Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Malware and Proxy server running - cant remove - Please Help [Solved]

Proxy server malware proxy server malware proxy

  • This topic is locked This topic is locked
24 replies to this topic

#1 hondaspeed05

hondaspeed05

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 27 October 2014 - 06:12 PM

Hi there!

 

I have recent had issues with my computer giving lots of random pop up and the internet browsers running very slow.  When I do a search in Google for example, I see a bunch of websites fly past before my search results pop up now.  everytime I log onto the computer Hitman Pro does a scan and find a "Proxy server on this computer" running everytime it scans. (log below, if it of any help)  Hitman will occasionally find other "threats" and removes them.

 

I am looking for guidance to figure out what exactly the issue is and how to remove it.

 

Thanks in advance for your help!!

 

Scan date . . . . . . : 2014-10-27 19:37:22
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 9m 29s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 4

   Objects scanned . . . : 1,779,527
   Files scanned . . . . : 27,535
   Remnants scanned  . . : 306,275 files / 1,445,717 keys

Malware _____________________________________________________________________

   C:\Users\Megan325\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\74ZQGJXX\spstub[2].exe -> Quarantined
      Size . . . . . . . : 177,432 bytes
      Age  . . . . . . . : 17.9 days (2014-10-09 22:18:24)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 0B72985E7FD1990E804BC4A395692BA2B653B9925A4A2BD8157760819402037F
      RSA Key Size . . . : 2048
      Source URL . . . . : hxxp://sp-storage.spccinta.com/stub/spstub.exe
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:WebToolbar.Win32.Agent.axo
      Fuzzy  . . . . . . : 108.0
      Forensic Cluster
         -0.1s C:\Users\Megan325\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\74ZQGJXX\downloadstub[1].json
          0.0s C:\Users\Megan325\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\74ZQGJXX\spstub[2].exe
          3.3s C:\Users\Megan325\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\74ZQGJXX\OrbiterInstaller[1].exe
          9.1s C:\Users\Megan325\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E8IEAZXI\ct3332201[1].json


Potential Unwanted Programs _________________________________________________

   ask.com
   C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Web Data


Repairs _____________________________________________________________________

   Proxy server on this computer (User)
   127.0.0.1:49439

   Proxy server on this computer (User)
   127.0.0.1:49439



[/code]
 


    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 27 October 2014 - 07:23 PM

:welcome:

 

Lets run a few scans and see where we stand

 

1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
  •  
    I just want to see the report....Please Do Not Fix Anything
     
    ============================================================================
     
     

     
    Please download Farbar Recovery Scan Tool and save it to your desktop.
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
     
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
    A simple way to check your system: Start --> Computer (right click) --> Properties
     
     
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Do not check 
  • *List BCD
    *Drivers MD5
    *Shortcut txt
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #3 hondaspeed05

    hondaspeed05

      New Member

    • Authentic Member
    • Pip
    • 15 posts

    Posted 27 October 2014 - 08:20 PM

    Hi Ken545, thanks for your quick reply!  here is the log from ASW:

     

    aswMBR version 1.0.1.2161 Copyright© 2014 AVAST Software
    Run date: 2014-10-27 21:51:00
    -----------------------------
    21:51:00.589    OS Version: Windows x64 6.1.7601 Service Pack 1
    21:51:00.589    Number of processors: 4 586 0x2A07
    21:51:00.590    ComputerName: MEGAN325-PC  UserName: Megan325
    21:51:01.100    Initialize success
    21:51:01.124    VM: initialized successfully
    21:51:01.133    VM: Intel CPU supported
    21:51:08.115    VM: supported disk I/O iaStor.sys
    21:51:10.050    AVAST engine defs: 14062601
    22:01:11.541    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    22:01:11.543    Disk 0 Vendor: ST932032 0003 Size: 305245MB BusType: 3
    22:01:11.751    VM: Disk 0 MBR read successfully
    22:01:11.753    Disk 0 MBR scan
    22:01:12.149    Disk 0 Windows 7 default MBR code
    22:01:12.170    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    25600 MB offset 2048
    22:01:12.275    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       122098 MB offset 52430848
    22:01:12.281    Disk 0 default boot code
    22:01:12.449    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       157545 MB offset 302487552
    22:01:12.679    Disk 0 scanning C:\Windows\system32\drivers
    22:01:25.135    Service scanning
    22:01:29.167    Service clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe **INFECTED** Win64:Evo-gen [Susp]
    22:01:48.673    Modules scanning
    22:01:48.678    Disk 0 trace - called modules:
    22:01:48.696    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
    22:01:48.701    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800700b060]
    22:01:48.704    3 CLASSPNP.SYS[fffff88000dbe43f] -> nt!IofCallDriver -> [0xfffffa80047b5e40]
    22:01:48.708    5 ACPI.sys[fffff88000f1d7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80047b7050]
    22:01:48.972    AVAST engine scan C:\Windows
    22:01:51.041    AVAST engine scan C:\Windows\system32
    22:04:42.762    AVAST engine scan C:\Windows\system32\drivers
    22:04:56.276    AVAST engine scan C:\Users\Megan325
    22:06:38.381    File: C:\Users\Megan325\AppData\Local\Temp\jlu1av5i.adq.exe  **INFECTED** Win32:Evo-gen [Susp]
    22:11:25.512    AVAST engine scan C:\ProgramData
    22:12:40.553    Disk 0 MBR has been saved successfully to "C:\Users\Megan325\Desktop\fixer log 10-27-2014\MBR.dat"
    22:12:40.562    The log file has been saved successfully to "C:\Users\Megan325\Desktop\fixer log 10-27-2014\aswMBR.txt"
     



    #4 hondaspeed05

    hondaspeed05

      New Member

    • Authentic Member
    • Pip
    • 15 posts

    Posted 27 October 2014 - 08:21 PM

    FRST:

