Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware continues to trouble laptop; links keep popping up in webpages


  • This topic is locked This topic is locked
31 replies to this topic

#1 megreytak

megreytak

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 03 June 2015 - 09:50 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Megan (administrator) on CLARENCE on 03-06-2015 22:39:52
Running from C:\Users\Megan\Downloads
Loaded Profiles: Megan (Available Profiles: Megan & Donna)
Platform: Windows 8.1 (Update 1) (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-02] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780912 2013-09-20] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [9566192 2015-03-10] ()
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-27] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2674676725-105610185-3251944265-1001\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [399224 2014-06-16] (BitTorrent, Inc.)
HKU\S-1-5-21-2674676725-105610185-3251944265-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-04-30] (TomTom)
HKU\S-1-5-21-2674676725-105610185-3251944265-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2674676725-105610185-3251944265-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2674676725-105610185-3251944265-1001\...\Run: [Google Update] => C:\Users\Megan\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-11-20] (Google Inc.)
HKU\S-1-5-21-2674676725-105610185-3251944265-1001\...\Run: [MusicManager] => C:\Users\Megan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2015-03-31] (Google Inc.)
HKU\S-1-5-21-2674676725-105610185-3251944265-1001\...\Run: [GoogleChromeAutoLaunch_9BA0C116C72F612E7CBCF538299D1F69] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)
HKU\S-1-5-21-2674676725-105610185-3251944265-1001\...\MountPoints2: {8e09bd4e-6a21-11e4-8272-c4346b448d60} - "F:\MotoCastSetup.exe" -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-08-25]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2674676725-105610185-3251944265-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2674676725-105610185-3251944265-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=WD8&Tid=000328B0&OHP=www.google.com&OSP=http%3A%2F%2Fwww.trovi.com%2FResults.aspx%3Fgd%3D%26ctid%3DCT3333527%26octid%3DEB%5FORIGINAL%5FCTID%26ISID%3DIB7E5D19F%2DE558%2D40FA%2DBB6B%2DD3E527539C05%26SearchSource%3D58%26CUI%3D%26UM%3D8%26UP%3DSPCC0E874D%2DC756%2D49A7%2DA6C5%2D87808E331840%26D%3D050315%26q%3D%7BsearchTerms%7D%26SSPV%3D
SearchScopes: HKLM -> {D1987C1B-F202-4D5E-9A7D-F3FB371845ED} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D1987C1B-F202-4D5E-9A7D-F3FB371845ED} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2674676725-105610185-3251944265-1001 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2674676725-105610185-3251944265-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2674676725-105610185-3251944265-1001 -> {D1987C1B-F202-4D5E-9A7D-F3FB371845ED} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2674676725-105610185-3251944265-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1

FireFox:
========
FF ProfilePath: C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\ze3x7vuw.default
FF DefaultSearchEngine: Trovi
FF DefaultSearchEngine.US: Twitter
FF SelectedSearchEngine: Trovi
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-21] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin HKU\S-1-5-21-2674676725-105610185-3251944265-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Megan\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-12] (Google Inc.)
FF Plugin HKU\S-1-5-21-2674676725-105610185-3251944265-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Megan\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-12] (Google Inc.)
FF HKU\S-1-5-21-2674676725-105610185-3251944265-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-05]
CHR Extension: (Google Docs) - C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-05]
CHR Extension: (Google Drive) - C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-05]
CHR Extension: (Mini Notepad) - C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apjhdoaiejppfmijnkopdcpjcngdlffj [2015-05-12]
CHR Extension: (YouTube) - C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-05]
CHR Extension: (Google Search) - C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-05]
CHR Extension: (Google Sheets) - C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-05]
CHR Extension: (ScriptBlock) - C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba [2015-06-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-31]
CHR Extension: (Google Wallet) - C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-05]
CHR Extension: (Gmail) - C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-05]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-05] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-05] (CyberLink)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [720760 2015-03-10] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-08-23] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-02] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-20] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-20] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-06-03] ()
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
U2 TMAgent; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-03 22:33 - 2015-06-03 22:40 - 00000000 ____D C:\FRST
2015-06-03 22:33 - 2015-06-03 22:39 - 00018400 _____ C:\Users\Megan\Downloads\FRST.txt
2015-06-03 22:33 - 2015-06-03 22:33 - 02108928 _____ (Farbar) C:\Users\Megan\Downloads\FRST64.exe
2015-06-03 22:30 - 2015-06-03 22:30 - 01147392 _____ (Farbar) C:\Users\Megan\Downloads\FRST.exe
2015-06-03 22:18 - 2015-06-03 22:18 - 00000000 ____D C:\Users\Megan\AppData\Local\CrashDumps
2015-06-03 21:57 - 2015-06-03 22:17 - 00000000 ____D C:\ProgramData\RogueKiller
2015-06-03 21:57 - 2015-06-03 21:57 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-06-03 21:47 - 2015-06-03 21:52 - 00000000 ____D C:\AdwCleaner
2015-06-03 21:45 - 2015-06-03 21:45 - 02231296 _____ C:\Users\Megan\Downloads\AdwCleaner.exe
2015-06-03 21:40 - 2015-06-03 21:41 - 17637624 _____ C:\Users\Megan\Downloads\RogueKiller.exe
2015-06-02 22:49 - 2015-06-02 22:49 - 00000000 ____D C:\Users\Megan\AppData\Roaming\LavasoftStatistics
2015-06-02 22:48 - 2015-06-03 22:37 - 00002352 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-06-02 22:48 - 2015-06-02 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-06-02 22:45 - 2015-06-02 22:45 - 00000000 ____D C:\Program Files\Lavasoft
2015-06-02 22:42 - 2015-06-02 22:42 - 00000000 ____D C:\Users\Megan\AppData\Roaming\Lavasoft
2015-06-02 22:42 - 2015-06-02 22:42 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-06-02 22:39 - 2015-06-02 22:39 - 02057008 _____ C:\Users\Megan\Downloads\Adaware_Installer.exe
2015-06-02 22:39 - 2015-06-02 22:39 - 00000000 ____D C:\ProgramData\Lavasoft
2015-06-02 22:21 - 2015-06-02 22:21 - 00000000 _____ C:\Users\Megan\AppData\Local\Temp.dat
2015-06-02 22:03 - 2015-06-02 22:03 - 00001985 _____ C:\Users\Megan\AppData\Local\recently-used.xbel
2015-06-02 22:00 - 2015-06-02 22:00 - 00000000 ____D C:\Program Files (x86)\GerreatSeAvE4U
2015-05-31 14:36 - 2015-05-31 15:56 - 00000000 ____D C:\Users\Megan\Downloads\Pitch.Perfect.2.2015.HC.HDRip.XviD.AC3-EVO
2015-05-30 13:30 - 2015-05-31 15:53 - 00000000 ____D C:\Users\Megan\Downloads\Aquarius.US.S01.WEB-DL.XviD.MP3-FGT
2015-05-24 12:37 - 2015-05-24 13:49 - 00000000 ____D C:\Users\Megan\Downloads\Game Of Thrones Season 2 Complete HDTV x264 [VectoR]
2015-05-23 21:11 - 2015-05-24 22:38 - 00000000 ____D C:\Users\Megan\Downloads\Grace.and.Frankie.S01.Season.1.WEBRip.x264-SNEAkY
2015-05-23 18:37 - 2015-05-23 18:38 - 163198744 _____ (Microsoft Corporation) C:\Users\Megan\Downloads\msert.exe
2015-05-22 23:51 - 2015-05-23 13:17 - 00000000 ____D C:\Users\Megan\Downloads\Fifty.Shades.of.Grey.2015.UNRATED.BRRip.XviD-ETRG
2015-05-22 21:48 - 2015-05-24 23:34 - 00000000 ____D C:\Users\Megan\Downloads\VA - Pitch Perfect 2 (Original Motion Picture Soundtrack) [2015] [OST] [MP3-320KBPS] [H4CKUS] [GloDLS]
2015-05-22 21:42 - 2015-05-23 13:17 - 00000000 ____D C:\Users\Megan\Downloads\Bones.S10E17.HDTV.x264-LOL[ettv]
2015-05-22 21:40 - 2015-05-23 13:17 - 00000000 ____D C:\Users\Megan\Downloads\Bones.S10E18.HDTV.x264-LOL[ettv]
2015-05-22 21:39 - 2015-05-23 13:17 - 00000000 ____D C:\Users\Megan\Downloads\Bones.S10E19.HDTV.x264-LOL[ettv]
2015-05-17 21:10 - 2015-06-03 20:21 - 00000024 _____ C:\Users\Megan\AppData\Roaming\appdataFr25.bin
2015-05-17 20:57 - 2015-05-17 21:24 - 00000000 ____D C:\Users\Megan\Downloads\The.Amazing.Race.S26E12.HDTV.x264-LOL[rarbg]
2015-05-17 20:55 - 2015-05-22 05:57 - 00000000 ____D C:\Users\Megan\Downloads\The.Amazing.Race.S26E12.HDTV.x264-LOL[ettv]
2015-05-15 21:54 - 2015-05-25 13:23 - 00000000 ____D C:\Users\Megan\Downloads\Hannibal - Season 2 Complete-ChameE
2015-05-15 21:24 - 2015-05-24 22:38 - 00000000 ____D C:\Users\Megan\Downloads\Hannibal complete season 1
2015-05-15 19:33 - 2015-05-15 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2015-05-12 22:32 - 2015-05-12 22:32 - 00000000 ____D C:\Program Files (x86)\Mini Notepad
2015-05-12 22:09 - 2015-06-02 23:05 - 00000000 ____D C:\Program Files (x86)\StatInit
2015-05-11 21:47 - 2015-05-11 21:47 - 00000000 ____D C:\Users\Megan\AppData\Local\Free Picture Solutions
2015-05-11 21:44 - 2015-05-11 21:44 - 00001305 _____ C:\Users\Public\Desktop\Free CBR Reader.lnk
2015-05-11 21:44 - 2015-05-11 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free CBR Reader
2015-05-11 21:44 - 2015-05-11 21:44 - 00000000 ____D C:\Program Files (x86)\Free Picture Solutions
2015-05-11 21:41 - 2015-05-11 21:47 - 00000000 ____D C:\Users\Megan\AppData\Roaming\Free Picture Solutions
2015-05-11 21:41 - 2015-05-11 21:41 - 03419776 _____ (Free Picture Solutions) C:\Users\Megan\Downloads\cbrreader_setup [1].exe
2015-05-11 21:40 - 2015-05-11 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2015-05-11 21:36 - 2015-05-11 21:36 - 00493344 _____ (Safe Download-cbrreader_setup ) C:\Users\Megan\Downloads\cbrreader_setup.exe
2015-05-11 21:33 - 2015-05-11 21:33 - 00232192 _____ C:\Users\Megan\Downloads\cbrreader_setup-39038447.exe
2015-05-09 23:55 - 2015-05-11 16:54 - 00000000 ____D C:\Users\Megan\Downloads\Star Wars - The Empire Strikes Back (v1 - v4) (2015, Marvel Edition) (digital) (Galactic-Empire-HD)
2015-05-09 19:05 - 2015-05-09 21:37 - 00000000 ____D C:\Users\Megan\Downloads\Star Wars Vol.3 - Rebel Girl
2015-05-09 18:40 - 2015-05-09 18:40 - 00000000 ____D C:\Users\Megan\Downloads\Valentine's Day Special
2015-05-09 18:10 - 2015-05-09 18:24 - 00000000 ____D C:\Users\Megan\Downloads\Star Wars - The Thrawn Trilogy (1997-1999, Digital, Fawkes-Empire)
2015-05-09 17:58 - 2015-05-12 06:09 - 00000000 ____D C:\Users\Megan\Downloads\Star Wars Episode V The Empire Strikes Back (1980) [1080p]
2015-05-09 17:51 - 2015-05-09 18:09 - 00000000 ____D C:\Users\Megan\Downloads\Star Wars - Return of the Jedi (v1 - v4) (2015, Marvel Edition) (digital) (Galactic-Empire-HD)
2015-05-09 17:48 - 2015-05-09 18:22 - 178343547 _____ C:\Users\Megan\Downloads\Star Wars v03 - Rebel Girl (2015, Marvel Edition) (digital-Empire).cbr
2015-05-09 17:46 - 2015-05-11 21:48 - 00000000 ____D C:\Users\Megan\Downloads\Star Wars Episode VI Return of the Jedi (1983) [1080p]
2015-05-09 17:45 - 2015-05-09 17:47 - 00000000 ____D C:\Users\Megan\Downloads\243 Star Wars Books Collection EPUB
2015-05-09 17:44 - 2015-05-09 19:11 - 908131939 _____ C:\Users\Megan\Downloads\Star Wars - The Thrawn Trilogy (2015, Marvel Edition) (digital-Empire).cbr
2015-05-09 16:44 - 2015-05-09 17:02 - 117267232 _____ C:\Users\Megan\Downloads\The.Big.Bang.Theory.S08E24.480p.HDTV.X264-MEDO.mp4
2015-05-09 13:00 - 2015-05-14 06:08 - 00000000 ____D C:\Users\Megan\Downloads\The Odd Couple Season 1
2015-05-09 12:58 - 2015-05-09 13:02 - 00000000 ____D C:\Users\Megan\Downloads\NCIS LA
2015-05-08 19:53 - 2015-06-02 22:23 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-08 19:53 - 2015-05-08 19:53 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-08 19:53 - 2015-05-08 19:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-05-08 19:53 - 2015-05-08 19:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-08 19:53 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-08 19:53 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-08 19:53 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-08 19:52 - 2015-05-08 19:52 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Megan\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-07 23:47 - 2015-05-12 22:10 - 00000000 ____D C:\ProgramData\ae2662c7000063da
2015-05-07 23:37 - 2015-05-13 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2015-05-07 23:37 - 2015-05-13 20:20 - 00000000 ____D C:\Program Files (x86)\Anvisoft

