Local\Temp\jna6853662713690170548.dll
C:\Users\Megan325\AppData\Local\Temp\jna8937821894247292805.dll
C:\Users\Megan325\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Megan325\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Megan325\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Megan325\AppData\Local\Temp\m55x2nrg.efn.exe
C:\Users\Megan325\AppData\Local\Temp\Quarantine.exe
C:\Users\Megan325\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
C:\Users\Megan325\AppData\Local\Temp\{200253A6-5456-4376-891A-4AFF5875F9FF}.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-27 21:00

==================== End Of Log ============================

#5 hondaspeed05

New Member

Authentic Member
15 posts

Posted 27 October 2014 - 08:23 PM

FRST Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01
Ran by Megan325 at 2014-10-27 22:16:38
Running from C:\Users\Megan325\Desktop\computer fix
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Titanium Internet Security 2012 (Disabled - Up to date) {7193B549-236F-55EE-9AEC-F65279E59A92}
AS: Trend Micro Titanium Internet Security 2012 (Disabled - Up to date) {CAF254AD-0555-5A60-A05C-CD200262D02F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.85.3 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.4.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.23 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.29 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.2 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0041 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version: - )
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0015 - ASUS)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DigiTrace Supervisor Client (HKLM-x32\...\{C1F623E8-D0FB-40CD-92D9-338D77B1621A}) (Version: 2.5.1 - Pentair Thermal Management)
DigiTrace Supervisor Master Server (HKLM-x32\...\{01391BFC-50FB-45CD-855A-AAFB0AC50687}) (Version: 2.5.1 - Pentair Thermal Management)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoPro Studio 2.0.1 (HKLM-x32\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)
GoToMeeting 7.0.2.1848 (HKCU\...\GoToMeeting) (Version: 7.0.2.1848 - CitrixOnline)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
HP Officejet Pro 8620 Basic Device Software (HKLM\...\{B693607C-4611-4164-8167-E9F07A86EF6B}) (Version: 32.0.90.45518 - Hewlett-Packard Co.)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.2.0 - ASUS)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MotiveWave (HKLM-x32\...\MotiveWave) (Version: - )
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6454 - Realtek Semiconductor Corp.)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
Sony Player Plug-in for Windows Media Player (HKLM-x32\...\Sony Player Plug-in for Windows Media Player) (Version: - )
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - Synaptics Incorporated)
thinkorswim (HKLM-x32\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
Trade Navigator (HKLM-x32\...\{384A95F1-EDDA-4BBE-BC6B-7FAA886380F6}) (Version: - )
Trend Micro Titanium (Version: 5.00 - Trend Micro Inc.) Hidden
Trend Micro Titanium Internet Security 2012 (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 5.0 - Trend Micro Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.25 - ASUS)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3273618889-1627324363-2844995654-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Megan325\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================

16-10-2014 03:39:16 Checkpoint by HitmanPro
21-10-2014 23:04:44 Windows Update
21-10-2014 23:04:52 Checkpoint by HitmanPro
22-10-2014 23:46:03 Checkpoint by HitmanPro
23-10-2014 00:31:18 Checkpoint by HitmanPro
24-10-2014 01:09:47 Checkpoint by HitmanPro
24-10-2014 01:50:07 Checkpoint by HitmanPro
25-10-2014 19:11:56 Windows Update
25-10-2014 20:42:00 Checkpoint by HitmanPro
27-10-2014 23:47:02 Checkpoint by HitmanPro
28-10-2014 00:34:26 Restore Operation
28-10-2014 01:00:56 Checkpoint by HitmanPro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-09-23 17:58 - 00002928 ____A C:\Windows\system32\Drivers\etc\hosts
127.1.2.3 download-manage.com
127.1.2.3 www.download-manage.com
127.1.2.3 filemonetizer.com
127.1.2.3 www. filemonetizer.com
127.1.2.3 maxdocumentsitefun.info
127.1.2.3 www. maxdocumentsitefun.info
127.1.2.3 loversion.com
127.1.2.3 www. loversion.com
127.1.2.3 torntv-dl.net
127.1.2.3 www. torntv-dl.net
127.1.2.3 tornn-tv.com
127.1.2.3 www. tornn-tv.com
127.1.2.3 ads.ad-center.com
127.1.2.3 www. ads.ad-center.com
127.1.2.3 idownloadsnow.com
127.1.2.3 www. idownloadsnow.com
127.1.2.3 clickansave.net
127.1.2.3 www. clickansave.net
127.1.2.3 s1magnettvcom-maynemyltf.netdna-ssl.com
127.1.2.3 www. s1magnettvcom-maynemyltf.netdna-ssl.com
127.1.2.3 go.mobibiobi.com
127.1.2.3 www. go.mobibiobi.com
127.1.2.3 eudl.net
127.1.2.3 www. eudl.net
127.1.2.3 lp.sharelive.net
127.1.2.3 www. lp.sharelive.net
127.1.2.3 download.cdn.sharelive.net
127.1.2.3 www. download.cdn.sharelive.net
127.1.2.3 vid-converter.com