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01
    Ran by Megan325 (administrator) on MEGAN325-PC on 27-10-2014 22:15:58
    Running from C:\Users\Megan325\Desktop\computer fix
    Loaded Profile: Megan325 (Available profiles: Megan325)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
    (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
    (Pentair Thermal Management) C:\Program Files (x86)\Pentair Thermal Management\DigiTrace Supervisor Master Server\SupervisorServer.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
    (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe
    (Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    (ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
    (ASUS) C:\Windows\AsScrPro.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [VizorHtmlDialog.exe] => C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1654992 2011-10-26] (Trend Micro Inc.)
    HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [213824 2011-10-04] (Trend Micro Inc.)
    HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [416992 2011-08-02] (Trend Micro Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
    HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
    HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-03-06] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
    HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
    HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
    HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
    HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUS)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3273618889-1627324363-2844995654-1001\...\Run: [HLBackupScheduler] => "C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe"
    HKU\S-1-5-21-3273618889-1627324363-2844995654-1001\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [3485728 2013-09-11] (Hewlett-Packard Co.)
    HKU\S-1-5-21-3273618889-1627324363-2844995654-1001\...\MountPoints2: {2ab70772-e1e3-11e2-aa5c-10bf480e468e} - F:\MotoCastSetup.exe -a
    HKU\S-1-5-21-3273618889-1627324363-2844995654-1001\...\MountPoints2: {4911a580-517a-11e3-a891-10bf480e468e} - F:\LaunchU3.exe -a
    HKU\S-1-5-21-3273618889-1627324363-2844995654-1001\...\MountPoints2: {b5b5094b-1ea3-11e4-aa10-10bf480e468e} - H:\MotoCastSetup.exe -a
    HKU\S-1-5-21-3273618889-1627324363-2844995654-1001\...\MountPoints2: {b5b50a31-1ea3-11e4-aa10-10bf480e468e} - G:\VZW_Software_upgrade_assistant.exe
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk
    ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
    ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
    ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
    BootExecute: autocheck autochk * bootdelete
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
    SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
    SearchScopes: HKCU - {23D4EAD8-0479-40FA-8DF4-BB7AFB6B6F72} URL = http://websearch.ask...F5-1808C3E20B89
    SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
    BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe64.dll (Trend Micro Inc.)
    BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
    BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll (Trend Micro Inc.)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe64.dll (Trend Micro Inc.)
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)
    Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll (Trend Micro Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Megan325\AppData\Roaming\Mozilla\Firefox\Profiles\qfh3wg8k.default
    FF Homepage: google.com
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
    FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Megan325\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Plugin HKCU: tdameritrade.com/thinkorswim -> C:\Program Files (x86)\thinkorswim\npthinkorswim.dll (TD Ameritrade)
    FF Plugin HKCU: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkorswim\nptossc.dll (TD Ameritrade)
    FF Plugin ProgramFiles/Appdata: C:\Users\Megan325\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
    FF Extension: Define Ext - C:\Program Files (x86)\Mozilla Firefox\extensions\gystqfr@ylgga.com [2014-10-06]
    FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension
    FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension [2012-03-06]
    FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
    FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2012-03-06]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-11]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
    CHR Plugin: (Windows Liveà Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Default Plug-in) - default_plugin No File
    CHR Profile: C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Avast Online Security) - C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-11]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-11]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-16] (ASUS)
    R2 DigiTraceSSSvc; C:\Program Files (x86)\Pentair Thermal Management\DigiTrace Supervisor Master Server\SupervisorServer.exe [32768 2013-06-17] (Pentair Thermal Management) [File not signed]
    R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-10-11] (SurfRight B.V.)
    R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
    S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
    R3 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [247072 2011-08-02] (Trend Micro Inc.)
    S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]
    S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U5 aswHwid; C:\Windows\System32\Drivers\aswHwid.sys [29208 2014-10-11] ()
    U5 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [79184 2014-10-11] (AVAST Software)
    U5 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-11] ()
    U5 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1041168 2014-10-11] (AVAST Software)
    U5 aswStm; C:\Windows\System32\Drivers\aswStm.sys [92008 2014-10-11] (AVAST Software)
    R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
    R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [91920 2011-08-11] (Trend Micro Inc.)
    R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [167696 2011-08-11] (Trend Micro Inc.)
    R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [70928 2011-08-11] (Trend Micro Inc.)
    R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-09-29] (Trend Micro Inc.)
    U3 aswVmm; \??\C:\Users\Megan325\AppData\Local\Temp\aswVmm.sys [X]
    S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
    S3 motccgp; system32\DRIVERS\motccgp.sys [X]
    S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
    S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
    S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
    S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
    U3 aswMBR; \??\C:\Users\Megan325\AppData\Local\Temp\aswMBR.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-27 22:14 - 2014-10-27 22:15 - 00000000 ____D () C:\FRST
    2014-10-27 21:49 - 2014-10-27 22:15 - 00000000 ____D () C:\Users\Megan325\Desktop\computer fix
    2014-10-27 21:01 - 2014-10-27 21:01 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
    2014-10-27 21:01 - 2014-10-27 21:01 - 00000296 _____ () C:\Windows\system32\bootdelete.lst
    2014-10-27 20:39 - 2014-10-27 21:01 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
    2014-10-27 20:04 - 2014-10-27 22:12 - 00000000 ____D () C:\Users\Megan325\Desktop\fixer log 10-27-2014
    2014-10-23 21:07 - 2014-10-23 21:07 - 00001304 _____ () C:\Users\Megan325\.recent_hist.xml
    2014-10-14 20:13 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-10-14 20:13 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-10-14 20:13 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-10-14 20:13 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-10-14 20:13 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-10-14 20:13 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-10-14 20:13 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-10-14 20:13 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-10-14 20:13 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-10-14 20:13 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-10-14 20:13 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-10-14 20:13 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-10-14 20:13 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-10-14 20:13 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-10-14 20:13 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-10-14 20:13 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-10-14 20:13 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-10-14 20:13 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-10-14 20:13 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-10-14 20:13 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-10-14 20:13 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-10-14 20:13 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-10-14 20:13 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-10-14 20:13 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-10-14 20:13 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-10-14 20:13 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-10-14 20:13 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-10-14 20:13 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-10-14 20:13 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-10-14 20:13 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-10-14 20:13 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-10-14 20:13 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-10-14 20:13 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-10-14 20:13 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-10-14 20:13 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-10-14 20:13 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-10-14 20:13 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-10-14 20:13 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-10-14 20:13 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-10-14 20:13 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-10-14 20:13 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-10-14 20:13 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-10-14 20:13 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-10-14 20:13 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-10-14 20:13 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-10-14 20:13 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-10-14 20:13 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-10-14 20:13 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-10-14 20:13 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-10-14 20:13 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-10-14 20:13 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-10-14 20:13 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-10-14 20:13 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-10-14 20:13 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-10-14 20:13 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-10-14 20:13 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-10-14 20:13 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-10-14 20:13 - 2014-08-18 23:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2014-10-14 20:13 - 2014-08-18 23:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2014-10-14 20:13 - 2014-08-18 23:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2014-10-14 20:13 - 2014-08-18 23:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2014-10-14 20:13 - 2014-08-18 23:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2014-10-14 20:13 - 2014-08-18 23:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2014-10-14 20:13 - 2014-08-18 22:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2014-10-14 20:13 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
    2014-10-14 20:13 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
    2014-10-14 20:13 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
    2014-10-14 20:13 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
    2014-10-14 20:13 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
    2014-10-14 20:13 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
    2014-10-14 20:13 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
    2014-10-14 20:13 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
    2014-10-14 20:13 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
    2014-10-14 20:13 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
    2014-10-14 20:13 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
    2014-10-14 20:13 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
    2014-10-14 20:13 - 2014-07-06 22:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2014-10-14 20:13 - 2014-07-06 22:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2014-10-14 20:13 - 2014-07-06 22:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2014-10-14 20:13 - 2014-07-06 22:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2014-10-14 20:13 - 2014-07-06 22:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2014-10-14 20:13 - 2014-07-06 22:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2014-10-14 20:13 - 2014-07-06 22:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2014-10-14 20:13 - 2014-07-06 22:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