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-03 22:42 - 2014-06-16 05:30 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2674676725-105610185-3251944265-1001
2015-06-03 22:39 - 2014-06-16 05:32 - 00000000 __RDO C:\Users\Megan\SkyDrive
2015-06-03 22:38 - 2015-01-05 23:52 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-03 22:37 - 2014-06-16 05:23 - 00000000 ____D C:\Users\Megan
2015-06-03 22:36 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-03 22:15 - 2014-11-20 23:57 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2674676725-105610185-3251944265-1001UA.job
2015-06-03 22:15 - 2014-11-20 23:57 - 00000874 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2674676725-105610185-3251944265-1001Core.job
2015-06-03 22:09 - 2015-01-05 23:52 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-03 22:05 - 2014-06-21 20:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-03 22:00 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-03 21:26 - 2014-06-16 05:17 - 01580819 _____ C:\Windows\WindowsUpdate.log
2015-06-03 21:20 - 2013-08-26 02:09 - 00956476 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-03 20:32 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-03 20:20 - 2013-08-26 02:01 - 00041802 _____ C:\Windows\PFRO.log
2015-06-03 20:19 - 2013-08-22 09:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-06-02 23:06 - 2015-05-03 12:29 - 00000000 ____D C:\Program Files (x86)\bestadblocker
2015-06-02 22:22 - 2014-10-24 14:53 - 00000000 ____D C:\Users\Megan\.gimp-2.8
2015-06-02 22:21 - 2015-03-18 01:09 - 00003164 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMegan
2015-06-02 22:21 - 2015-03-18 01:09 - 00000350 _____ C:\Windows\Tasks\HPCeeScheduleForMegan.job
2015-06-02 22:03 - 2014-10-24 15:01 - 00000000 ____D C:\Users\Megan\AppData\Local\gtk-2.0
2015-06-02 22:02 - 2015-05-03 12:29 - 00000000 ____D C:\ProgramData\7069146178591492471
2015-06-02 21:29 - 2014-12-23 21:46 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-05-31 21:30 - 2014-12-06 15:43 - 00065024 ___SH C:\Users\Megan\Desktop\Thumbs.db
2015-05-31 21:27 - 2014-06-16 05:43 - 00000000 ____D C:\Users\Megan\AppData\Roaming\uTorrent
2015-05-31 15:54 - 2014-06-17 05:19 - 02458624 ___SH C:\Users\Megan\Downloads\Thumbs.db
2015-05-30 11:43 - 2013-08-22 10:46 - 00056201 _____ C:\Windows\setupact.log
2015-05-25 21:14 - 2015-01-05 23:55 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-25 00:27 - 2015-03-15 23:28 - 00018998 _____ C:\Users\Megan\Documents\Eligibility.xlsx
2015-05-24 10:58 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\LiveKernelReports
2015-05-22 05:56 - 2014-09-22 21:14 - 00000000 ____D C:\Users\Megan\Downloads\Movies
2015-05-21 23:07 - 2014-10-22 21:57 - 00000000 ____D C:\Users\Megan\AppData\Local\Adobe
2015-05-21 22:50 - 2014-06-21 20:12 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-17 21:04 - 2015-01-05 23:52 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 21:04 - 2015-01-05 23:52 - 00003660 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 19:33 - 2014-06-29 20:17 - 00000000 ____D C:\Program Files (x86)\TomTom HOME 2
2015-05-15 19:30 - 2014-06-29 20:15 - 00000000 ____D C:\Users\Megan\AppData\Local\Downloaded Installations
2015-05-12 22:10 - 2014-11-20 23:57 - 00003872 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2674676725-105610185-3251944265-1001UA
2015-05-12 22:10 - 2014-11-20 23:57 - 00003492 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2674676725-105610185-3251944265-1001Core
2015-05-10 12:42 - 2015-04-03 16:36 - 101658628 _____ C:\Users\Megan\Downloads\Bangles-Hazy Shade Of Winter.mpg
2015-05-09 18:18 - 2015-02-28 20:38 - 00000000 ____D C:\Users\Megan\Downloads\[ www.Torrenting.com ] - MasterChef.Junior.S01E02.HDTV.XviD-AFG
2015-05-09 16:58 - 2015-01-08 00:43 - 00000000 ____D C:\Users\Megan\Downloads\Cougar Town Season 6
2015-05-09 13:05 - 2014-10-22 22:16 - 00000000 ____D C:\Users\Megan\Downloads\Big Bang
2015-05-08 20:40 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\DesktopTileResources
2015-05-06 21:14 - 2015-05-03 12:27 - 00000000 ____D C:\ProgramData\{a58d7bbd-4e98-6aeb-a58d-d7bbd4e9eef5}
2015-05-06 20:54 - 2015-05-03 12:43 - 00000000 ____D C:\ProgramData\{7300d0f2-4593-8c6b-7300-0d0f245943c9}

==================== Files in the root of some directories =======

2015-05-17 21:10 - 2015-06-03 20:21 - 0000024 _____ () C:\Users\Megan\AppData\Roaming\appdataFr25.bin
2014-07-26 23:45 - 2014-07-26 23:45 - 0000036 _____ () C:\Users\Megan\AppData\Local\housecall.guid.cache
2015-06-02 22:03 - 2015-06-02 22:03 - 0001985 _____ () C:\Users\Megan\AppData\Local\recently-used.xbel
2015-05-07 23:48 - 2015-05-07 23:48 - 0000800 _____ () C:\Users\Megan\AppData\Local\Temp-log.txt
2015-06-02 22:21 - 2015-06-02 22:21 - 0000000 _____ () C:\Users\Megan\AppData\Local\Temp.dat

Some files in TEMP:
====================
C:\Users\Megan\AppData\Local\Temp\COMAP.EXE
C:\Users\Megan\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Megan\AppData\Local\Temp\Extract.exe
C:\Users\Megan\AppData\Local\Temp\flacdec2.exe
C:\Users\Megan\AppData\Local\Temp\popcorn-time-0.8.0.0-setup.exe
C:\Users\Megan\AppData\Local\Temp\Quarantine.exe
C:\Users\Megan\AppData\Local\Temp\SP65755.exe
C:\Users\Megan\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-27 21:08

==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


m

#2 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:07:21 PM

Posted 05 June 2015 - 08:15 PM

:welcome:

 

Your using the torrents to download all sorts of games and movies , this is how you most likely infected your computer, your downloading that file or game from an unknown source, not all but most contain malicious code of some sort 

 

µTorrent <-- Go to Programs and Features in the Control Panel and uninstall  this program

 

Your running FRST64 from your downloads folder, our tools and scanners work more efficiently when run from the Desktop in lieu of being buried in some folder, so go to your Downloads folder and look for FRST64, right click on it and select CUT, then come back to your Desktop and right click on a blank space and select PASTE, then we will have FRST64 exactly where we want it to be. 

