Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

beeps when watching youtube, VERY slow to go to hotmail, need next steps


  • This topic is locked This topic is locked
18 replies to this topic

#1 glorialagos

glorialagos

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 23 September 2015 - 10:56 AM

Hello!

 

I have been the victim of malware too often.  I have McAfee installed.  I try not to download anything but I could not read a pdf (it was blank) and I could not watch videos.  A Google search told me to install Adobe? Acrobat? Reader.  I did this and that is when the problems started.  My computer would beep while watching videos, things were just acting strange and then today VERY slow to go to Hotmail (like 5 minutes before it finally opened)

 

I found this site and I read a similar post so I followed those directions which was for Junkware Removal Tips and then AdwCleaner.

 

My computer seems to be normal now but I still think I am missing the final steps of the process.

 

I would appreciate any help.  thank you



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:13 PM

Posted 23 September 2015 - 12:43 PM





Hello glorialagos

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 glorialagos

glorialagos
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 23 September 2015 - 12:51 PM

It said "Windows protected this PC from running . . . "

 

I am suspicious of everything these days!  Do I continue?



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:13 PM

Posted 23 September 2015 - 06:13 PM

Yes I need you to run this to get me the report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 glorialagos

glorialagos
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 23 September 2015 - 06:56 PM

I know you said "attach" but I read in the info to copy and paste so I hope this is what you meant.  It is VERY long!

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by joylake (2015-09-23 19:50:35)
Running from C:\Users\joylake\Downloads
Windows 8.1 Connected (X64) (2015-02-28 14:19:08)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-32622492-692319024-3169389278-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-32622492-692319024-3169389278-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-32622492-692319024-3169389278-1003 - Limited - Enabled)
joylake (S-1-5-21-32622492-692319024-3169389278-1001 - Administrator - Enabled) => C:\Users\joylake

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5712.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5712.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Fitbit Connect (HKLM-x32\...\{9EC69368-C1C7-48BA-AD93-01EFC142DDF9}) (Version: 2.0.0.6630 - Fitbit Inc.)
Game Explorer Categories - casual (HKLM-x32\...\WildTangentGameProvider-asus-casual) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - enthusiast (HKLM-x32\...\WildTangentGameProvider-asus-enthusiast) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - family (HKLM-x32\...\WildTangentGameProvider-asus-family) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - kids (HKLM-x32\...\WildTangentGameProvider-asus-kids) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - touch (HKLM-x32\...\WildTangentGameProvider-asus-touch) (Version: 3.2.0.6 - WildTangent, Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.245 - SurfRight B.V.)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 14.0.4121 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.7.0.366 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.161 - McAfee, Inc.)
Microsoft OneDrive (HKU\S-1-5-21-32622492-692319024-3169389278-1001\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Word 2013 - en-us (HKLM\...\WordRetail - en-us) (Version: 15.0.4753.1003 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.27040 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7213 - Realtek Semiconductor Corp.)
SlimCleaner Plus (HKLM\...\{5F5EF771-2B0B-401C-969C-38399DF75D35}) (Version: 1.3.1 - SlimWare Utilities, Inc.)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.2.524 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent)
Windows Driver Package - ASUS (ATP) Mouse  (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

03-09-2015 18:26:40 Restore Point before Name not available was removed using Program Install and Uninstall troubleshooter
14-09-2015 07:04:25 McAfee Vulnerability Scanner
22-09-2015 11:51:03 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01400952-C1A3-4378-8AED-CE17E9B74D6C} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {03BA783C-65E1-41D6-832A-10723EA9C14E} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {0C67A2CB-4182-40EB-A07B-676CA4D151E4} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-03-20] (Realtek Semiconductor)
Task: {2DFA8380-4BB5-4F73-8B2F-D0F98A5D1A9E} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-09-01] (McAfee, Inc.)
Task: {3B96F966-3389-4648-A313-DDECF3EBFA9E} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {43B0C0B1-6750-4088-A06E-FA6B7121C2AD} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {4741CD29-B793-4D85-B1E4-CE3FA7FF91C9} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-03-31] (Realtek Semiconductor)
Task: {49575DEC-1AB6-41B7-B397-A4B3722B93CE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5466BDC7-6051-4EDC-9800-9748ED8C286C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-09-11] (Microsoft Corporation)
Task: {56028953-99CF-47F2-8DCE-16B70E532E70} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {585903A0-8292-4950-986A-E58835ABD019} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: {5E84241F-7141-473E-BD1A-BB5F949742FB} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {72301917-8EBC-473B-BAAF-868F54D0DBC3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {7C552C00-0A4D-4B45-A414-9AF821BE6598} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek)
Task: {92991724-5E73-4070-9727-E5F0968867EE} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.)
Task: {AEED4455-CB1B-4EC4-8882-7745F8355BB0} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {B75F9CAE-976A-4D9A-A45C-2643262F8CA2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {DC04AE26-3672-4147-907C-4BAED4970A96} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {E0039A18-7A79-4EFE-BC9E-2565C54D35BE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-09-11] (Microsoft Corporation)
Task: {F2488BD9-AA3D-4E00-A023-69DD004FB3F7} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-32622492-692319024-3169389278-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {FDEF0CEA-9E75-48A5-BDB3-547C337693A5} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-07-21] (McAfee, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Loaded Modules (Whitelisted) ==============