    2014-10-14 20:13 - 2014-07-06 22:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2014-10-14 20:13 - 2014-07-06 22:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2014-10-14 20:13 - 2014-07-06 22:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2014-10-14 20:13 - 2014-07-06 22:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2014-10-14 20:13 - 2014-07-06 22:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2014-10-14 20:13 - 2014-07-06 22:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2014-10-14 20:13 - 2014-07-06 22:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2014-10-14 20:13 - 2014-07-06 22:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2014-10-14 20:13 - 2014-07-06 22:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2014-10-14 20:13 - 2014-07-06 22:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2014-10-14 20:13 - 2014-07-06 22:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2014-10-14 20:13 - 2014-07-06 22:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2014-10-14 20:13 - 2014-07-06 22:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2014-10-14 20:13 - 2014-07-06 22:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2014-10-14 20:13 - 2014-07-06 22:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2014-10-14 20:13 - 2014-07-06 22:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2014-10-14 20:13 - 2014-07-06 22:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2014-10-14 20:13 - 2014-07-06 21:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
    2014-10-14 20:13 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2014-10-14 20:13 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2014-10-14 20:13 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2014-10-14 20:13 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2014-10-14 20:13 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2014-10-14 20:13 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
    2014-10-14 20:13 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
    2014-10-14 20:13 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
    2014-10-14 20:13 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2014-10-14 20:13 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2014-10-14 20:13 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2014-10-14 20:13 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
    2014-10-14 20:13 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2014-10-14 20:13 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2014-10-14 20:13 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2014-10-14 20:13 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2014-10-14 20:13 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2014-10-14 20:13 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2014-10-14 20:13 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2014-10-14 20:13 - 2014-07-06 21:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2014-10-14 20:13 - 2014-07-06 21:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2014-10-14 20:13 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2014-10-14 20:13 - 2014-06-27 20:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2014-10-14 20:13 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2014-10-14 20:13 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
    2014-10-14 20:13 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
    2014-10-14 20:13 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
    2014-10-14 20:13 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
    2014-10-14 20:13 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
    2014-10-14 20:13 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
    2014-10-14 20:13 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
    2014-10-14 20:12 - 2014-10-09 22:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-10-14 20:12 - 2014-10-09 22:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2014-10-14 20:12 - 2014-10-09 22:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-10-14 20:12 - 2014-08-18 23:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2014-10-14 20:12 - 2014-08-18 23:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2014-10-14 20:12 - 2014-08-18 23:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2014-10-14 20:12 - 2014-08-18 23:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2014-10-14 20:12 - 2014-08-18 22:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2014-10-14 20:12 - 2014-08-18 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2014-10-14 20:12 - 2014-07-06 22:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2014-10-14 20:12 - 2014-07-06 22:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2014-10-14 20:12 - 2014-07-06 22:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2014-10-14 20:12 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2014-10-14 20:12 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2014-10-14 20:12 - 2014-07-06 22:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2014-10-14 20:12 - 2014-07-06 22:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2014-10-14 20:12 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2014-10-14 20:12 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2014-10-14 20:12 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2014-10-14 20:12 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2014-10-14 20:12 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2014-10-14 20:12 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2014-10-14 20:12 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2014-10-14 20:11 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-10-14 20:11 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2014-10-14 20:10 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2014-10-14 20:10 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2014-10-14 20:10 - 2014-09-04 22:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2014-10-14 20:10 - 2014-09-04 21:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2014-10-14 20:10 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
    2014-10-14 20:10 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
    2014-10-14 20:10 - 2014-08-28 22:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2014-10-14 20:10 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2014-10-14 20:10 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2014-10-14 20:10 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
    2014-10-14 20:10 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
    2014-10-14 20:10 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-10-14 20:10 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-10-14 20:10 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
    2014-10-14 20:10 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-10-14 20:10 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-10-14 20:10 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
    2014-10-14 20:10 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
    2014-10-12 17:56 - 2014-10-12 17:56 - 00000308 _____ () C:\Windows\system32\.crusader
    2014-10-12 17:55 - 2014-10-27 19:35 - 00001214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-10-11 16:44 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
    2014-10-11 16:43 - 2014-10-27 20:35 - 00000000 ____D () C:\AdwCleaner
    2014-10-11 16:43 - 2014-10-11 16:43 - 01375089 _____ () C:\Users\Megan325\Downloads\adwcleaner_3.311.exe
    2014-10-11 13:07 - 2014-10-11 13:07 - 00241248 _____ (Kaspersky Lab, Yury Parshin) C:\Windows\system32\Drivers\72488640.sys
    2014-10-11 13:04 - 2014-10-11 13:05 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Megan325\Downloads\tdsskiller.exe
    2014-10-11 12:52 - 2014-10-11 12:52 - 00000000 ____D () C:\Users\Megan325\AppData\Roaming\AVAST Software
    2014-10-11 12:51 - 2014-10-27 21:09 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2014-10-11 12:51 - 2014-10-11 12:51 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-10-11 12:51 - 2014-10-11 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
    2014-10-11 12:50 - 2014-10-11 12:50 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2014-10-11 12:50 - 2014-10-11 12:50 - 00426848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2014-10-11 12:50 - 2014-10-11 12:50 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-10-11 12:50 - 2014-10-11 12:50 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-10-11 12:50 - 2014-10-11 12:50 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-10-11 12:50 - 2014-10-11 12:50 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2014-10-11 12:50 - 2014-10-11 12:50 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-10-11 12:50 - 2014-10-11 12:50 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-10-11 12:50 - 2014-10-11 12:50 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-10-11 12:50 - 2014-10-11 12:50 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2014-10-11 12:49 - 2014-10-11 12:49 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-10-11 12:48 - 2014-10-11 12:49 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-10-11 12:42 - 2014-10-11 12:43 - 91906368 _____ (AVAST Software) C:\Users\Megan325\Downloads\avast_free_antivirus_setup.exe
    2014-10-11 12:33 - 2014-10-11 12:33 - 00001899 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
    2014-10-11 12:33 - 2014-10-11 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
    2014-10-11 12:33 - 2014-10-11 12:33 - 00000000 ____D () C:\Program Files\HitmanPro
    2014-10-09 23:40 - 2014-10-09 23:40 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-10-09 23:40 - 2014-10-09 23:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-10-09 23:40 - 2014-10-09 23:40 - 00000000 ____D () C:\Windows\system32\Macromed
    2014-10-09 23:40 - 2014-10-09 23:40 - 00000000 ____D () C:\Users\Megan325\AppData\Local\Macromedia
    2014-10-07 22:24 - 2014-10-07 22:24 - 31766208 _____ (Microsoft Corporation) C:\Users\Megan325\Downloads\Windows-KB890830-x64-V5.16.exe
    2014-10-06 20:24 - 2014-10-06 20:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-10-01 23:33 - 2014-10-01 23:33 - 00076854 _____ () C:\Users\Megan325\Desktop\HitmanPro_20141001_2333.log
    2014-10-01 22:54 - 2014-10-01 23:33 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-10-01 22:53 - 2014-10-02 15:53 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-10-01 22:44 - 2014-10-01 22:53 - 11194928 _____ (SurfRight B.V.) C:\Users\Megan325\Downloads\HitmanPro_x64.exe
    2014-09-30 20:15 - 2014-10-27 19:35 - 00003312 _____ () C:\Windows\System32\Tasks\Chrome Launcher
    2014-09-30 20:15 - 2014-09-30 20:15 - 00000000 ____D () C:\Program Files (x86)\Techsnab
    2014-09-30 20:10 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2014-09-30 20:10 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2014-09-29 22:35 - 2014-09-29 22:35 - 00000005 _____ () C:\Windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-27 21:48 - 2012-04-22 19:50 - 01712490 _____ () C:\Windows\WindowsUpdate.log
    2014-10-27 21:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-10-27 21:44 - 2014-03-03 16:15 - 00000580 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3273618889-1627324363-2844995654-1001.job
    2014-10-27 21:33 - 2012-03-06 06:49 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-10-27 21:28 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-10-27 21:28 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-10-27 20:37 - 2012-12-28 09:09 - 00000380 _____ () C:\Users\Megan325\AppData\Roaming\sp_data.sys
    2014-10-27 20:37 - 2012-12-28 09:09 - 00000000 ___HD () C:\ASUS.DAT
    2014-10-27 20:37 - 2012-12-28 09:08 - 00000000 ____D () C:\Users\Megan325
    2014-10-27 20:37 - 2012-03-06 06:49 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-10-27 20:36 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-10-27 20:36 - 2009-07-14 00:51 - 00117165 _____ () C:\Windows\setupact.log
    2014-10-27 20:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
    2014-10-23 21:05 - 2013-12-01 20:52 - 00001304 _____ () C:\Users\Megan325\Documents\.usr_app_ncr.dat
    2014-10-23 21:05 - 2013-12-01 20:52 - 00001304 _____ () C:\Users\Megan325\AppData\Roaming\.starmoon_kst.cfg
    2014-10-21 20:36 - 2014-03-03 16:15 - 00003618 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3273618889-1627324363-2844995654-1001
    2014-10-21 20:29 - 2009-07-14 01:13 - 00891626 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-10-21 19:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
    2014-10-15 22:55 - 2009-07-14 01:08 - 00032656 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-10-15 22:55 - 2009-07-14 00:45 - 00410928 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-10-15 22:52 - 2014-05-07 22:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-10-15 22:52 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2014-10-15 22:52 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
    2014-10-15 20:27 - 2013-01-13 17:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-10-15 20:21 - 2013-08-20 03:01 - 00000000 ____D () C:\Windows\system32\MRT
    2014-10-15 20:12 - 2013-01-13 18:29 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-10-13 22:27 - 2013-12-01 20:52 - 00000000 ____D () C:\Users\Megan325\AppData\Roaming\MotiveWave
    2014-10-11 16:55 - 2012-03-06 06:27 - 00184630 _____ () C:\Windows\PFRO.log
    2014-10-11 13:09 - 2012-04-22 19:58 - 00001335 _____ () C:\Windows\system32\ServiceFilter.ini
    2014-10-10 17:56 - 2014-09-05 17:56 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll
    2014-10-09 23:39 - 2013-02-26 20:33 - 00000000 ____D () C:\Users\Megan325\AppData\Local\Adobe
    2014-10-08 18:55 - 2013-11-25 14:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-10-07 21:22 - 2013-02-26 20:34 - 00000000 ____D () C:\Users\Megan325\Desktop\Jesse
    2014-09-29 22:40 - 2013-06-30 20:34 - 00000000 ____D () C:\Program Files (x86)\Motorola Mobility
    2014-09-29 22:36 - 2013-06-30 20:34 - 00000000 ____D () C:\ProgramData\Nero
    2014-09-29 22:36 - 2013-06-30 20:33 - 00000000 ____D () C:\Users\Megan325\AppData\Roaming\Motorola
    2014-09-29 22:36 - 2013-06-30 20:33 - 00000000 ____D () C:\Program Files (x86)\Motorola
    2014-09-29 22:36 - 2012-04-22 19:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2014-09-29 21:53 - 2013-06-30 20:34 - 00000000 ____D () C:\Temp