 

You have so much junk in your downloads folder, i would suggest you delete it all except for the downloads folder itself

 

Your infected with Trovi so lets do this

 

 

 
-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner To your Desktop
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
Use my link only, do not do a search for AdwCleaner as there is a bogus copy going around by scammers
 
 
Do not click on any links in the top Advertisment.
 
AdwCleaner4.201_zpsxrbk2llq.jpg
 
  •  
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
 
 
===============================================================================
 
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  •  
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
 
 
 
===============================================================================
 
Download Malwarebytes' Anti-Malware  to your desktop. <---------
 
  •  
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
 
 
 
MBAM2010601022_zpsyvzbaddn.jpg
 
  •  
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes
 

 


mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#3 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:07:21 PM

Posted 07 June 2015 - 04:24 PM

Still with me or have you resolved this issue, do you still need help ??


mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#4 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:07:21 PM

Posted 08 June 2015 - 04:15 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#5 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:07:21 PM

Posted 08 June 2015 - 07:18 PM

Hi, I reopened this thread for you.  As long as you let me know you will be away I can keep it open no problem, but just let me know. When I replied and asked you if you still needed help and got no reply from you I just assumed you may have either resolved it or maybe gone elsewhere for help

 

Glad to have you back, just take your time , run the scans I posted and post the logs when you have them


mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#6 megreytak

megreytak
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 08 June 2015 - 07:26 PM

# AdwCleaner v4.206 - Logfile created 08/06/2015 at 18:10:17
# Updated 01/06/2015 by Xplode
# Database : 2015-06-08.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Megan - CLARENCE
# Running from : C:\Users\Megan\Desktop\AdwCleaner(1).exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\7069146178591492471
Folder Deleted : C:\ProgramData\ae2662c7000063da
Folder Deleted : C:\ProgramData\{7300d0f2-4593-8c6b-7300-0d0f245943c9}
Folder Deleted : C:\ProgramData\{a58d7bbd-4e98-6aeb-a58d-d7bbd4e9eef5}
Folder Deleted : C:\Program Files (x86)\RelayDefender
Folder Deleted : C:\Program Files (x86)\bestadblocker
Folder Deleted : C:\Program Files (x86)\GerreatSeAvE4U
Folder Deleted : C:\Program Files (x86)\Mini Notepad
Folder Deleted : C:\Program Files (x86)\SaulePluase
Folder Deleted : C:\Users\Megan\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba
Folder Deleted : C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Folder Deleted : C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apjhdoaiejppfmijnkopdcpjcngdlffj
[/!\] Not Deleted ( Junction ) : C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba
Folder Deleted : C:\ProgramData\anoginbebldkkeimlpegcglfbkkpfnlb
Folder Deleted : C:\ProgramData\ekfagmkbpncgajijkcpnbdfboohafahk
File Deleted : C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_apjhdoaiejppfmijnkopdcpjcngdlffj_0.localstorage
File Deleted : C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_apjhdoaiejppfmijnkopdcpjcngdlffj_0.localstorage-journal
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\09d1539f-63d5-bc9a-1d57-093e218921ed
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6D700D3-3D0D-FEEB-D675-2CE78F9EC5D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17037

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [First Home Page]

-\\ Mozilla Firefox v37.0.2 (x86 en-US)

[ze3x7vuw.default\prefs.js] - Line Deleted : user_pref("extensions.aSzf95zt9IyJpsPH.scode", "(function(){try{if(window.location.href.indexOf(\"rjk5qjrHrds5qdYGrHn7rdaFpdw\")>-1){return;}}catch(e){}try{var d=[[\"backin.net\",\"trianglecash.com\",[...]
[ze3x7vuw.default\prefs.js] - Line Deleted : user_pref("extensions.o9VaTdamZekenyb0.scode", "(function(){try{if(window.location.href.indexOf(\"rjk5qjrHrds5qdYGrHn7rdaFpdw\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure[...]

-\\ Google Chrome v43.0.2357.81

[C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=IB7E5D19F-E558-40FA-BB6B-D3E527539C05&SearchSource=58&CUI=&UM=8&UP=SPCC0E874D-C756-49A7-A6C5-87808E331840&D=050315&q={searchTerms}&SSPV=
[C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=IB7E5D19F-E558-40FA-BB6B-D3E527539C05&SearchSource=55&CUI=&UM=8&UP=SPCC0E874D-C756-49A7-A6C5-87808E331840&D=050315&SSPV=
[C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : 5115C7913870911AE5DDF04BC926EA0A91478799E5BDC92CE4F1ECA084A1AD19"},"software_reporter":{"prompt_reason":"263CCBAFE0E137BF0468FAE70E9D266B0646249610E67DB3F36D08DF9F9A54E3","prompt_seed":"8FA202732B09B97E58DE6520F89A6A5E8336774CAA2C7AB4C5EA909D8FD2788F","prompt_version":"44522A42C8EEE5796020C6F049FE4CDEFF24985A24D07F1B4A8BDFEF16481037"},"sync":{"remaining_rollback_tries":"2A846156EDE27A91CE3A3DD0B816B70EFEE4292B562365EF9288213F1B53492E"}},"super_mac":"F38F8A37672C9B7CD453C4F8A97DEE626D16201F96B292127CCE583658F50E65"},"session":{"restore_on_startup":1,"startup_urls":["hxxp://www.trovi.com/?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=IB7E5D19F-E558-40FA-BB6B-D3E527539C05&SearchSource=55&CUI=&UM=8&UP=SPCC0E874D-C756-49A7-A6C5-87808E331840&D=050315&SSPV=

*************************

AdwCleaner[R0].txt - [5905 bytes] - [03/06/2015 21:47:49]
AdwCleaner[R1].txt - [6086 bytes] - [08/06/2015 18:04:36]
AdwCleaner[S0].txt - [5671 bytes] - [08/06/2015 18:10:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5730  bytes] ##########

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.0 (06.07.2015:1)
OS: Windows 8.1 x64
Ran by Megan on Mon 06/08/2015 at 18:20:17.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_9BA0C116C72F612E7CBCF538299D1F69
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Users\Megan\AppData\Roaming\appdataFr25.bin



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\(default)



~~~ FireFox

Successfully deleted the following from C:\Users\Megan\AppData\Roaming\mozilla\firefox\profiles\ze3x7vuw.default\prefs.js

user_pref(browser.search.defaultenginename, Trovi);
user_pref(browser.search.selectedEngine, Trovi);
user_pref(extensions.AHufXeLxBCFPA3WX.scode, (function(){try{if(window.location.href.indexOf(\rjk5qjrHrds5qdYGrHn7rdaFpdw\)>-1){return;}}catch(e){}try{var d=[[\backin.ne
user_pref(extensions.dEHReK07fQo8N4Yg.scode, (function(){try{if(window.location.href.indexOf(\rjk5qjrHrds5qdYGrHn7rdaFpdw\)>-1){return;}}catch(e){}try{var d=[[\backin.ne
user_pref(extensions.uiBpscyhA7PQoZ0X.scode, (function(){try{if(window.location.href.indexOf(\rjk5qjrHrds5qdYGrHn7rdaFpdw\)>-1){return;}}catch(e){}try{var d=[[\backin.ne
Emptied folder: C:\Users\Megan\AppData\Roaming\mozilla\firefox\profiles\ze3x7vuw.default\minidumps [2 files]



~~~ Chrome


[C:\Users\Megan\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Megan\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Megan\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Megan\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/08/2015 at 18:24:46.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/8/2015
Scan Time: 6:29:30 PM
Logfile: malware.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.08.05
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Megan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 405690
Time Elapsed: 47 min, 42 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, , [4104b404c9c15bdb2764850017ee15eb],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, , [cd785a5eaedca3930f7c2560d23305fb],
PUP.Optional.Trovi.C, HKU\S-1-5-21-2674676725-105610185-3251944265-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [e560b9ff4347cc6a73599be60ef712ee],

Registry Values: 2
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [4104b404c9c15bdb2764850017ee15eb]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [cd785a5eaedca3930f7c2560d23305fb]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
PUP.Optional.Multiplug.A, C:\Program Files (x86)\Do Share\Do Share.exe, , [ff4688305c2ef44265e25203d82aed13],
PUP.Optional.Multiplug.A, C:\Users\Megan\AppData\Local\Temp\YMXOFZ.tmp\GaFbXdzgT00KsD.exe, , [5aebceeac3c7cc6afc8d79bec63c54ac],
PUP.Optional.Proinstall, C:\Users\Megan\Downloads\cbrreader_setup-39038447.exe, , [5ce91b9d96f4af87ce02cd814bb77b85],

Physical Sectors: 0
(No malicious items detected)


(end)



#7 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:07:21 PM

Posted 08 June 2015 - 08:06 PM

Great, did you have Malwarebytes remove all those entries, most times the log will show that there Quarantined and this one does not, to be sure run Malwarebytes again and make sure that everything that is found is removed

 