2015-09-14 17:42 - 2015-08-11 23:15 - 08900672 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-03-07 22:27 - 2012-03-07 22:27 - 00016384 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\ACVsWin.dll
2015-08-29 12:27 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-10-08 23:41 - 2013-10-08 23:41 - 00037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2013-09-09 21:23 - 2013-09-09 21:23 - 00162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-12-11 17:40 - 2014-12-11 17:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2013-04-27 10:24 - 2013-04-27 10:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\joylake\OneDrive:ms-properties
AlternateDataStreams: C:\Users\joylake\Downloads\No Subject 1.eml:OECustomProperty
AlternateDataStreams: C:\Users\joylake\Downloads\No Subject.eml:OECustomProperty

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-32622492-692319024-3169389278-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\joylake\Pictures\2014-10-15\IMG_0140.JPG
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: 0049911441216683mcinstcleanup => 2
MSCONFIG\Services: ASLDRService => 2
MSCONFIG\Services: Asus WebStorage Windows Service => 2
MSCONFIG\Services: ATKGFNEXSrv => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: Fitbit Connect => 2
MSCONFIG\Services: GamesAppIntegrationService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: HitmanProScheduler => 2
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: mccspsvc => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: SpyHunter 4 Service => 2
HKU\S-1-5-21-32622492-692319024-3169389278-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0B0A929B-E063-4E55-A050-3FAC7C43C420}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{92BAB451-B4F6-4B6A-941C-339146945BB2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D260F447-2A42-4286-A180-D63FC8BB2CE1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8A0C5B21-574D-46BB-BDEB-1C15FAF54CC6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{76DF8A6E-C329-43F3-AD6F-8C806AFC2BB7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{831E0940-B449-4921-9EE4-E193B9947BDB}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{74707CEE-74C7-44A0-AEFC-FEFF6C65C719}] => (Allow) C:\Users\joylake\AppData\Local\Microsoft\OneDrive\OneDrive.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/23/2015 01:44:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b4c

Start Time: 01d0f6276d8bc438

Termination Time: 46

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: bf223fc7-621a-11e5-8292-40167ee4b6d6

Faulting package full name:

Faulting package-relative application ID:

Error: (09/23/2015 01:01:27 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: JOYLAPTOP)
Description: Application or service 'Microsoft Office Document Cache Sync Client Interface' could not be shut down.

Error: (09/23/2015 06:48:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 23d4

Start Time: 01d0f5ec411ca7e6

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 8e155801-61e0-11e5-8290-40167ee4b6d6

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (09/23/2015 06:26:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ac4

Start Time: 01d0f5e93324633f

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 80872059-61dd-11e5-8290-40167ee4b6d6

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (09/23/2015 06:03:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1724

Start Time: 01d0f5e60c92b3bd

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 59a39192-61da-11e5-8290-40167ee4b6d6

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (09/22/2015 10:49:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOYLAPTOP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/22/2015 10:26:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1e68

Start Time: 01d0f5a63d3c46a7

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 8a2cd33a-619a-11e5-8290-40167ee4b6d6

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (09/22/2015 09:55:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2090

Start Time: 01d0f5a1dd3bc885

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 278aea89-6196-11e5-8290-40167ee4b6d6

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (09/22/2015 09:04:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4dc

Start Time: 01d0f53cfdbc3d75

Termination Time: 492

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: f9dfb2e6-618e-11e5-8290-40167ee4b6d6

Faulting package full name:

Faulting package-relative application ID:

Error: (09/22/2015 08:46:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1974

Start Time: 01d0f59831a4d9e3

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 7e8c15e4-618c-11e5-8290-40167ee4b6d6

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

System errors:
=============
Error: (09/23/2015 07:50:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error:
%%1053

Error: (09/23/2015 07:47:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error:
%%1053

Error: (09/23/2015 07:47:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error:
%%1053

Error: (09/23/2015 07:47:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error:
%%1053