    Some content of TEMP:
    ====================
    C:\Users\Megan325\AppData\Local\Temp\18be6784_.exe
    C:\Users\Megan325\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvl0cbv.dll
    C:\Users\Megan325\AppData\Local\Temp\GPUpd5414DE5A1.exe
    C:\Users\Megan325\AppData\Local\Temp\GPUpd542018101.exe
    C:\Users\Megan325\AppData\Local\Temp\GPUpd542B47882.exe
    C:\Users\Megan325\AppData\Local\Temp\GPUpd54332F3E1.exe
    C:\Users\Megan325\AppData\Local\Temp\GPUpd543492AE1.exe
    C:\Users\Megan325\AppData\Local\Temp\GPUpd543741AF1.exe
    C:\Users\Megan325\AppData\Local\Temp\HitmanPro.exe
    C:\Users\Megan325\AppData\Local\Temp\jlu1av5i.adq.exe
    C:\Users\Megan325\AppData\Local\Temp\jna6654794410531774277.dll
    C:\Users\Megan325\AppData\Local\Temp\jna6853662713690170548.dll
    C:\Users\Megan325\AppData\Local\Temp\jna8937821894247292805.dll
    C:\Users\Megan325\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
    C:\Users\Megan325\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
    C:\Users\Megan325\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
    C:\Users\Megan325\AppData\Local\Temp\m55x2nrg.efn.exe
    C:\Users\Megan325\AppData\Local\Temp\Quarantine.exe
    C:\Users\Megan325\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
    C:\Users\Megan325\AppData\Local\Temp\{200253A6-5456-4376-891A-4AFF5875F9FF}.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-10-27 21:00