In case you need it

 

  •  
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Threat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked<----------
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished click on VIEW DETAILED LOG
  • When it opens click on COPY TO CLIPBOARD
  • Then paste the log back into this thread for review
  • Exit Malwarebytes
 
 
 
After we determine that Malwarebytes is clean, make sure you moved FRST64 to the desktop, open it, checkmark Additions, run a new scan and post both the FRST log and the Additions log please

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#8 megreytak

megreytak
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 14 June 2015 - 08:23 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/14/2015
Scan Time: 8:16:32 PM
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.14.05
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Megan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 407424
Time Elapsed: 52 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, , [099487335b2fbd79f4b68506a26301ff],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, , [1a83c9f1aae0a88ed3d75d2e6a9bfe02],
PUP.Optional.Trovi.C, HKU\S-1-5-21-2674676725-105610185-3251944265-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [c2dbdfdb484238fed11f157270957e82],

Registry Values: 2
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [099487335b2fbd79f4b68506a26301ff]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [1a83c9f1aae0a88ed3d75d2e6a9bfe02]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
PUP.Optional.Multiplug.A, C:\Program Files (x86)\Do Share\Do Share.exe, , [8b1211a94743320480c78dc946bc9967],
PUP.Optional.Multiplug.A, C:\Users\Megan\AppData\Local\Temp\YMXOFZ.tmp\GaFbXdzgT00KsD.exe, , [f1acae0c761441f501889b9d31d1ef11],
PUP.Optional.Proinstall, C:\Users\Megan\Downloads\cbrreader_setup-39038447.exe, , [9c0175450189c76f4d83ca85c83a8878],

Physical Sectors: 0
(No malicious items detected)


(end)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Megan (administrator) on CLARENCE on 14-06-2015 21:18:53
Running from C:\Users\Megan\Desktop
Loaded Profiles: Megan (Available Profiles: Megan & Donna)
Platform: Windows 8.1 (Update 1) (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-02] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780912 2013-09-20] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [9566192 2015-03-10] ()
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-27] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2674676725-105610185-3251944265-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-04-30] (TomTom)
HKU\S-1-5-21-2674676725-105610185-3251944265-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2674676725-105610185-3251944265-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2674676725-105610185-3251944265-1001\...\Run: [Google Update] => C:\Users\Megan\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-11-20] (Google Inc.)
HKU\S-1-5-21-2674676725-105610185-3251944265-1001\...\Run: [MusicManager] => C:\Users\Megan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-05-29] (Google Inc.)
HKU\S-1-5-21-2674676725-105610185-3251944265-1001\...\MountPoints2: {8e09bd4e-6a21-11e4-8272-c4346b448d60} - "F:\MotoCastSetup.exe" -a
HKU\S-1-5-21-2674676725-105610185-3251944265-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [786432 2013-08-22] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-08-25]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2674676725-105610185-3251944265-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {D1987C1B-F202-4D5E-9A7D-F3FB371845ED} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D1987C1B-F202-4D5E-9A7D-F3FB371845ED} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2674676725-105610185-3251944265-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2674676725-105610185-3251944265-1001 -> {D1987C1B-F202-4D5E-9A7D-F3FB371845ED} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2674676725-105610185-3251944265-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1

FireFox:
========
FF ProfilePath: C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\ze3x7vuw.default
FF DefaultSearchEngine.US: Twitter
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin HKU\S-1-5-21-2674676725-105610185-3251944265-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Megan\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-12] (Google Inc.)
FF Plugin HKU\S-1-5-21-2674676725-105610185-3251944265-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Megan\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-12] (Google Inc.)
FF HKU\S-1-5-21-2674676725-105610185-3251944265-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-05] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-05] (CyberLink)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [720760 2015-03-10] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-08-23] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-20] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-20] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-06-03] ()
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
U2 TMAgent; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-14 21:18 - 2015-06-14 21:19 - 00015971 _____ C:\Users\Megan\Desktop\FRST.txt
2015-06-14 21:18 - 2015-06-14 21:18 - 00000000 ____D C:\Users\Megan\Desktop\FRST-OlderVersion
2015-06-14 21:17 - 2015-06-14 21:17 - 00002093 _____ C:\Users\Megan\Desktop\1.txt
2015-06-12 20:18 - 2015-06-12 20:21 - 00000000 ____D C:\abdd80e82d37670b6e12f95f
2015-06-12 20:18 - 2015-06-12 20:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-12 20:18 - 2015-06-12 20:18 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-12 20:18 - 2015-06-12 20:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-12 20:17 - 2015-06-12 20:18 - 13095136 _____ (Microsoft Corporation) C:\Users\Megan\Downloads\Silverlight_x64.exe
2015-06-08 19:23 - 2015-06-08 19:23 - 00002098 _____ C:\Users\Megan\Desktop\malware.txt
2015-06-08 18:28 - 2015-06-08 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-08 18:24 - 2015-06-08 18:24 - 00002398 _____ C:\Users\Megan\Desktop\JRT.txt
2015-06-08 18:20 - 2015-06-08 18:20 - 00000207 _____ C:\Windows\tweaking.com-regbackup-CLARENCE-Windows-8.1-(64-bit).dat
2015-06-08 18:20 - 2015-06-08 18:20 - 00000000 ____D C:\RegBackup
2015-06-08 18:10 - 2015-06-08 18:10 - 00005810 _____ C:\Users\Megan\Desktop\AdwCleaner[S0].txt
2015-06-08 17:52 - 2015-06-08 17:52 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Megan\Desktop\mbam-setup-2.1.6.1022(1).exe
2015-06-08 17:50 - 2015-06-08 17:51 - 02943232 _____ (Thisisu) C:\Users\Megan\Desktop\JRT.exe
2015-06-08 17:50 - 2015-06-08 17:50 - 02231296 _____ C:\Users\Megan\Desktop\AdwCleaner(1).exe
2015-06-03 22:49 - 2015-06-03 22:49 - 00039869 _____ C:\Users\Megan\Documents\Addition.txt
2015-06-03 22:43 - 2015-06-03 22:43 - 00039869 _____ C:\Users\Megan\Downloads\Addition.txt
2015-06-03 22:33 - 2015-06-14 21:19 - 00000000 ____D C:\FRST
2015-06-03 22:33 - 2015-06-14 21:18 - 02109952 _____ (Farbar) C:\Users\Megan\Desktop\FRST64.exe
2015-06-03 22:33 - 2015-06-03 22:45 - 00033211 _____ C:\Users\Megan\Downloads\FRST.txt
2015-06-03 22:30 - 2015-06-03 22:30 - 01147392 _____ (Farbar) C:\Users\Megan\Downloads\FRST.exe
2015-06-03 22:18 - 2015-06-14 09:52 - 00000000 ____D C:\Users\Megan\AppData\Local\CrashDumps
2015-06-03 21:57 - 2015-06-03 22:17 - 00000000 ____D C:\ProgramData\RogueKiller
2015-06-03 21:57 - 2015-06-03 21:57 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-06-03 21:47 - 2015-06-08 18:19 - 00000000 ____D C:\AdwCleaner
2015-06-03 21:45 - 2015-06-03 21:45 - 02231296 _____ C:\Users\Megan\Downloads\AdwCleaner.exe
2015-06-03 21:40 - 2015-06-03 21:41 - 17637624 _____ C:\Users\Megan\Downloads\RogueKiller.exe
2015-06-02 22:49 - 2015-06-02 22:49 - 00000000 ____D C:\Users\Megan\AppData\Roaming\LavasoftStatistics
2015-06-02 22:48 - 2015-06-12 20:23 - 00002352 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-06-02 22:48 - 2015-06-02 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-06-02 22:45 - 2015-06-02 22:45 - 00000000 ____D C:\Program Files\Lavasoft
2015-06-02 22:42 - 2015-06-02 22:42 - 00000000 ____D C:\Users\Megan\AppData\Roaming\Lavasoft
2015-06-02 22:42 - 2015-06-02 22:42 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-06-02 22:39 - 2015-06-02 22:39 - 02057008 _____ C:\Users\Megan\Desktop\Adaware_Installer.exe
2015-06-02 22:39 - 2015-06-02 22:39 - 00000000 ____D C:\ProgramData\Lavasoft
2015-06-02 22:21 - 2015-06-02 22:21 - 00000000 _____ C:\Users\Megan\AppData\Local\Temp.dat
2015-06-02 22:03 - 2015-06-02 22:03 - 00001985 _____ C:\Users\Megan\AppData\Local\recently-used.xbel
2015-05-31 14:36 - 2015-05-31 15:56 - 00000000 ____D C:\Users\Megan\Downloads\Pitch.Perfect.2.2015.HC.HDRip.XviD.AC3-EVO
2015-05-30 13:30 - 2015-05-31 15:53 - 00000000 ____D C:\Users\Megan\Downloads\Aquarius.US.S01.WEB-DL.XviD.MP3-FGT
2015-05-24 12:37 - 2015-05-24 13:49 - 00000000 ____D C:\Users\Megan\Downloads\Game Of Thrones Season 2 Complete HDTV x264 [VectoR]
2015-05-23 21:11 - 2015-05-24 22:38 - 00000000 ____D C:\Users\Megan\Downloads\Grace.and.Frankie.S01.Season.1.WEBRip.x264-SNEAkY
2015-05-23 18:37 - 2015-05-23 18:38 - 163198744 _____ (Microsoft Corporation) C:\Users\Megan\Downloads\msert.exe
2015-05-22 23:51 - 2015-05-23 13:17 - 00000000 ____D C:\Users\Megan\Downloads\Fifty.Shades.of.Grey.2015.UNRATED.BRRip.XviD-ETRG
2015-05-22 21:48 - 2015-05-24 23:34 - 00000000 ____D C:\Users\Megan\Downloads\VA - Pitch Perfect 2 (Original Motion Picture Soundtrack) [2015] [OST] [MP3-320KBPS] [H4CKUS] [GloDLS]
2015-05-22 21:42 - 2015-05-23 13:17 - 00000000 ____D C:\Users\Megan\Downloads\Bones.S10E17.HDTV.x264-LOL[ettv]
2015-05-22 21:40 - 2015-05-23 13:17 - 00000000 ____D C:\Users\Megan\Downloads\Bones.S10E18.HDTV.x264-LOL[ettv]
2015-05-22 21:39 - 2015-05-23 13:17 - 00000000 ____D C:\Users\Megan\Downloads\Bones.S10E19.HDTV.x264-LOL[ettv]
2015-05-17 20:57 - 2015-05-17 21:24 - 00000000 ____D C:\Users\Megan\Downloads\The.Amazing.Race.S26E12.HDTV.x264-LOL[rarbg]
2015-05-17 20:55 - 2015-05-22 05:57 - 00000000 ____D C:\Users\Megan\Downloads\The.Amazing.Race.S26E12.HDTV.x264-LOL[ettv]
2015-05-15 21:54 - 2015-05-25 13:23 - 00000000 ____D C:\Users\Megan\Downloads\Hannibal - Season 2 Complete-ChameE
2015-05-15 21:24 - 2015-05-24 22:38 - 00000000 ____D C:\Users\Megan\Downloads\Hannibal complete season 1
2015-05-15 19:33 - 2015-05-15 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-14 21:15 - 2014-11-20 23:57 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2674676725-105610185-3251944265-1001UA.job
2015-06-14 21:10 - 2014-06-16 05:30 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2674676725-105610185-3251944265-1001
2015-06-14 21:09 - 2015-01-05 23:52 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-14 21:09 - 2015-01-05 23:52 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-14 21:05 - 2014-06-21 20:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-14 21:00 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-14 20:16 - 2015-05-08 19:53 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-14 20:15 - 2015-03-15 23:28 - 00019292 _____ C:\Users\Megan\Documents\Eligibility.xlsx
2015-06-14 19:06 - 2014-06-16 05:17 - 01283760 _____ C:\Windows\WindowsUpdate.log
2015-06-14 19:06 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-14 15:01 - 2014-10-22 21:57 - 00000000 ____D C:\Users\Megan\AppData\Local\Adobe
2015-06-14 15:01 - 2014-06-21 20:12 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-12 20:24 - 2014-06-16 05:32 - 00000000 __RDO C:\Users\Megan\SkyDrive
2015-06-12 20:23 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-12 20:22 - 2013-08-22 09:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-06-11 22:21 - 2015-03-18 01:09 - 00003164 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMegan
2015-06-11 22:21 - 2015-03-18 01:09 - 00000350 _____ C:\Windows\Tasks\HPCeeScheduleForMegan.job
2015-06-11 22:15 - 2014-11-20 23:57 - 00000874 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2674676725-105610185-3251944265-1001Core.job
2015-06-09 23:11 - 2015-01-05 23:55 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-09 22:17 - 2014-12-23 21:46 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-06-08 18:28 - 2015-05-08 19:53 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-08 18:28 - 2015-05-08 19:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-08 18:13 - 2014-12-06 15:43 - 00065024 ___SH C:\Users\Megan\Desktop\Thumbs.db
2015-06-08 18:10 - 2014-06-16 05:23 - 00000000 ____D C:\Users\Megan
2015-06-08 17:55 - 2014-06-16 05:43 - 00000000 ____D C:\Users\Megan\AppData\Roaming\uTorrent
2015-06-04 23:33 - 2014-06-16 05:25 - 00000000 ____D C:\Users\Megan\AppData\Local\Packages
2015-06-04 05:55 - 2014-06-17 05:19 - 02458624 ___SH C:\Users\Megan\Downloads\Thumbs.db
2015-06-03 23:11 - 2013-08-26 02:09 - 00956476 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-03 20:20 - 2013-08-26 02:01 - 00041802 _____ C:\Windows\PFRO.log
2015-06-02 23:05 - 2015-05-12 22:09 - 00000000 ____D C:\Program Files (x86)\StatInit
2015-06-02 22:22 - 2014-10-24 14:53 - 00000000 ____D C:\Users\Megan\.gimp-2.8
2015-06-02 22:03 - 2014-10-24 15:01 - 00000000 ____D C:\Users\Megan\AppData\Local\gtk-2.0
2015-05-30 11:43 - 2013-08-22 10:46 - 00056201 _____ C:\Windows\setupact.log
2015-05-24 10:58 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\LiveKernelReports
2015-05-22 05:56 - 2014-09-22 21:14 - 00000000 ____D C:\Users\Megan\Downloads\Movies
2015-05-17 21:04 - 2015-01-05 23:52 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 21:04 - 2015-01-05 23:52 - 00003660 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 19:33 - 2014-06-29 20:17 - 00000000 ____D C:\Program Files (x86)\TomTom HOME 2
2015-05-15 19:30 - 2014-06-29 20:15 - 00000000 ____D C:\Users\Megan\AppData\Local\Downloaded Installations