Error: (09/23/2015 07:47:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error:
%%1053

Error: (09/23/2015 07:47:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error:
%%1053

Error: (09/23/2015 07:47:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error:
%%1053

Error: (09/23/2015 07:47:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error:
%%1053

Error: (09/23/2015 07:47:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error:
%%1053

Error: (09/23/2015 07:47:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error:
%%1053

CodeIntegrity:
===================================
  Date: 2015-09-04 07:28:39.462
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-04 07:28:38.650
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-04 07:27:31.880
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-04 07:27:31.005
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Celeron® CPU N2830 @ 2.16GHz
Percentage of memory in use: 54%
Total physical RAM: 3982.68 MB
Available physical RAM: 1809.85 MB
Total Virtual: 4686.68 MB
Available Virtual: 2065.51 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:444.65 GB) (Free:384.77 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 9E4C89E7)

Partition: GPT.



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:13 PM

Posted 24 September 2015 - 11:03 AM


Hello glorialagos

.

uninstall some programs

First thing we are going to do is to uninstall some programs that I see listed, you can do this from the control panel - For (XP) it is called "Add/Remove" and in (Vista and later) it is called "Program and Features"* or you can use a program called Revo uninstaller to uninstall them
  • Programs to remove

    • SlimCleaner Plus


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Programs listed above one at a time
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

.

Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
.

: Malwarebytes' Anti-Malware :

.

I see that you have Malwarebytes Anti-Malware installed and that is great news and I would like to make sure we run a fresh scan after it is updated

Now lets run a scan

1. Open malwarebytes Anti-Malware
2. On the Dashboard, click the 'Update Now >>' link
3. .After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
4. If an update is available, click the Update Now button.
5. A Threat Scan will begin.
6. When the scan is complete, if there have been any detections,verify that everything has been selected (All the boxes on the left has a check mark)
**Note** If they are to many for to check, then put a check mark in the very top box and this will select them all for you.
7. click on "Remove Selected" to allow MBAM to clean what was detected.
8. In most cases, a restart will be required.
9. Wait for the prompt to restart the computer to appear, then click on Yes.

Get the report

1.After the restart once you are back at your desktop, open MBAM once more.
2.Click on the History tab at the top
3. Click on the Application Logs at the left
4.Double click on the scan log which shows the Date and time of the scan just performed.
5.Click 'Export'.
6.Click 'Text file (*.txt)'
7.In the Save File dialog box which appears, click on Desktop.
8.In the File name: box type a name for your scan log.
9.A message box named 'File Saved' should appear stating "Your file has been successfully exported".
10.Click Ok
11. Attach that saved log to your next reply.

.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 glorialagos

glorialagos
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 24 September 2015 - 05:03 PM

Thank you so much for your help.  I love the step by step instructions and hope I followed them.  I am attaching the Malwarebytes report.

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/24/2015
Scan Time: 5:20 PM
Logfile: malwarereport.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.24.04
Rootkit Database: v2015.09.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: joylake

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 386452
Time Elapsed: 32 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:13 PM

Posted 25 September 2015 - 06:21 AM


Hello glorialagos

.

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Please attach the two reports for me

JRT.txt
AdwCleaner[S0].txt


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 glorialagos

glorialagos
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 25 September 2015 - 07:24 AM

I ran both but, unfortunately, did not get the report for the second one saved for some reason.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.3 (09.21.2015:1)
OS: Windows 8.1 Connected x64
Ran by joylake on Fri 09/25/2015 at  7:37:12.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] C:\Users\joylake\AppData\Roaming\sp_data.sys

 

~~~ Folders

 

~~~ Chrome

[C:\Users\joylake\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\joylake\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\joylake\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\joylake\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 09/25/2015 at  7:44:35.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:13 PM

Posted 25 September 2015 - 08:08 AM



Hello glorialagos

.
At this point I would like you to check out the computer and give me an update to how it is doing.

This feedback will let me know if we need to keep digging deeper and will also let me know if we need to go into a different direction.

I also need you to rerun FRST for me and I would also like to have the Addition.txt with it so please run it this way
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • When the tool opens click "Yes" for the disclaimer in order to continue using "FRST".
  • Under the section called "Whitelist" make sure all boxes are checked
  • Under the section called "Optional Scan" I would like you to have a check mark next to "Addition.txt"
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Note** If you cannot find where you saved "FRST" the first time then here are the links again for you.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Please attach both reports to your Next reply

.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 glorialagos

glorialagos
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 25 September 2015 - 04:28 PM

OK - I think this is it!