    ==================== End Of Log ============================



    #5 hondaspeed05

    hondaspeed05

      New Member

    • Authentic Member
    • Pip
    • 15 posts

    Posted 27 October 2014 - 08:23 PM

    FRST Addition:

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01
    Ran by Megan325 at 2014-10-27 22:16:38
    Running from C:\Users\Megan325\Desktop\computer fix
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Trend Micro Titanium Internet Security 2012 (Disabled - Up to date) {7193B549-236F-55EE-9AEC-F65279E59A92}
    AS: Trend Micro Titanium Internet Security 2012 (Disabled - Up to date) {CAF254AD-0555-5A60-A05C-CD200262D02F}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.85.3 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
    Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
    Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
    Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.4.0 - Asmedia Technology)
    ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.23 - ASUS)
    ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
    ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
    ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.29 - ASUS)
    ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.2 - ASUS)
    ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0041 - ASUS)
    ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
    ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
    ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version:  - )
    AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
    ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0015 - ASUS)
    avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
    Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
    Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
    Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
    ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
    CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
    CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
    CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DigiTrace Supervisor Client (HKLM-x32\...\{C1F623E8-D0FB-40CD-92D9-338D77B1621A}) (Version: 2.5.1 - Pentair Thermal Management)
    DigiTrace Supervisor Master Server (HKLM-x32\...\{01391BFC-50FB-45CD-855A-AAFB0AC50687}) (Version: 2.5.1 - Pentair Thermal Management)
    Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
    Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    GoPro Studio 2.0.1 (HKLM-x32\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)
    GoToMeeting 7.0.2.1848 (HKCU\...\GoToMeeting) (Version: 7.0.2.1848 - CitrixOnline)
    HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
    HP Officejet Pro 8620 Basic Device Software (HKLM\...\{B693607C-4611-4164-8167-E9F07A86EF6B}) (Version: 32.0.90.45518 - Hewlett-Packard Co.)
    I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.2.0 - ASUS)
    Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
    iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
    Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
    Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
    Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    MotiveWave (HKLM-x32\...\MotiveWave) (Version:  - )
    Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6454 - Realtek Semiconductor Corp.)
    Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
    Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
    Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
    Sony Player Plug-in for Windows Media Player (HKLM-x32\...\Sony Player Plug-in for Windows Media Player) (Version:  - )
    Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - Synaptics Incorporated)
    thinkorswim (HKLM-x32\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
    Trade Navigator (HKLM-x32\...\{384A95F1-EDDA-4BBE-BC6B-7FAA886380F6}) (Version:  - )
    Trend Micro Titanium (Version: 5.00 - Trend Micro Inc.) Hidden
    Trend Micro Titanium Internet Security 2012 (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 5.0 - Trend Micro Inc.)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
    Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
    Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.25 - ASUS)
    用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
    適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3273618889-1627324363-2844995654-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Megan325\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