==================== Files in the root of some directories =======

2014-07-26 23:45 - 2014-07-26 23:45 - 0000036 _____ () C:\Users\Megan\AppData\Local\housecall.guid.cache
2015-06-02 22:03 - 2015-06-02 22:03 - 0001985 _____ () C:\Users\Megan\AppData\Local\recently-used.xbel
2015-05-07 23:48 - 2015-05-07 23:48 - 0000800 _____ () C:\Users\Megan\AppData\Local\Temp-log.txt
2015-06-02 22:21 - 2015-06-02 22:21 - 0000000 _____ () C:\Users\Megan\AppData\Local\Temp.dat

Some files in TEMP:
====================
C:\Users\Megan\AppData\Local\Temp\COMAP.EXE
C:\Users\Megan\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Megan\AppData\Local\Temp\Extract.exe
C:\Users\Megan\AppData\Local\Temp\flacdec2.exe
C:\Users\Megan\AppData\Local\Temp\popcorn-time-0.8.0.0-setup.exe
C:\Users\Megan\AppData\Local\Temp\SP65755.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-06 11:14

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Megan at 2015-06-14 21:21:05
Running from C:\Users\Megan\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2674676725-105610185-3251944265-500 - Administrator - Disabled)
Donna (S-1-5-21-2674676725-105610185-3251944265-1004 - Limited - Enabled) => C:\Users\Donna
Guest (S-1-5-21-2674676725-105610185-3251944265-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2674676725-105610185-3251944265-1003 - Limited - Enabled)
Megan (S-1-5-21-2674676725-105610185-3251944265-1001 - Administrator - Enabled) => C:\Users\Megan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft)
AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3303 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3228 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3305 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DxO Optics Pro 8 (HKLM\...\{ECC28C7D-ABF5-4ED1-9B29-6D48BC218393}) (Version: 8.5.0 - DxO Labs)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Free CBR Reader (HKLM-x32\...\{B9240DAE-EFA1-4A0E-824F-17B3F99194F8}) (Version: 1.0.0 - Free Picture Solutions)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{CCE5C597-03EA-423E-BA80-6FCD280A8465}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}) (Version: 2.3.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3309 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2674676725-105610185-3251944265-1001\...\OneDriveSetup.exe) (Version: 17.3.1165.0612 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MPC-HC 1.7.5 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.5 - MPC-HC Team)
Music Manager (HKU\S-1-5-21-2674676725-105610185-3251944265-1001\...\MusicManager) (Version:  - Google, Inc.)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29070 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.65 - NCH Software)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.15.0 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TomTom HOME (HKLM-x32\...\{0E09BE17-EDEA-42CA-8974-42A587F51510}) (Version: 2.9.8 - TomTom)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinX HD Video Converter Deluxe 5.0.3 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version:  - Digiarty Software, Inc.)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2674676725-105610185-3251944265-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Megan\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2674676725-105610185-3251944265-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Megan\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2674676725-105610185-3251944265-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Megan\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2674676725-105610185-3251944265-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Megan\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2674676725-105610185-3251944265-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Megan\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