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by joylake (2015-09-25 17:15:52)
Running from C:\Users\joylake\AppData\Local\Microsoft\Windows\INetCache\IE\OL0UJ9PB
Windows 8.1 Connected (X64) (2015-02-28 14:19:08)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-32622492-692319024-3169389278-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-32622492-692319024-3169389278-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-32622492-692319024-3169389278-1003 - Limited - Enabled)
joylake (S-1-5-21-32622492-692319024-3169389278-1001 - Administrator - Enabled) => C:\Users\joylake

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5712.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5712.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Fitbit Connect (HKLM-x32\...\{9EC69368-C1C7-48BA-AD93-01EFC142DDF9}) (Version: 2.0.0.6630 - Fitbit Inc.)
Game Explorer Categories - casual (HKLM-x32\...\WildTangentGameProvider-asus-casual) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - enthusiast (HKLM-x32\...\WildTangentGameProvider-asus-enthusiast) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - family (HKLM-x32\...\WildTangentGameProvider-asus-family) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - kids (HKLM-x32\...\WildTangentGameProvider-asus-kids) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - touch (HKLM-x32\...\WildTangentGameProvider-asus-touch) (Version: 3.2.0.6 - WildTangent, Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.245 - SurfRight B.V.)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 14.0.4121 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.7.0.366 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.167 - McAfee, Inc.)
Microsoft OneDrive (HKU\S-1-5-21-32622492-692319024-3169389278-1001\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Word 2013 - en-us (HKLM\...\WordRetail - en-us) (Version: 15.0.4753.1003 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.27040 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7213 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.2.524 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent)
Windows Driver Package - ASUS (ATP) Mouse  (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

03-09-2015 18:26:40 Restore Point before Name not available was removed using Program Install and Uninstall troubleshooter
14-09-2015 07:04:25 McAfee Vulnerability Scanner
22-09-2015 11:51:03 Scheduled Checkpoint
24-09-2015 13:30:26 Removed SlimCleaner Plus

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01400952-C1A3-4378-8AED-CE17E9B74D6C} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {03BA783C-65E1-41D6-832A-10723EA9C14E} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {0C67A2CB-4182-40EB-A07B-676CA4D151E4} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-03-20] (Realtek Semiconductor)
Task: {2DFA8380-4BB5-4F73-8B2F-D0F98A5D1A9E} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-09-01] (McAfee, Inc.)
Task: {43B0C0B1-6750-4088-A06E-FA6B7121C2AD} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {4741CD29-B793-4D85-B1E4-CE3FA7FF91C9} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-03-31] (Realtek Semiconductor)
Task: {49575DEC-1AB6-41B7-B397-A4B3722B93CE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5466BDC7-6051-4EDC-9800-9748ED8C286C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-09-11] (Microsoft Corporation)
Task: {585903A0-8292-4950-986A-E58835ABD019} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: {72301917-8EBC-473B-BAAF-868F54D0DBC3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {773A01F0-E8FB-4D7F-BC8A-954A13EEF75D} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {7C552C00-0A4D-4B45-A414-9AF821BE6598} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek)
Task: {80C23989-EBED-4288-8EFD-FC96D0FA5EAF} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {895FC8EE-2518-4C2C-AD38-73D6D9533D2D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {92991724-5E73-4070-9727-E5F0968867EE} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.)
Task: {AEED4455-CB1B-4EC4-8882-7745F8355BB0} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {B75F9CAE-976A-4D9A-A45C-2643262F8CA2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {DC04AE26-3672-4147-907C-4BAED4970A96} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {E0039A18-7A79-4EFE-BC9E-2565C54D35BE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-09-11] (Microsoft Corporation)
Task: {F2488BD9-AA3D-4E00-A023-69DD004FB3F7} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-32622492-692319024-3169389278-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {FDEF0CEA-9E75-48A5-BDB3-547C337693A5} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-07-21] (McAfee, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Loaded Modules (Whitelisted) ==============

2015-08-29 12:27 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-09-14 17:42 - 2015-08-11 23:15 - 08900672 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-03-07 22:27 - 2012-03-07 22:27 - 00016384 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\ACVsWin.dll
2013-10-08 23:41 - 2013-10-08 23:41 - 00037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2013-09-09 21:23 - 2013-09-09 21:23 - 00162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-12-11 17:40 - 2014-12-11 17:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2015-08-29 12:29 - 2015-08-29 12:35 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2013-04-27 10:24 - 2013-04-27 10:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\joylake\OneDrive:ms-properties
AlternateDataStreams: C:\Users\joylake\Downloads\No Subject 1.eml:OECustomProperty
AlternateDataStreams: C:\Users\joylake\Downloads\No Subject.eml:OECustomProperty