    ==================== Restore Points  =========================

    16-10-2014 03:39:16 Checkpoint by HitmanPro
    21-10-2014 23:04:44 Windows Update
    21-10-2014 23:04:52 Checkpoint by HitmanPro
    22-10-2014 23:46:03 Checkpoint by HitmanPro
    23-10-2014 00:31:18 Checkpoint by HitmanPro
    24-10-2014 01:09:47 Checkpoint by HitmanPro
    24-10-2014 01:50:07 Checkpoint by HitmanPro
    25-10-2014 19:11:56 Windows Update
    25-10-2014 20:42:00 Checkpoint by HitmanPro
    27-10-2014 23:47:02 Checkpoint by HitmanPro
    28-10-2014 00:34:26 Restore Operation
    28-10-2014 01:00:56 Checkpoint by HitmanPro

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2014-09-23 17:58 - 00002928 ____A C:\Windows\system32\Drivers\etc\hosts
    127.1.2.3 download-manage.com
    127.1.2.3 www.download-manage.com
    127.1.2.3  filemonetizer.com
    127.1.2.3 www. filemonetizer.com
    127.1.2.3  maxdocumentsitefun.info
    127.1.2.3 www. maxdocumentsitefun.info
    127.1.2.3  loversion.com
    127.1.2.3 www. loversion.com
    127.1.2.3  torntv-dl.net
    127.1.2.3 www. torntv-dl.net
    127.1.2.3  tornn-tv.com
    127.1.2.3 www. tornn-tv.com
    127.1.2.3  ads.ad-center.com
    127.1.2.3 www. ads.ad-center.com
    127.1.2.3  idownloadsnow.com
    127.1.2.3 www. idownloadsnow.com
    127.1.2.3  clickansave.net
    127.1.2.3 www. clickansave.net
    127.1.2.3  s1magnettvcom-maynemyltf.netdna-ssl.com
    127.1.2.3 www. s1magnettvcom-maynemyltf.netdna-ssl.com
    127.1.2.3  go.mobibiobi.com
    127.1.2.3 www. go.mobibiobi.com
    127.1.2.3  eudl.net
    127.1.2.3 www. eudl.net
    127.1.2.3  lp.sharelive.net
    127.1.2.3 www. lp.sharelive.net
    127.1.2.3  download.cdn.sharelive.net
    127.1.2.3 www. download.cdn.sharelive.net
    127.1.2.3  vid-converter.com

    There are 34 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {03481314-0D56-4EA1-8187-8F544F93BADC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: {1CB187BE-162E-4214-AA8E-CDC17A2F7943} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2012-02-16] (ASUSTek Computer Inc.)
    Task: {21232939-9DDA-41B2-9FC7-32A4F2B1E2DA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {3212E5AB-2546-46B0-A7C6-2A4843178696} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-11] (AVAST Software)
    Task: {411BEC9E-972F-40DE-8A3B-49E3735E300E} - System32\Tasks\G2MUpdateTask-S-1-5-21-3273618889-1627324363-2844995654-1001 => C:\Users\Megan325\AppData\Local\Citrix\GoToMeeting\1848\g2mupdate.exe [2014-10-21] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {4A49A795-CA35-4D53-91BB-BF016D91294B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: {69C56170-AFD4-46C1-9B5E-B186426FF9D6} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-12-22] (ASUSTek Computer Inc.)
    Task: {6D965624-70E7-4509-82AA-8A95B616BD92} - System32\Tasks\GPUP => C:\Program Files (x86)\GetPrivate\gpup.exe
    Task: {7748FCC7-8BCD-4785-9B9A-7F4274930BB5} - System32\Tasks\RunGadgetController => C:\Program Files (x86)\ASUS\InstantOn for NB\GadgetController.exe [2012-02-03] (ASUS)
    Task: {BB6B40C5-C242-456B-93CE-867CAD880FC0} - System32\Tasks\Chrome Launcher => C:\Program Files (x86)\Techsnab\Chrome Launcher\chrome-links.exe [2014-09-30] (Techsnab)
    Task: {BCEEE6B7-E17D-4FBA-BE7D-D2BFD8F005D5} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-15] (ASUS)
    Task: {BF1C5E80-B1AF-458B-865C-99103EF9B914} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()
    Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3273618889-1627324363-2844995654-1001.job => C:\Users\Megan325\AppData\Local\Citrix\GoToMeeting\1848\g2mupdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-12-03 20:24 - 2013-10-23 16:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
    2010-07-14 19:11 - 2010-07-14 19:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
    2012-03-04 21:24 - 2011-05-05 08:30 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
    2012-03-06 06:59 - 2011-08-02 16:45 - 00047104 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
    2012-03-06 06:59 - 2011-08-02 16:45 - 00042496 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
    2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-04-23 15:59 - 2013-04-23 15:59 - 00051712 _____ () C:\Program Files (x86)\Pentair Thermal Management\DigiTrace Supervisor Master Server\KeyLib32Funcs.DLL
    2007-07-12 14:11 - 2007-07-12 14:11 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
    2012-02-21 17:49 - 2012-02-21 17:49 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
    2010-08-20 12:57 - 2010-08-20 12:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
    2010-08-20 12:57 - 2010-08-20 12:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
    2014-10-06 20:24 - 2014-10-06 20:24 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:054203E4

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\92664554.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\92664554.sys => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
    MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3273618889-1627324363-2844995654-500 - Administrator - Disabled)
    Guest (S-1-5-21-3273618889-1627324363-2844995654-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3273618889-1627324363-2844995654-1002 - Limited - Enabled)
    Megan325 (S-1-5-21-3273618889-1627324363-2844995654-1001 - Administrator - Enabled) => C:\Users\Megan325

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/27/2014 07:47:26 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000200,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000001F6F0C0.72).  hr = 0x80070005, Access is denied.
    .