24-05-2015 11:30:38 Scheduled Checkpoint
02-06-2015 22:39:44 AA11
12-06-2015 17:52:09 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00E452DB-92CB-4A34-8C5D-308C47947DFC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {086A962A-E7A7-47ED-BB09-51DCDE5F69C6} - System32\Tasks\HPCeeScheduleForMegan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {1A587704-8586-49E6-9B79-110A8EF1D871} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {244890BC-C9CF-429F-93D7-73886DD44537} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2674676725-105610185-3251944265-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {339E9755-EC02-4ABF-B795-3E6DE3385E19} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-14] (Adobe Systems Incorporated)
Task: {4E8A2E80-10EA-4E66-BC4B-216D8325F92E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2674676725-105610185-3251944265-1001Core => C:\Users\Megan\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-20] (Google Inc.)
Task: {5E6CBB2F-A7E7-46DE-909A-F8810C12AE0D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP SoftPaq Installer => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Tasks.exe [2013-08-29] (Hewlett-Packard Company)
Task: {8B0CD67D-11AC-4499-9BF6-2840B13465F0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)
Task: {A075F138-5C3B-4967-B786-6EAEA06531B9} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {A1B812C5-34B0-43B2-93F8-A6806CDCE2C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)
Task: {AF714651-7934-4900-80DB-D2D2BEEF9219} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {DC063E4F-31B6-4355-A96C-BF1AC58DEDFC} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-09-20] (Synaptics Incorporated)
Task: {E9B150DC-4A7A-4C84-AC43-5B8D24FF759C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2674676725-105610185-3251944265-1001UA => C:\Users\Megan\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-20] (Google Inc.)
Task: {EFB8AD07-D7EB-4A56-82AA-9F686B9DE34A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {F79B0516-4DD9-4A69-8645-18DD17C1CFD8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2674676725-105610185-3251944265-1001Core.job => C:\Users\Megan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2674676725-105610185-3251944265-1001UA.job => C:\Users\Megan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMegan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2013-10-14 15:23 - 2013-10-14 15:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 15:24 - 2013-10-14 15:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 15:25 - 2013-10-14 15:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 15:22 - 2013-10-14 15:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 15:22 - 2013-10-14 15:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 15:22 - 2013-10-14 15:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 15:35 - 2013-10-14 15:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 15:35 - 2013-10-14 15:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-10 18:47 - 2015-03-10 18:47 - 00720760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
2015-03-10 18:51 - 2015-03-10 18:51 - 00107024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_thread-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00024080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_system-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00055320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00125464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00033296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_chrono-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 12745216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareServiceKernel.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 03396064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\RCF.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00785936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_regex-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00744960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareActivation.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00480272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareApplicationUpdater.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00812032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareGamingMode.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00099312 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareReset.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00119792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTime.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00963088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdater.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00868896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdaterScheduler.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01108992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIgnoreList.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00247808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareQuarantine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01013256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiMalwareEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00211464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiRootkitEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01177608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerHistory.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01302008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScanner.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00034832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_timer-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00977416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerScheduler.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01143824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00237568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIncompatibles.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00893432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiSpam.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00847872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiPhishing.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 03104776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareParentalControl.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02958848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareWebProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01288712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareEmailProtection.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00053272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_iostreams-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01293832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNetworkProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00969200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePromo.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00366584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareFeedback.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02787344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareThreatWorkAlliance.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01232888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePinCode.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00969208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNotice.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00963576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAvcEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01184792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtectionHistory.dll
2013-10-14 15:30 - 2013-10-14 15:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-03-10 18:50 - 2015-03-10 18:50 - 09566192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
2015-03-10 18:51 - 2015-03-10 18:51 - 00499728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_locale-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02144248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\HtmlFramework.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00869896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTrayDefaultSkin.dll
2014-04-03 15:09 - 2013-08-05 03:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 18:48 - 2013-08-05 18:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Donna\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Donna\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Megan\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2674676725-105610185-3251944265-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.43.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-2674676725-105610185-3251944265-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2674676725-105610185-3251944265-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-2674676725-105610185-3251944265-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-2674676725-105610185-3251944265-1001\...\StartupApproved\Run: => "TomTomHOME.exe"
HKU\S-1-5-21-2674676725-105610185-3251944265-1001\...\StartupApproved\Run: => "MusicManager"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{06AA04FC-AA5D-4EAF-9CD2-0DEADC039B60}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{43EB98E3-EC98-4890-8C14-A16270650AFA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8A12E02F-CB50-4A57-A4B1-87D9862AFC4C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DB4F7114-8D96-40B2-8CE0-3811344C493F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{20E9AA2C-9CD3-4AD1-95F3-A78A1A9A8A97}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{A07FBB38-2202-45D5-8758-EEA6F91376B3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{4621921A-7090-4E0F-9F13-6253B43B7F5A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{15AE62CF-B188-493D-9680-8F50E0771329}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{31C038A5-E148-42AB-B2C2-4F00645D4286}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{CC727D2D-D770-4F6A-AF46-7968C6495022}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{D6BE15F0-75E1-4665-9EE3-20312B402211}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{8D69832D-F41E-469D-9C36-850B76BD2F3F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{34F3BF1A-D481-4634-B528-F100027BCF09}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{BCBB4636-560A-4D39-916D-CDD5B47BAB54}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{C1A75BF4-EB55-47C6-A443-73BA66A8CE85}] => (Allow) C:\Users\Megan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{13BD3A1F-654F-4A11-B7C5-47B555ECB09E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F51C5396-3A97-4A6F-94FF-134889E8FFF7}] => (Allow) LPort=2869
FirewallRules: [{8CB678F3-4BFF-4F23-841B-7C8E783106F7}] => (Allow) LPort=1900
FirewallRules: [{23949969-24BE-48D4-A9A7-6E30D0D1E3F7}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D019E7FB-A5CB-4B32-A6B4-F81643D72FA4}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{33341B2F-01F4-49AF-BABA-F0988DD87B9D}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{97CB7AE7-FD67-4848-B6E1-81E8CD9AA164}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{2F2D74AF-C6C1-48FA-A5B4-DF7C974BFB2E}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{0EE272D0-FB08-421F-B61D-4E9E81458B7A}] => (Allow) C:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{02D954DD-4F09-480E-927C-F50693716510}] => (Allow) C:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{69C42579-342E-454C-99C7-349974AAB857}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0EDF42FE-A825-432A-AF0D-F2B6CB972982}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B243C69F-77D1-4E20-896E-BFB941D01119}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{AD49C1B2-4E65-44DC-8E6E-DC29A98D2FCF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{B7A02DB4-1B57-4A6B-AF9C-513CF0D17AD8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F3BA8642-3562-4663-9949-C7D1ED169C31}] => (Allow) C:\Users\Megan\AppData\Local\Temp\nsdA8F7.tmp\CnetInstaller-75990537.exe
FirewallRules: [{F193CD50-C058-4C2A-9302-1B8B98203DF2}] => (Allow) C:\Users\Megan\AppData\Local\Temp\nsdA8F7.tmp\CnetInstaller-75990537.exe
FirewallRules: [{CAE6B2FC-7D50-4FCA-BBD0-CB32509C5C85}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BA432AA9-7B5F-4B9D-BBDE-21586F65241B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/14/2015 06:56:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7260828

Error: (06/14/2015 06:56:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7260828

Error: (06/14/2015 06:56:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/14/2015 06:56:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7259719

Error: (06/14/2015 06:56:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7259719

Error: (06/14/2015 06:56:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/14/2015 06:56:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7258547

Error: (06/14/2015 06:56:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7258547

Error: (06/14/2015 06:56:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/14/2015 06:56:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7257422


System errors:
=============
Error: (06/14/2015 04:54:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 5 time(s).

Error: (06/13/2015 09:47:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 4 time(s).

Error: (06/13/2015 00:44:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 3 time(s).

Error: (06/12/2015 11:20:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 2 time(s).

Error: (06/12/2015 09:23:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/12/2015 06:24:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 10 time(s).

Error: (06/11/2015 11:56:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 9 time(s).

Error: (06/11/2015 06:24:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 8 time(s).

Error: (06/10/2015 11:23:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 7 time(s).

Error: (06/10/2015 09:01:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 6 time(s).


Microsoft Office:
=========================
Error: (07/01/2014 04:56:35 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 32695 seconds with 11820 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU N3520 @ 2.16GHz
Percentage of memory in use: 62%
Total physical RAM: 3992.59 MB
Available physical RAM: 1498.84 MB
Total Pagefile: 4696.59 MB
Available Pagefile: 1731.5 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:678.57 GB) (Free:343.44 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:19.29 GB) (Free:1.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 1E2AB9DB)

Partition: GPT Partition Type.

==================== End of log ============================



#9 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:07:21 PM

Posted 14 June 2015 - 08:46 PM

Malwarebytes is still finding bad entries, you may not be removing them after the scan, you need to run it again and make sure whatever it finds is checked and remove selected . Those are bad items and they need to be gone

 

Or you should have it set to quarantine those items automatically

 

With Malwarebytes open, on the Dashboard go to Settings > Advanced Settings and make sure AUTOMATICALLY QUARANTINE DETECTED ITEMS  is checked

 

 

 

 

 

Download CKScanner by askey127 from Here & save it to your Desktop.
  • Doubleclick CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Please Run this program only once
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

  • Edited by ken545, 14 June 2015 - 09:11 PM.

    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #10 megreytak

    megreytak
    • Topic Starter

    • Members
    • 13 posts
    • OFFLINE
    •  
    • Local time:08:21 PM

    Posted 15 June 2015 - 07:17 PM

    Sorry--missed that part; it's been a long weekend.

     

    I hope this is the right log--it saved the file to location then asked me to restart.

     

    <?xml version="1.0" encoding="UTF-8" ?>
    <logs>
       <record severity="debug" LoggingEventType="1" datetime="2015-06-14T20:16:12.722422-04:00" source="Manual" type="Update" username="SYSTEM" systemname="CLARENCE" fromVersion="0.0.0.0" last_modified_tag="ee4ad207-f7f3-4485-9ae2-adaa9e2c884c" name="Domain Database" toVersion="2015.6.12.1"></record>
       <record severity="debug" LoggingEventType="1" datetime="2015-06-14T20:16:12.847733-04:00" source="Manual" type="Update" username="SYSTEM" systemname="CLARENCE" fromVersion="0.0.0.0" last_modified_tag="ecb48478-033d-45f2-8b65-18e55fd643bb" name="IP Database" toVersion="2015.6.12.1"></record>
       <record severity="debug" LoggingEventType="1" datetime="2015-06-14T20:16:26.313025-04:00" source="Manual" type="Update" username="SYSTEM" systemname="CLARENCE" fromVersion="2015.6.8.5" last_modified_tag="0f41a1f1-240d-4322-aaee-33aac4424b14" name="Malware Database" toVersion="2015.6.14.5"></record>
       <record severity="debug" LoggingEventType="6" datetime="2015-06-14T22:42:23.478068-04:00" source="Manual" type="Scan" username="SYSTEM" systemname="CLARENCE" duration="2906" last_modified_tag="21e1b1f8-aba3-4098-af74-ce89f4a1d690" malwaredetections="0" nonmalwaredetections="8" scanresult="completed" scantype="threat" starttime="2015-06-14T21:53:37-04:00"></record>
       <record severity="debug" LoggingEventType="4" datetime="2015-06-14T22:48:11.708044-04:00" source="Protection" type="Error" username="SYSTEM" systemname="CLARENCE" code="13" last_modified_tag="d347a1ae-03aa-4e10-9b03-320e7111a841" message="IsLicensed"></record>
       <record severity="debug" LoggingEventType="2" datetime="2015-06-14T22:48:11.817424-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="CLARENCE" last_modified_tag="df62ec27-eabe-4e3e-a6b1-6e4ee9896bec" result="Stopping" subtype="Malware Protection"></record>
       <record severity="debug" LoggingEventType="2" datetime="2015-06-14T22:48:11.833050-04:00" source="Protection" type="Protection" username="SYSTEM" systemname="CLARENCE" last_modified_tag="29534615-0fc9-410a-83eb-b5c5888fb8fc" result="Stopped" subtype="Malware Protection"></record>
    </logs>