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-32622492-692319024-3169389278-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\joylake\Pictures\2014-10-15\IMG_0140.JPG
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: 0049911441216683mcinstcleanup => 2
MSCONFIG\Services: ASLDRService => 2
MSCONFIG\Services: Asus WebStorage Windows Service => 2
MSCONFIG\Services: ATKGFNEXSrv => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: Fitbit Connect => 2
MSCONFIG\Services: GamesAppIntegrationService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: HitmanProScheduler => 2
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: mccspsvc => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: SpyHunter 4 Service => 2
HKU\S-1-5-21-32622492-692319024-3169389278-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0B0A929B-E063-4E55-A050-3FAC7C43C420}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{92BAB451-B4F6-4B6A-941C-339146945BB2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D260F447-2A42-4286-A180-D63FC8BB2CE1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8A0C5B21-574D-46BB-BDEB-1C15FAF54CC6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{76DF8A6E-C329-43F3-AD6F-8C806AFC2BB7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{831E0940-B449-4921-9EE4-E193B9947BDB}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{74707CEE-74C7-44A0-AEFC-FEFF6C65C719}] => (Allow) C:\Users\joylake\AppData\Local\Microsoft\OneDrive\OneDrive.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/25/2015 03:08:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bb
Faulting module name: igd10iumd32.dll, version: 10.18.10.3355, time stamp: 0x52839b37
Exception code: 0xc0000005
Fault offset: 0x00078e57
Faulting process id: 0xe84
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (09/25/2015 12:40:59 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (09/25/2015 08:20:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program NOTEPAD.EXE version 6.3.9600.17930 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e18

Start Time: 01d0f78c6b728013

Termination Time: 15

Application Path: C:\WINDOWS\system32\NOTEPAD.EXE

Report Id: bc289500-637f-11e5-8295-40167ee4b6d6

Faulting package full name:

Faulting package-relative application ID:

Error: (09/24/2015 06:26:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOYLAPTOP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/24/2015 05:38:42 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (09/23/2015 01:44:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b4c

Start Time: 01d0f6276d8bc438

Termination Time: 46

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: bf223fc7-621a-11e5-8292-40167ee4b6d6

Faulting package full name:

Faulting package-relative application ID:

Error: (09/23/2015 01:01:27 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: JOYLAPTOP)
Description: Application or service 'Microsoft Office Document Cache Sync Client Interface' could not be shut down.

Error: (09/23/2015 06:48:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 23d4

Start Time: 01d0f5ec411ca7e6

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 8e155801-61e0-11e5-8290-40167ee4b6d6

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (09/23/2015 06:26:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ac4

Start Time: 01d0f5e93324633f

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 80872059-61dd-11e5-8290-40167ee4b6d6

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (09/23/2015 06:03:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1724

Start Time: 01d0f5e60c92b3bd

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 59a39192-61da-11e5-8290-40167ee4b6d6

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

System errors:
=============
Error: (09/25/2015 07:57:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Fitbit Connect Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (09/25/2015 07:57:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (09/25/2015 07:57:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/25/2015 07:57:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (09/25/2015 07:38:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee SiteAdvisor Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/25/2015 07:38:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Fitbit Connect Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (09/25/2015 07:38:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (09/24/2015 09:19:23 PM) (Source: DCOM) (EventID: 10010) (User: JOYLAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (09/24/2015 09:19:23 PM) (Source: DCOM) (EventID: 10010) (User: JOYLAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (09/24/2015 09:19:23 PM) (Source: DCOM) (EventID: 10010) (User: JOYLAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

CodeIntegrity:
===================================
  Date: 2015-09-04 07:28:39.462
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-04 07:28:38.650
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-04 07:27:31.880
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-04 07:27:31.005
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Celeron® CPU N2830 @ 2.16GHz
Percentage of memory in use: 42%
Total physical RAM: 3982.68 MB
Available physical RAM: 2290.74 MB
Total Virtual: 4686.68 MB
Available Virtual: 2670.04 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:444.65 GB) (Free:385.76 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 9E4C89E7)

Partition: GPT.