    Error: (10/27/2014 07:47:26 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000600,(null),0,REG_BINARY,0000000004DAE300.72).  hr = 0x80070005, Access is denied.
    .


    Operation:
       BackupShutdown Event

    Context:
       Execution Context: Writer
       Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
       Writer Name: WMI Writer
       Writer Instance ID: {16575d60-b22e-415d-9642-3e4de07e3af6}

    Error: (10/27/2014 07:47:26 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001b4,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,000000000200E8E0.72).  hr = 0x80070005, Access is denied.
    .


    Operation:
       BackupShutdown Event

    Context:
       Execution Context: Writer
       Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
       Writer Name: Registry Writer
       Writer Instance ID: {5b21cb8d-fed9-4157-b392-c417987df65f}

    Error: (10/27/2014 07:47:26 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000009b8,(null),0,REG_BINARY,0000000005C7E480.72).  hr = 0x80070005, Access is denied.
    .


    Operation:
       BackupShutdown Event

    Context:
       Execution Context: Writer
       Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
       Writer Name: MSSearch Service Writer
       Writer Instance ID: {12e21c38-68cd-4504-b2d2-e5f2e4a27da1}

    Error: (10/27/2014 07:47:26 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002fc,(null),0,REG_BINARY,00000000031FE070.72).  hr = 0x80070005, Access is denied.
    .


    Operation:
       BackupShutdown Event

    Context:
       Execution Context: Writer
       Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
       Writer Name: System Writer
       Writer Instance ID: {a7f82d79-d64c-46a3-80a1-766b2b26698f}

    Error: (10/27/2014 07:47:26 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001f0,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,0000000001DCEBD0.72).  hr = 0x80070005, Access is denied.
    .


    Operation:
       BackupShutdown Event

    Context:
       Execution Context: Writer
       Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
       Writer Name: Shadow Copy Optimization Writer
       Writer Instance ID: {f87efb21-f903-4784-a9e5-f724ea201fd1}

    Error: (10/27/2014 07:47:26 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000600,(null),0,REG_BINARY,0000000004DAE300.72).  hr = 0x80070005, Access is denied.
    .


    Operation:
       BackupShutdown Event

    Context:
       Execution Context: Writer
       Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
       Writer Name: WMI Writer
       Writer Instance ID: {16575d60-b22e-415d-9642-3e4de07e3af6}

    Error: (10/27/2014 07:47:26 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002fc,(null),0,REG_BINARY,00000000031FE070.72).  hr = 0x80070005, Access is denied.
    .


    Operation:
       BackupShutdown Event

    Context:
       Execution Context: Writer
       Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
       Writer Name: System Writer
       Writer Instance ID: {a7f82d79-d64c-46a3-80a1-766b2b26698f}

    Error: (10/27/2014 07:47:26 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001c0,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,0000000002BCEFA0.72).  hr = 0x80070005, Access is denied.
    .


    Operation:
       BackupShutdown Event

    Context:
       Execution Context: Writer
       Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
       Writer Name: COM+ REGDB Writer
       Writer Instance ID: {1bbc61fc-3326-44ae-9d8e-5cc911ddb4b9}

    Error: (10/27/2014 07:47:26 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000009b8,(null),0,REG_BINARY,0000000005C7E480.72).  hr = 0x80070005, Access is denied.
    .


    Operation:
       BackupShutdown Event

    Context:
       Execution Context: Writer
       Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
       Writer Name: MSSearch Service Writer
       Writer Instance ID: {12e21c38-68cd-4504-b2d2-e5f2e4a27da1}


    System errors:
    =============
    Error: (10/27/2014 08:39:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Google Update Service (gupdate) service failed to start due to the following error:
    %%2

    Error: (10/27/2014 08:33:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Windows Update service terminated with the following error:
    %%-2147012892

    Error: (10/27/2014 08:32:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Windows Update service terminated with the following error:
    %%-2147012892

    Error: (10/27/2014 08:32:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Windows Update service terminated with the following error:
    %%-2147012892

    Error: (10/27/2014 08:30:58 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The Network Location Awareness service terminated with service-specific error %%-1073741502.

    Error: (10/27/2014 08:30:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%0

    Error: (10/27/2014 08:30:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The WLAN AutoConfig service terminated with the following error:
    %%1747

    Error: (10/27/2014 08:30:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4002) (User: NT AUTHORITY)
    Description: WLAN AutoConfig service has failed to start.

    Error Code: 1747

    Error: (10/27/2014 08:29:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Windows Event Log service terminated unexpectedly.  It has done this 3 time(s).

    Error: (10/27/2014 08:29:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Windows Event Log service terminated with the following error:
    %%1747


    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
    Percentage of memory in use: 49%
    Total physical RAM: 4000.13 MB
    Available physical RAM: 2024.99 MB
    Total Pagefile: 7998.43 MB
    Available Pagefile: 5702.65 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:47.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (DATA) (Fixed) (Total:153.85 GB) (Free:64.87 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E3102A4B)
    Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
    Partition 2: (Active) - (Size=119.2 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=153.9 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================



    #6 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 28 October 2014 - 04:27 AM

    Hi,

     

    Lets do a few things

     

    Download MiniToolBox and save it to your desktop,  right click on it and select RUN AS ADMINISTRATOR
     
    Checkmark the following boxes:
    •  
    • Flush DNS 
    • Report IE Proxy Settings
     
     
    Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run
     
     
     
    ==================================================================
     
     
     

    Open notepad (Start --> All Programs --> Accessories --> Notepad).
    Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
    Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.
    You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.
     