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
    Ran by Megan (administrator) on CLARENCE on 14-06-2015 22:49:36
    Running from C:\Users\Megan\Desktop
    Loaded Profiles: Megan (Available Profiles: Megan & Donna)
    Platform: Windows 8.1 (Update 1) (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
    (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
    (Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
    (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
    () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-02] (Realtek Semiconductor)
    HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
    HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
    HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780912 2013-09-20] (Synaptics Incorporated)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [9566192 2015-03-10] ()
    HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp.)
    HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-27] (Microsoft Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2674676725-105610185-3251944265-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-04-30] (TomTom)
    HKU\S-1-5-21-2674676725-105610185-3251944265-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
    HKU\S-1-5-21-2674676725-105610185-3251944265-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
    HKU\S-1-5-21-2674676725-105610185-3251944265-1001\...\Run: [Google Update] => C:\Users\Megan\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-11-20] (Google Inc.)
    HKU\S-1-5-21-2674676725-105610185-3251944265-1001\...\Run: [MusicManager] => C:\Users\Megan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-05-29] (Google Inc.)
    HKU\S-1-5-21-2674676725-105610185-3251944265-1001\...\MountPoints2: {8e09bd4e-6a21-11e4-8272-c4346b448d60} - "F:\MotoCastSetup.exe" -a
    HKU\S-1-5-21-2674676725-105610185-3251944265-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [786432 2013-08-22] (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-08-25]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-2674676725-105610185-3251944265-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM -> {D1987C1B-F202-4D5E-9A7D-F3FB371845ED} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 -> {D1987C1B-F202-4D5E-9A7D-F3FB371845ED} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2674676725-105610185-3251944265-1001 -> {D1987C1B-F202-4D5E-9A7D-F3FB371845ED} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-2674676725-105610185-3251944265-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    Tcpip\Parameters: [DhcpNameServer] 192.168.43.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\ze3x7vuw.default
    FF DefaultSearchEngine.US: Twitter
    FF Homepage: about:home
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-14] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-14] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
    FF Plugin HKU\S-1-5-21-2674676725-105610185-3251944265-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Megan\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-12] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2674676725-105610185-3251944265-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Megan\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-12] (Google Inc.)
    FF HKU\S-1-5-21-2674676725-105610185-3251944265-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
    R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
    S2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-05] (CyberLink)
    S2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-05] (CyberLink)
    R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
    R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
    S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
    R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [720760 2015-03-10] ()
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-08-23] (Realtek Semiconductor)
    S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
    R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation                           )
    S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-20] (Synaptics Incorporated)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-20] (Synaptics Incorporated)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-06-03] ()
    S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
    R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
    R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
    U3 McAPExe; No ImagePath
    U3 McMPFSvc; No ImagePath
    U3 McNaiAnn; No ImagePath
    U3 mcpltsvc; No ImagePath
    U3 McProxy; No ImagePath
    U3 mfecore; No ImagePath
    U3 MSK80Service; No ImagePath
    U2 TMAgent; No ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-14 21:21 - 2015-06-14 21:22 - 00038952 _____ C:\Users\Megan\Desktop\Addition.txt
    2015-06-14 21:18 - 2015-06-14 22:49 - 00015286 _____ C:\Users\Megan\Desktop\FRST.txt
    2015-06-14 21:18 - 2015-06-14 21:18 - 00000000 ____D C:\Users\Megan\Desktop\FRST-OlderVersion
    2015-06-14 21:17 - 2015-06-14 21:17 - 00002093 _____ C:\Users\Megan\Desktop\1.txt
    2015-06-12 20:18 - 2015-06-12 20:21 - 00000000 ____D C:\abdd80e82d37670b6e12f95f
    2015-06-12 20:18 - 2015-06-12 20:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-06-12 20:18 - 2015-06-12 20:18 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2015-06-12 20:18 - 2015-06-12 20:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2015-06-12 20:17 - 2015-06-12 20:18 - 13095136 _____ (Microsoft Corporation) C:\Users\Megan\Downloads\Silverlight_x64.exe
    2015-06-08 19:23 - 2015-06-08 19:23 - 00002098 _____ C:\Users\Megan\Desktop\malware.txt
    2015-06-08 18:28 - 2015-06-08 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-06-08 18:24 - 2015-06-08 18:24 - 00002398 _____ C:\Users\Megan\Desktop\JRT.txt
    2015-06-08 18:20 - 2015-06-08 18:20 - 00000207 _____ C:\Windows\tweaking.com-regbackup-CLARENCE-Windows-8.1-(64-bit).dat
    2015-06-08 18:20 - 2015-06-08 18:20 - 00000000 ____D C:\RegBackup
    2015-06-08 18:10 - 2015-06-08 18:10 - 00005810 _____ C:\Users\Megan\Desktop\AdwCleaner[S0].txt
    2015-06-08 17:52 - 2015-06-08 17:52 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Megan\Desktop\mbam-setup-2.1.6.1022(1).exe
    2015-06-08 17:50 - 2015-06-08 17:51 - 02943232 _____ (Thisisu) C:\Users\Megan\Desktop\JRT.exe
    2015-06-08 17:50 - 2015-06-08 17:50 - 02231296 _____ C:\Users\Megan\Desktop\AdwCleaner(1).exe
    2015-06-03 22:49 - 2015-06-03 22:49 - 00039869 _____ C:\Users\Megan\Documents\Addition.txt
    2015-06-03 22:43 - 2015-06-03 22:43 - 00039869 _____ C:\Users\Megan\Downloads\Addition.txt
    2015-06-03 22:33 - 2015-06-14 22:49 - 00000000 ____D C:\FRST
    2015-06-03 22:33 - 2015-06-14 21:18 - 02109952 _____ (Farbar) C:\Users\Megan\Desktop\FRST64.exe
    2015-06-03 22:33 - 2015-06-03 22:45 - 00033211 _____ C:\Users\Megan\Downloads\FRST.txt
    2015-06-03 22:30 - 2015-06-03 22:30 - 01147392 _____ (Farbar) C:\Users\Megan\Downloads\FRST.exe
    2015-06-03 22:18 - 2015-06-14 09:52 - 00000000 ____D C:\Users\Megan\AppData\Local\CrashDumps
    2015-06-03 21:57 - 2015-06-03 22:17 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-06-03 21:57 - 2015-06-03 21:57 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2015-06-03 21:47 - 2015-06-08 18:19 - 00000000 ____D C:\AdwCleaner
    2015-06-03 21:45 - 2015-06-03 21:45 - 02231296 _____ C:\Users\Megan\Downloads\AdwCleaner.exe
    2015-06-03 21:40 - 2015-06-03 21:41 - 17637624 _____ C:\Users\Megan\Downloads\RogueKiller.exe
    2015-06-02 22:49 - 2015-06-02 22:49 - 00000000 ____D C:\Users\Megan\AppData\Roaming\LavasoftStatistics
    2015-06-02 22:48 - 2015-06-14 22:48 - 00002352 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    2015-06-02 22:48 - 2015-06-02 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
    2015-06-02 22:45 - 2015-06-02 22:45 - 00000000 ____D C:\Program Files\Lavasoft
    2015-06-02 22:42 - 2015-06-02 22:42 - 00000000 ____D C:\Users\Megan\AppData\Roaming\Lavasoft
    2015-06-02 22:42 - 2015-06-02 22:42 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
    2015-06-02 22:39 - 2015-06-02 22:39 - 02057008 _____ C:\Users\Megan\Desktop\Adaware_Installer.exe
    2015-06-02 22:39 - 2015-06-02 22:39 - 00000000 ____D C:\ProgramData\Lavasoft
    2015-06-02 22:21 - 2015-06-02 22:21 - 00000000 _____ C:\Users\Megan\AppData\Local\Temp.dat
    2015-06-02 22:03 - 2015-06-02 22:03 - 00001985 _____ C:\Users\Megan\AppData\Local\recently-used.xbel
    2015-05-31 14:36 - 2015-05-31 15:56 - 00000000 ____D C:\Users\Megan\Downloads\Pitch.Perfect.2.2015.HC.HDRip.XviD.AC3-EVO
    2015-05-30 13:30 - 2015-05-31 15:53 - 00000000 ____D C:\Users\Megan\Downloads\Aquarius.US.S01.WEB-DL.XviD.MP3-FGT
    2015-05-24 12:37 - 2015-05-24 13:49 - 00000000 ____D C:\Users\Megan\Downloads\Game Of Thrones Season 2 Complete HDTV x264 [VectoR]
    2015-05-23 21:11 - 2015-05-24 22:38 - 00000000 ____D C:\Users\Megan\Downloads\Grace.and.Frankie.S01.Season.1.WEBRip.x264-SNEAkY
    2015-05-23 18:37 - 2015-05-23 18:38 - 163198744 _____ (Microsoft Corporation) C:\Users\Megan\Downloads\msert.exe
    2015-05-22 23:51 - 2015-05-23 13:17 - 00000000 ____D C:\Users\Megan\Downloads\Fifty.Shades.of.Grey.2015.UNRATED.BRRip.XviD-ETRG
    2015-05-22 21:48 - 2015-05-24 23:34 - 00000000 ____D C:\Users\Megan\Downloads\VA - Pitch Perfect 2 (Original Motion Picture Soundtrack) [2015] [OST] [MP3-320KBPS] [H4CKUS] [GloDLS]
    2015-05-22 21:42 - 2015-05-23 13:17 - 00000000 ____D C:\Users\Megan\Downloads\Bones.S10E17.HDTV.x264-LOL[ettv]
    2015-05-22 21:40 - 2015-05-23 13:17 - 00000000 ____D C:\Users\Megan\Downloads\Bones.S10E18.HDTV.x264-LOL[ettv]
    2015-05-22 21:39 - 2015-05-23 13:17 - 00000000 ____D C:\Users\Megan\Downloads\Bones.S10E19.HDTV.x264-LOL[ettv]
    2015-05-17 20:57 - 2015-05-17 21:24 - 00000000 ____D C:\Users\Megan\Downloads\The.Amazing.Race.S26E12.HDTV.x264-LOL[rarbg]
    2015-05-17 20:55 - 2015-05-22 05:57 - 00000000 ____D C:\Users\Megan\Downloads\The.Amazing.Race.S26E12.HDTV.x264-LOL[ettv]
    2015-05-15 21:54 - 2015-05-25 13:23 - 00000000 ____D C:\Users\Megan\Downloads\Hannibal - Season 2 Complete-ChameE
    2015-05-15 21:24 - 2015-05-24 22:38 - 00000000 ____D C:\Users\Megan\Downloads\Hannibal complete season 1
    2015-05-15 19:33 - 2015-05-15 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-14 22:50 - 2014-06-16 05:32 - 00000000 __RDO C:\Users\Megan\SkyDrive
    2015-06-14 22:49 - 2015-01-05 23:52 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-06-14 22:48 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-06-14 22:47 - 2013-08-26 02:01 - 00042654 _____ C:\Windows\PFRO.log
    2015-06-14 22:47 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\L2Schemas
    2015-06-14 22:47 - 2013-08-22 09:25 - 00524288 ___SH C:\Windows\system32\config\BBI
    2015-06-14 22:46 - 2014-06-16 05:17 - 01288720 _____ C:\Windows\WindowsUpdate.log
    2015-06-14 22:42 - 2015-05-03 12:31 - 00000000 ____D C:\Program Files (x86)\Do Share
    2015-06-14 22:42 - 2013-08-26 02:09 - 00956476 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-06-14 22:40 - 2013-08-22 10:46 - 00057789 _____ C:\Windows\setupact.log
    2015-06-14 22:15 - 2014-11-20 23:57 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2674676725-105610185-3251944265-1001UA.job
    2015-06-14 22:15 - 2014-11-20 23:57 - 00000874 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2674676725-105610185-3251944265-1001Core.job
    2015-06-14 22:09 - 2015-01-05 23:52 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-06-14 22:05 - 2014-06-21 20:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-06-14 22:00 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
    2015-06-14 21:53 - 2015-05-08 19:53 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-06-14 21:10 - 2014-06-16 05:30 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2674676725-105610185-3251944265-1001
    2015-06-14 20:15 - 2015-03-15 23:28 - 00019292 _____ C:\Users\Megan\Documents\Eligibility.xlsx
    2015-06-14 19:06 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
    2015-06-14 15:01 - 2014-10-22 21:57 - 00000000 ____D C:\Users\Megan\AppData\Local\Adobe
    2015-06-14 15:01 - 2014-06-21 20:12 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-06-11 22:21 - 2015-03-18 01:09 - 00003164 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMegan
    2015-06-11 22:21 - 2015-03-18 01:09 - 00000350 _____ C:\Windows\Tasks\HPCeeScheduleForMegan.job
    2015-06-09 23:11 - 2015-01-05 23:55 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-06-09 22:17 - 2014-12-23 21:46 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
    2015-06-08 18:28 - 2015-05-08 19:53 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-06-08 18:28 - 2015-05-08 19:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-06-08 18:13 - 2014-12-06 15:43 - 00065024 ___SH C:\Users\Megan\Desktop\Thumbs.db
    2015-06-08 18:10 - 2014-06-16 05:23 - 00000000 ____D C:\Users\Megan
    2015-06-08 17:55 - 2014-06-16 05:43 - 00000000 ____D C:\Users\Megan\AppData\Roaming\uTorrent
    2015-06-04 23:33 - 2014-06-16 05:25 - 00000000 ____D C:\Users\Megan\AppData\Local\Packages
    2015-06-04 05:55 - 2014-06-17 05:19 - 02458624 ___SH C:\Users\Megan\Downloads\Thumbs.db
    2015-06-02 23:05 - 2015-05-12 22:09 - 00000000 ____D C:\Program Files (x86)\StatInit
    2015-06-02 22:22 - 2014-10-24 14:53 - 00000000 ____D C:\Users\Megan\.gimp-2.8
    2015-06-02 22:03 - 2014-10-24 15:01 - 00000000 ____D C:\Users\Megan\AppData\Local\gtk-2.0
    2015-05-24 10:58 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\LiveKernelReports
    2015-05-22 05:56 - 2014-09-22 21:14 - 00000000 ____D C:\Users\Megan\Downloads\Movies
    2015-05-17 21:04 - 2015-01-05 23:52 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-05-17 21:04 - 2015-01-05 23:52 - 00003660 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-05-15 19:33 - 2014-06-29 20:17 - 00000000 ____D C:\Program Files (x86)\TomTom HOME 2
    2015-05-15 19:30 - 2014-06-29 20:15 - 00000000 ____D C:\Users\Megan\AppData\Local\Downloaded Installations