==================== End of Addition.txt ============================



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:13 PM

Posted 27 September 2015 - 07:43 AM

Hello glorialagos

.
That is one of the reports and I would also like to have the one named FRST.txt
.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 glorialagos

glorialagos
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 27 September 2015 - 08:15 AM

I used the search function and found this.  Hope it is what you requested.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
Ran by joylake (administrator) on JOYLAPTOP (23-09-2015 19:47:42)
Running from C:\Users\joylake\Downloads
Loaded Profiles: joylake (Available Profiles: joylake & Administrator)
Platform: Windows 8.1 Connected (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FLA384E.tmp
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSPanel.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-04-18] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\ASUSWSLoader.exe [63272 2015-05-31] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-32622492-692319024-3169389278-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
AppInit_DLLs-x32: c:\progra~3\{ea700~1\1170~1.1\dono.dll => No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
Startup: C:\Users\joylake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-04-26]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{4A0CC6D2-E937-44C4-9E35-07917A0417BC}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-32622492-692319024-3169389278-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-32622492-692319024-3169389278-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-32622492-692319024-3169389278-1001 - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-32622492-692319024-3169389278-1001 -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-15] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-15] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-08-29] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-15] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-15] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-08-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-08-21] (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2015-08-18] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-08-29] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-09-18]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi

Chrome:
=======
CHR Profile: C:\Users\joylake\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\joylake\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-15]
CHR Extension: (Google Docs) - C:\Users\joylake\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-15]
CHR Extension: (Google Drive) - C:\Users\joylake\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-15]
CHR Extension: (YouTube) - C:\Users\joylake\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-15]
CHR Extension: (Google Search) - C:\Users\joylake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-15]
CHR Extension: (Google Sheets) - C:\Users\joylake\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-15]
CHR Extension: (SiteAdvisor) - C:\Users\joylake\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-09-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\joylake\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-17]
CHR Extension: (Google Wallet) - C:\Users\joylake\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-15]
CHR Extension: (Gmail) - C:\Users\joylake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-15]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-18]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-18]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5750440 2015-09-04] (Fitbit, Inc.)
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-09-02] (SurfRight B.V.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S4 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-09-15] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe [1694152 2015-09-01] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S4 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-15] (McAfee, Inc.)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-07] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-27] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-09-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
U0 msahci; system32\drivers\msahci.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-23 19:47 - 2015-09-23 19:49 - 00016635 _____ C:\Users\joylake\Downloads\FRST.txt
2015-09-23 19:47 - 2015-09-23 19:47 - 02192384 _____ (Farbar) C:\Users\joylake\Downloads\FRST64.exe
2015-09-23 19:47 - 2015-09-23 19:47 - 00000000 ____D C:\FRST
2015-09-23 19:46 - 2015-09-23 19:46 - 01695744 _____ (Farbar) C:\Users\joylake\Downloads\FRST (2).exe
2015-09-23 19:46 - 2015-09-23 19:46 - 01695744 _____ (Farbar) C:\Users\joylake\Downloads\FRST (1).exe
2015-09-23 13:46 - 2015-09-23 13:46 - 01695744 _____ (Farbar) C:\Users\joylake\Downloads\FRST.exe
2015-09-23 08:08 - 2015-09-23 11:43 - 00000074 _____ C:\Users\joylake\AppData\Roaming\sp_data.sys
2015-09-23 07:38 - 2015-09-23 07:38 - 00003668 _____ C:\Users\joylake\Desktop\JRT.txt
2015-09-22 12:04 - 2015-09-23 12:00 - 00003474 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2015-09-20 06:47 - 2015-09-20 06:47 - 00000000 __RHD C:\MSOCache
2015-09-19 08:41 - 2015-09-19 08:42 - 03447541 _____ C:\Users\joylake\Downloads\photo (1).zip
2015-09-19 08:40 - 2015-09-19 08:40 - 03447541 _____ C:\Users\joylake\Downloads\photo.zip
2015-09-17 08:43 - 2015-09-20 17:42 - 00000000 ____D C:\Users\joylake\Downloads\ESL
2015-09-15 06:38 - 2015-09-15 06:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
2015-09-15 06:38 - 2015-09-15 06:38 - 00000000 ____D C:\Program Files (x86)\Fitbit Connect
2015-09-14 19:21 - 2015-09-14 19:21 - 00000000 ___HD C:\OneDriveTemp
2015-09-14 06:55 - 2015-08-26 22:48 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-14 06:55 - 2015-08-26 14:00 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-14 06:55 - 2015-08-26 14:00 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-09-14 06:55 - 2015-08-26 14:00 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-09-14 06:55 - 2015-08-26 14:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-09-14 06:55 - 2015-08-26 10:46 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-14 06:55 - 2015-08-26 10:29 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-14 06:55 - 2015-08-26 10:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-14 06:55 - 2015-08-26 10:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-14 06:55 - 2015-08-26 10:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-14 06:55 - 2015-08-26 10:26 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-14 06:55 - 2015-08-26 10:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-14 06:54 - 2015-09-02 22:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-14 06:54 - 2015-09-02 22:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-09-14 06:54 - 2015-09-02 14:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-14 06:54 - 2015-09-02 13:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-09-14 06:54 - 2015-07-30 13:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-14 06:54 - 2015-07-30 12:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-14 06:54 - 2015-07-22 10:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-09-14 06:54 - 2015-07-22 09:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-14 06:54 - 2015-07-17 10:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-09-14 06:54 - 2015-07-17 10:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-09-14 06:54 - 2015-06-27 07:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-09-14 06:53 - 2015-08-22 14:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-14 06:53 - 2015-08-22 13:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-14 06:53 - 2015-08-22 13:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-14 06:53 - 2015-08-22 13:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-14 06:53 - 2015-08-22 13:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-14 06:53 - 2015-08-22 13:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-14 06:53 - 2015-08-22 12:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-14 06:53 - 2015-08-22 12:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-14 06:53 - 2015-08-22 12:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-14 06:53 - 2015-08-22 12:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-14 06:53 - 2015-08-22 12:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-14 06:53 - 2015-08-22 12:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-14 06:53 - 2015-08-22 12:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-14 06:53 - 2015-08-22 12:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-14 06:53 - 2015-08-22 12:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-14 06:53 - 2015-08-22 12:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-14 06:53 - 2015-08-22 12:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-14 06:53 - 2015-08-22 12:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-14 06:53 - 2015-08-22 12:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-14 06:53 - 2015-08-22 12:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-14 06:53 - 2015-08-22 12:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-14 06:53 - 2015-08-22 12:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-14 06:53 - 2015-08-22 12:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-14 06:53 - 2015-08-22 12:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-14 06:53 - 2015-08-22 12:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-14 06:53 - 2015-08-22 12:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-14 06:53 - 2015-08-22 12:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-14 06:53 - 2015-08-22 11:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-14 06:53 - 2015-08-22 11:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-14 06:44 - 2015-09-01 22:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-14 06:44 - 2015-09-01 22:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-14 06:44 - 2015-09-01 22:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-14 06:44 - 2015-09-01 22:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-14 06:44 - 2015-09-01 22:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-14 06:44 - 2015-07-31 23:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-09-14 06:44 - 2015-07-31 23:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-09-14 06:44 - 2015-07-31 23:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-14 06:44 - 2015-07-31 23:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-09-14 06:44 - 2015-07-31 23:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-09-14 06:44 - 2015-07-22 10:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-14 06:44 - 2015-07-22 10:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-14 06:44 - 2015-07-22 10:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-14 06:44 - 2015-07-22 10:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-14 06:44 - 2015-07-18 14:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-14 06:44 - 2015-07-18 14:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-14 06:44 - 2015-07-18 14:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-14 06:44 - 2015-07-18 14:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-14 06:44 - 2015-07-13 15:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-09-14 06:44 - 2015-07-10 15:06 - 00118272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2015-09-14 06:44 - 2015-07-09 12:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-09-14 06:44 - 2015-07-03 17:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-09-14 06:44 - 2015-07-03 10:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-09-14 06:44 - 2015-06-19 13:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-09-14 06:43 - 2015-08-03 17:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-14 06:43 - 2015-08-03 17:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-14 06:43 - 2015-08-01 10:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-14 06:43 - 2015-07-13 23:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-09-14 06:43 - 2015-06-12 13:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-09-14 06:43 - 2015-06-12 12:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-09-04 08:40 - 2015-07-30 10:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-09-04 08:40 - 2015-07-30 09:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-09-04 07:36 - 2015-09-04 07:36 - 00183869 _____ C:\Users\joylake\Desktop\MVTHealthCheck.html
2015-09-04 07:35 - 2015-09-04 07:35 - 00017033 _____ C:\Users\joylake\Desktop\MVTHealthCheck_Deviation.html
2015-09-04 07:29 - 2015-09-04 07:29 - 00000000 ____D C:\Users\joylake\AppData\Roaming\McAfee
2015-09-04 07:08 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-09-04 07:08 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-09-04 07:08 - 2015-07-16 15:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-09-04 07:08 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-09-04 07:08 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-09-04 07:08 - 2015-07-16 15:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-09-04 07:08 - 2015-07-16 14:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-09-04 07:08 - 2015-07-15 20:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-09-04 07:08 - 2015-07-15 20:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-09-04 07:08 - 2015-07-15 20:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-09-04 07:08 - 2015-07-15 20:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-09-04 07:08 - 2015-07-10 13:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-09-04 07:08 - 2015-07-01 18:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-09-04 07:08 - 2015-07-01 18:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-09-04 07:08 - 2015-07-01 17:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-09-04 07:08 - 2015-07-01 17:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-09-04 07:07 - 2015-07-28 19:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-09-04 07:07 - 2015-07-28 10:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-09-04 07:07 - 2015-07-28 10:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-09-04 07:07 - 2015-07-28 10:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-09-04 07:07 - 2015-07-28 10:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-09-04 07:07 - 2015-07-28 10:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-09-04 07:07 - 2015-07-28 10:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-04 07:05 - 2015-07-07 05:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-09-04 07:05 - 2015-07-07 05:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-09-04 07:05 - 2015-07-07 05:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-09-04 07:02 - 2015-07-14 17:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-09-04 07:02 - 2015-07-14 17:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-09-04 07:02 - 2015-07-14 17:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-09-04 07:02 - 2015-07-13 15:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-09-04 07:02 - 2015-07-13 15:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-09-04 07:02 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-09-04 07:02 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-09-04 07:02 - 2015-07-09 12:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-09-04 07:02 - 2015-06-11 16:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-09-04 07:02 - 2015-06-11 16:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-09-04 07:01 - 2015-07-10 14:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-09-04 07:01 - 2015-07-10 13:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-09-04 07:01 - 2015-07-10 13:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-09-04 07:01 - 2015-07-10 12:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-09-04 06:59 - 2015-07-29 10:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-09-04 06:59 - 2015-07-29 10:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-09-04 06:59 - 2015-07-29 10:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-09-03 18:42 - 2015-09-03 18:42 - 00000000 ____D C:\WINDOWS\pss
2015-09-03 18:27 - 2015-09-03 18:27 - 00000000 ____D C:\MATS
2015-09-02 14:13 - 2015-09-02 14:13 - 00001903 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-09-02 14:13 - 2015-09-02 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-09-02 13:00 - 2015-09-02 13:00 - 00000000 _____ C:\autoexec.bat
2015-09-02 09:06 - 2015-09-02 09:06 - 08349632 _____ (SurfRight B.V.) C:\Users\joylake\Downloads\HitmanPro36.exe
2015-08-29 12:31 - 2015-08-29 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-29 12:27 - 2015-09-23 13:01 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-29 12:27 - 2015-08-29 12:27 - 01103960 _____ (Microsoft Corporation) C:\Users\joylake\Downloads\Setup.X86.en-US_WordRetail_2b7961c7-fb02-401e-ab72-22c015930de8_TX_PR_.exe
2015-08-29 12:09 - 2015-08-29 12:09 - 00370886 _____ C:\Users\joylake\Downloads\MicrosoftFixit25011.mini.diagcab
2015-08-27 10:03 - 2015-08-29 09:03 - 00000798 _____ C:\Users\joylake\Downloads\debug.log
2015-08-26 08:10 - 2015-08-26 08:10 - 00003102 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-32622492-692319024-3169389278-1001