There are 34 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03481314-0D56-4EA1-8187-8F544F93BADC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {1CB187BE-162E-4214-AA8E-CDC17A2F7943} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2012-02-16] (ASUSTek Computer Inc.)
Task: {21232939-9DDA-41B2-9FC7-32A4F2B1E2DA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3212E5AB-2546-46B0-A7C6-2A4843178696} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-11] (AVAST Software)
Task: {411BEC9E-972F-40DE-8A3B-49E3735E300E} - System32\Tasks\G2MUpdateTask-S-1-5-21-3273618889-1627324363-2844995654-1001 => C:\Users\Megan325\AppData\Local\Citrix\GoToMeeting\1848\g2mupdate.exe [2014-10-21] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {4A49A795-CA35-4D53-91BB-BF016D91294B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {69C56170-AFD4-46C1-9B5E-B186426FF9D6} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-12-22] (ASUSTek Computer Inc.)
Task: {6D965624-70E7-4509-82AA-8A95B616BD92} - System32\Tasks\GPUP => C:\Program Files (x86)\GetPrivate\gpup.exe
Task: {7748FCC7-8BCD-4785-9B9A-7F4274930BB5} - System32\Tasks\RunGadgetController => C:\Program Files (x86)\ASUS\InstantOn for NB\GadgetController.exe [2012-02-03] (ASUS)
Task: {BB6B40C5-C242-456B-93CE-867CAD880FC0} - System32\Tasks\Chrome Launcher => C:\Program Files (x86)\Techsnab\Chrome Launcher\chrome-links.exe [2014-09-30] (Techsnab)
Task: {BCEEE6B7-E17D-4FBA-BE7D-D2BFD8F005D5} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-15] (ASUS)
Task: {BF1C5E80-B1AF-458B-865C-99103EF9B914} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3273618889-1627324363-2844995654-1001.job => C:\Users\Megan325\AppData\Local\Citrix\GoToMeeting\1848\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-03 20:24 - 2013-10-23 16:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2010-07-14 19:11 - 2010-07-14 19:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-03-04 21:24 - 2011-05-05 08:30 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2012-03-06 06:59 - 2011-08-02 16:45 - 00047104 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
2012-03-06 06:59 - 2011-08-02 16:45 - 00042496 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-23 15:59 - 2013-04-23 15:59 - 00051712 _____ () C:\Program Files (x86)\Pentair Thermal Management\DigiTrace Supervisor Master Server\KeyLib32Funcs.DLL
2007-07-12 14:11 - 2007-07-12 14:11 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2012-02-21 17:49 - 2012-02-21 17:49 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-08-20 12:57 - 2010-08-20 12:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-20 12:57 - 2010-08-20 12:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-10-06 20:24 - 2014-10-06 20:24 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:054203E4

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\92664554.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\92664554.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

========================= Accounts: ==========================

Administrator (S-1-5-21-3273618889-1627324363-2844995654-500 - Administrator - Disabled)
Guest (S-1-5-21-3273618889-1627324363-2844995654-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3273618889-1627324363-2844995654-1002 - Limited - Enabled)
Megan325 (S-1-5-21-3273618889-1627324363-2844995654-1001 - Administrator - Enabled) => C:\Users\Megan325

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/27/2014 07:47:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000200,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000001F6F0C0.72). hr = 0x80070005, Access is denied.
.