    ==================== Files in the root of some directories =======

    2014-07-26 23:45 - 2014-07-26 23:45 - 0000036 _____ () C:\Users\Megan\AppData\Local\housecall.guid.cache
    2015-06-02 22:03 - 2015-06-02 22:03 - 0001985 _____ () C:\Users\Megan\AppData\Local\recently-used.xbel
    2015-05-07 23:48 - 2015-05-07 23:48 - 0000800 _____ () C:\Users\Megan\AppData\Local\Temp-log.txt
    2015-06-02 22:21 - 2015-06-02 22:21 - 0000000 _____ () C:\Users\Megan\AppData\Local\Temp.dat

    Some files in TEMP:
    ====================
    C:\Users\Megan\AppData\Local\Temp\COMAP.EXE
    C:\Users\Megan\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Megan\AppData\Local\Temp\Extract.exe
    C:\Users\Megan\AppData\Local\Temp\flacdec2.exe
    C:\Users\Megan\AppData\Local\Temp\popcorn-time-0.8.0.0-setup.exe
    C:\Users\Megan\AppData\Local\Temp\SP65755.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-06-06 11:14

    ==================== End of log ============================

     

     

     

    CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
    c:\program files\gimp 2\share\gimp\2.0\patterns\cracked.pat
    scanner sequence 3.NA.11.ORAPLZ
     ----- EOF -----



    #11 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:07:21 PM

    Posted 15 June 2015 - 07:42 PM

    Open Malwarebytes  and on the Dashboard click on History....then Application Logs ....Then Scan log and select the date of the scan you just ran....then click Export and on the dropdown list select Copy to Clipboard and paste it into this thread


    Edited by ken545, 15 June 2015 - 07:42 PM.

    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #12 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:07:21 PM

    Posted 15 June 2015 - 07:52 PM

    Meg, if  I may. What I am trying to accomplish here is to have Malwarebytes come up clean with no threats, the last two logs you posted showed the same entries so there not being removed, follow my instructions from a previous post and set malwarebytes to quarantine everything it finds, once you do that then run FRST and post both the FRST and Additions logs


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #13 megreytak

    megreytak
    • Topic Starter

    • Members
    • 13 posts
    • OFFLINE
    •  
    • Local time:08:21 PM

    Posted 15 June 2015 - 08:06 PM

    Here's the thing--I did all that.  I had a hell of a time trying to find the file from Malwarebytes after the computer restarted, so that might be the problem there,but after I ran FRST, no ADDITIONAL file popped up.  I quarantined things, I did all the things you asked, so I'm not sure why the files aren't reflecting that.  I do understand what you're trying to accomplish--I may not have the tools to fix it on my own, but I do understand the processes you're taking me through.  I'll do it all again--I don't mind doing that.  But the files I posted for you are the files these programs gave me.  So please be patient while I run Malwarebytes yet again, and hopefully I'll be able to locate the files this time.



    #14 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:07:21 PM

    Posted 15 June 2015 - 08:08 PM

    Open Malwarebytes  and on the Dashboard click on History....then Application Logs ....Then Scan log and select the date of the scan you just ran....then click Export and on the dropdown list select Copy to Clipboard and paste it into this thread

     

    This is how you can find the latest log


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #15 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:07:21 PM

    Posted 15 June 2015 - 09:23 PM

    Hey, just want you to know that my main purpose is to help you clean your computer, I know we have been going round and round with the posts, let me tell you this. I have been at this for many years, since the days of windows 98, I am a member of many Malware Removal forums but am active helping people like yourself on about 4, just not enough hours in the day. If you were sitting in my seat and were aware of all the latest threats it would make your hair stand on end. There is malware that will steal all your logins for sites you frequent, malware that can steal all your banking info as far as account numbers and password, malware that can steal all your credit card info, credit card number and password for sites that you purchase on. On your computer, you have thousands of .exe files, that's an executable file, when you click on Malwarebytes for example your clicking on malwarebytes.exe and it runs the program, there is malware that infects every .exe file on your computer even in the back up folders so there is no way to replace the infected file with a clean copy, the virus is called VIRUT and the only recourse is to format your hard drive, I mean take it down to bare metal and format it and install windows nice and clean, not a lot of fun. Presently there are Ransomware infections like Cryptolocker, what this does is encrypts all your files , documents, movies, pictures , you will lose access to them and the only way to get them back is to pay a ransom, there are some workarounds for this, seen a few successful but most are not, the only way to save those files is if you made a backup of them using an external hard drive or a usb thumb drive that was not connected when you got infected ( you are making backups of your important files are you not ) You have to understand, this computer belongs to you and I cant tell you what to do with it, I can only advise and downloading all that garbage that you have downloaded via the torrents is just going to infect you over and over again.

     

    Just my 2 cents


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users