    Start
    CloseProcesses:
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKCU - {23D4EAD8-0479-40FA-8DF4-BB7AFB6B6F72} URL = http://websearch.ask...F5-1808C3E20B89
    Hosts:
    EmptyTemp:
    End
    
     
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
     
    Then open FRST or FRST64 and click on fix
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
     
     
     
     
    ================================================================================
     
     

    Download Malwarebytes' Anti-Malware  to your desktop. 
     
    •  
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
     
     
    MBAM203_zps0a230260.jpg
     
     
    •  
    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Threat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished and the log pops up...select Copy to Clipboard
    • Please paste the log back into this thread for review
    • Exit Malwarebytes
     
     

     



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #7 hondaspeed05

    hondaspeed05

      New Member

    • Authentic Member
    • Pip
    • 15 posts

    Posted 28 October 2014 - 05:47 PM

    Minitool box results:

     

    Ran by Megan325 (administrator) on 28-10-2014 at 19:46:52
    Running from "C:\Users\Megan325\Desktop\computer fix"
    Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
    Boot Mode: Normal
    ***************************************************************************

    ========================= Flush DNS: ===================================

    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    **** End of log ****



    #8 hondaspeed05

    hondaspeed05

      New Member

    • Authentic Member
    • Pip
    • 15 posts

    Posted 28 October 2014 - 05:48 PM

    A side note, for some reason, the wireless internet keeps shutting off and I have to keep turning it back on manually.  Not sure if this is related at all.

     

    Also, the "proxy server" issue that Hitman Pro seems to resolves comes right back after I reboot the computer.



    #9 hondaspeed05

    hondaspeed05

      New Member

    • Authentic Member
    • Pip
    • 15 posts

    Posted 28 October 2014 - 06:02 PM

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-10-2014 01
    Ran by Megan325 at 2014-10-28 19:56:27 Run:1
    Running from C:\Users\Megan325\Desktop\computer fix
    Loaded Profile: Megan325 (Available profiles: Megan325)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKCU - {23D4EAD8-0479-40FA-8DF4-BB7AFB6B6F72} URL = http://websearch.ask...F5-1808C3E20B89
    Hosts:
    EmptyTemp:
    End
    *****************

    Processes closed successfully.
    C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
    C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23D4EAD8-0479-40FA-8DF4-BB7AFB6B6F72}" => Key deleted successfully.
    "HKCR\CLSID\{23D4EAD8-0479-40FA-8DF4-BB7AFB6B6F72}" => Key not found.
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 1.2 GB temporary data.


    The system needed a reboot.

    ==== End of Fixlog ====



    #10 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 28 October 2014 - 06:14 PM

    Down on the bottom right look for your Wi Fi Icon and right click and go into Network and sharing, when it opens go to properties > Configure > Power Management and take the checkmark out of ALLOW COMPUTER TO TURN OFF THIS DEVICE TO SAVE POWER if its checked

     

    MiniToolbox did not find a proxy and if there was a proxy server it would have showed up on your FRST scan

     

     

    Lets see what Malwarebytes finds



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

      Advertisements

    Register to Remove


    #11 hondaspeed05

    hondaspeed05

      New Member

    • Authentic Member
    • Pip
    • 15 posts

    Posted 28 October 2014 - 06:28 PM

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 10/28/2014
    Scan Time: 8:08:06 PM
    Logfile: malbytes log.txt
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.10.28.07
    Rootkit Database: v2014.10.22.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Megan325

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 349692
    Time Elapsed: 17 min, 3 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 1
    PUP.Optional.GetPrivateVPN, C:\Windows\System32\Tasks\GPUP, , [5a6770a76e0e96a0cdfa968f47bc06fa],

    Physical Sectors: 0
    (No malicious items detected)


    (end)



    #12 hondaspeed05

    hondaspeed05

      New Member

    • Authentic Member
    • Pip
    • 15 posts

    Posted 28 October 2014 - 06:31 PM

    Thanks!  wifi is fixed.

     

    regarding the Proxy, its odd because the Hitman pro found it after the computer just restarted for minitoolbox



    #13 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 29 October 2014 - 03:47 AM

    When you ran Malwarebytes did you have it remove the entry that it found , if not run it again and have it remove it

     

    •  
    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Threat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished and the log pops up...select Copy to Clipboard
    • Please paste the log back into this thread for review
    • Exit Malwarebytes
     
     
     
     
     
    HitmanPro is showing that the proxy has been repaired, all your browsers look free of any proxy servers, let me ask you are you getting redirected to websites that your not wanting to go to, are you getting any pop ups from sites you visit ?
     
     
     

    You need to enable windows to show all files and folders, instructions Here
     
    Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, if it says this file has been checked before, have them recheck it. When the scan is done just copy and paste the link back to this forum for me to see.
     
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
     
    If the site is busy you can try this one

     



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #14 hondaspeed05

    hondaspeed05

      New Member

    • Authentic Member
    • Pip
    • 15 posts

    Posted 29 October 2014 - 06:38 PM

    HI, what file should I be submitting for analysis?  the MalwareBytes log?

     

    when I do a search or do you a site online, the computer is a lot slower now than before I had the problems and I notice that down in the loading bar it shows all kinds of random websites, for example:

     

    never have I visited any of these sites, but they will flash past quick before going to the site that I entered to go to:

     

       C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
       C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
       C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.cpserve.com
       C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
       C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
       C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
       C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
       C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
       C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
       C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
       C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
       C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
       C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
       C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
       C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
       C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
       C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
       C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
       C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
       C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
       C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
       C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
       C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
       C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
       C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
       C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
       C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
       C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.burstnet.com
       C:\Users\Megan325\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com


    Edited by hondaspeed05, 29 October 2014 - 06:38 PM.


    #15 hondaspeed05

    hondaspeed05

      New Member

    • Authentic Member
    • Pip
    • 15 posts

    Posted 29 October 2014 - 06:46 PM

    https://www.virustot...sis/1414629873/


    Related Topics




    Also tagged with one or more of these keywords: Proxy server malware, proxy server, malware, proxy

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users