Error: (10/27/2014 07:47:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000600,(null),0,REG_BINARY,0000000004DAE300.72). hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {16575d60-b22e-415d-9642-3e4de07e3af6}

Error: (10/27/2014 07:47:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001b4,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,000000000200E8E0.72). hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {5b21cb8d-fed9-4157-b392-c417987df65f}

Error: (10/27/2014 07:47:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000009b8,(null),0,REG_BINARY,0000000005C7E480.72). hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {12e21c38-68cd-4504-b2d2-e5f2e4a27da1}

Error: (10/27/2014 07:47:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002fc,(null),0,REG_BINARY,00000000031FE070.72). hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a7f82d79-d64c-46a3-80a1-766b2b26698f}

Error: (10/27/2014 07:47:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001f0,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,0000000001DCEBD0.72). hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {f87efb21-f903-4784-a9e5-f724ea201fd1}

Error: (10/27/2014 07:47:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000600,(null),0,REG_BINARY,0000000004DAE300.72). hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {16575d60-b22e-415d-9642-3e4de07e3af6}

Error: (10/27/2014 07:47:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002fc,(null),0,REG_BINARY,00000000031FE070.72). hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a7f82d79-d64c-46a3-80a1-766b2b26698f}

Error: (10/27/2014 07:47:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001c0,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,0000000002BCEFA0.72). hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {1bbc61fc-3326-44ae-9d8e-5cc911ddb4b9}

Error: (10/27/2014 07:47:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000009b8,(null),0,REG_BINARY,0000000005C7E480.72). hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {12e21c38-68cd-4504-b2d2-e5f2e4a27da1}

System errors:
=============
Error: (10/27/2014 08:39:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (10/27/2014 08:33:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%-2147012892

Error: (10/27/2014 08:32:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%-2147012892

Error: (10/27/2014 08:32:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%-2147012892

Error: (10/27/2014 08:30:58 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Network Location Awareness service terminated with service-specific error %%-1073741502.

Error: (10/27/2014 08:30:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%0

Error: (10/27/2014 08:30:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WLAN AutoConfig service terminated with the following error:
%%1747

Error: (10/27/2014 08:30:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4002) (User: NT AUTHORITY)
Description: WLAN AutoConfig service has failed to start.

Error Code: 1747

Error: (10/27/2014 08:29:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Event Log service terminated unexpectedly. It has done this 3 time(s).

Error: (10/27/2014 08:29:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Event Log service terminated with the following error:
%%1747

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 49%
Total physical RAM: 4000.13 MB
Available physical RAM: 2024.99 MB
Total Pagefile: 7998.43 MB
Available Pagefile: 5702.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:47.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:153.85 GB) (Free:64.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E3102A4B)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=119.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=153.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#6 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 28 October 2014 - 04:27 AM

Hi,

Lets do a few things

Download MiniToolBox and save it to your desktop, right click on it and select RUN AS ADMINISTRATOR

Checkmark the following boxes:

Flush DNS

Report IE Proxy Settings

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run

==================================================================

Open notepad (Start --> All Programs --> Accessories --> Notepad).

Please copy the entire contents of the code box below.

(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).

Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.

You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.

Start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKCU - {23D4EAD8-0479-40FA-8DF4-BB7AFB6B6F72} URL = http://websearch.ask...F5-1808C3E20B89
Hosts:
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Then open FRST or FRST64 and click on fix

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

================================================================================

Download Malwarebytes' Anti-Malware to your desktop.

Windows XP : Double click on the icon to run it.

Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Threat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

When the scan is finished and the log pops up...select Copy to Clipboard

Please paste the log back into this thread for review

Exit Malwarebytes

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#7 hondaspeed05

New Member

Authentic Member
15 posts

Posted 28 October 2014 - 05:47 PM

Minitool box results:

Ran by Megan325 (administrator) on 28-10-2014 at 19:46:52
Running from "C:\Users\Megan325\Desktop\computer fix"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

**** End of log ****

#8 hondaspeed05

New Member

Authentic Member
15 posts

Posted 28 October 2014 - 05:48 PM

A side note, for some reason, the wireless internet keeps shutting off and I have to keep turning it back on manually. Not sure if this is related at all.

Also, the "proxy server" issue that Hitman Pro seems to resolves comes right back after I reboot the computer.

#9 hondaspeed05

New Member

Authentic Member
15 posts

Posted 28 October 2014 - 06:02 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-10-2014 01
Ran by Megan325 at 2014-10-28 19:56:27 Run:1
Running from C:\Users\Megan325\Desktop\computer fix
Loaded Profile: Megan325 (Available profiles: Megan325)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKCU - {23D4EAD8-0479-40FA-8DF4-BB7AFB6B6F72} URL = http://websearch.ask...F5-1808C3E20B89
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23D4EAD8-0479-40FA-8DF4-BB7AFB6B6F72}" => Key deleted successfully.
"HKCR\CLSID\{23D4EAD8-0479-40FA-8DF4-BB7AFB6B6F72}" => Key not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 1.2 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====

#10 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 28 October 2014 - 06:14 PM

Down on the bottom right look for your Wi Fi Icon and right click and go into Network and sharing, when it opens go to properties > Configure > Power Management and take the checkmark out of ALLOW COMPUTER TO TURN OFF THIS DEVICE TO SAVE POWER if its checked

MiniToolbox did not find a proxy and if there was a proxy server it would have showed up on your FRST scan

Lets see what Malwarebytes finds

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Advertisements

Register to Remove

#11 hondaspeed05

New Member

Authentic Member
15 posts

Posted 28 October 2014 - 06:28 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/28/2014
Scan Time: 8:08:06 PM
Logfile: malbytes log.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.28.07
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Megan325

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349692
Time Elapsed: 17 min, 3 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.GetPrivateVPN, C:\Windows\System32\Tasks\GPUP, , [5a6770a76e0e96a0cdfa968f47bc06fa],

Physical Sectors: 0
(No malicious items detected)

(end)

#12 hondaspeed05

New Member

Authentic Member
15 posts

Posted 28 October 2014 - 06:31 PM

Thanks! wifi is fixed.

regarding the Proxy, its odd because the Hitman pro found it after the computer just restarted for minitoolbox

#13 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 29 October 2014 - 03:47 AM

When you ran Malwarebytes did you have it remove the entry that it found , if not run it again and have it remove it

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Threat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

When the scan is finished and the log pops up...select Copy to Clipboard

Please paste the log back into this thread for review

Exit Malwarebytes

HitmanPro is showing that the proxy has been repaired, all your browsers look free of any proxy servers, let me ask you are you getting redirected to websites that your not wanting to go to, are you getting any pop ups from sites you visit ?

You need to enable windows to show all files and folders, instructions Here

Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, if it says this file has been checked before, have them recheck it. When the scan is done just copy and paste the link back to this forum for me to see.

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

If the site is busy you can try this one

http://virusscan.jotti.org/en

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#14 hondaspeed05

New Member

Authentic Member
15 posts

Posted 29 October 2014 - 06:38 PM

HI, what file should I be submitting for analysis? the MalwareBytes log?

when I do a search or do you a site online, the computer is a lot slower now than before I had the problems and I notice that down in the loading bar it shows all kinds of random websites, for example:

never have I visited any of these sites, but they will flash past quick before going to the site that I entered to go to:

   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.cpserve.com
   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.burstnet.com
   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com

Edited by hondaspeed05, 29 October 2014 - 06:38 PM.

#15 hondaspeed05

New Member

Authentic Member
15 posts

Posted 29 October 2014 - 06:46 PM

https://www.virustot...sis/1414629873/

Also tagged with one or more of these keywords: Proxy server malware, proxy server, malware, proxy

Malware Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → Weird behavior on my pc Started by ba_jets , 29 Jan 2024 Malware, Virus	0 replies 47,566 views	ba_jets 29 Jan 2024
Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → Gaming computer keeps running extremely slow and keep getting repeated Started by ShaneA94 , 08 Nov 2023 Hacked, spyware, malware	0 replies 56,379 views	ShaneA94 08 Nov 2023
Virus Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → How do i delete this Virus? (dllhost.exe) Started by Noalch , 11 Dec 2022 Virus, Dllhost.exe, Dllhost and 4 more...	0 replies 32,824 views	Noalch 11 Dec 2022
Virus Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → How do i delete this Virus? (dllhost.exe) Started by Noalch , 11 Dec 2022 Virus, Dllhost.exe, Dllhost and 4 more...	0 replies 24,755 views	Noalch 11 Dec 2022
Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → Pop ups keep stealing my browser and shutting my computer down. Started by Patrick's Mom , 21 Apr 2021 malware	2 replies 26,314 views	Juliet 01 May 2021

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Body Background

skin color theme