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-23 19:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-23 13:18 - 2014-05-05 03:38 - 01585512 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-23 13:00 - 2015-02-28 10:29 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-32622492-692319024-3169389278-1001
2015-09-23 13:00 - 2013-08-22 11:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-23 12:00 - 2015-05-13 08:09 - 00003464 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2015-09-23 11:41 - 2014-09-01 14:10 - 00000000 ___DO C:\Users\joylake\OneDrive
2015-09-23 08:19 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-23 07:46 - 2013-08-22 10:46 - 00046066 _____ C:\WINDOWS\setupact.log
2015-09-23 07:46 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-23 07:45 - 2015-08-21 12:21 - 00000000 ____D C:\AdwCleaner
2015-09-23 07:45 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-09-23 06:56 - 2015-08-17 11:57 - 00000000 ____D C:\ProgramData\McAfee
2015-09-22 22:45 - 2015-08-17 12:05 - 00003348 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2015-09-22 22:17 - 2014-07-22 20:07 - 00000000 ____D C:\Users\joylake\AppData\Local\Packages
2015-09-22 09:34 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-21 07:20 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-09-18 08:49 - 2014-03-18 05:39 - 00057614 _____ C:\WINDOWS\PFRO.log
2015-09-17 12:17 - 2014-03-18 05:47 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-15 11:09 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-15 06:38 - 2015-05-13 17:22 - 00000000 ____D C:\ProgramData\FitbitConnect
2015-09-15 06:38 - 2015-05-13 16:55 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-09-14 21:18 - 2015-03-04 13:21 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-14 21:18 - 2015-03-04 13:21 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-14 17:19 - 2013-08-22 10:44 - 00481880 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-14 14:11 - 2014-03-18 05:33 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-14 14:11 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-14 07:22 - 2015-03-03 17:11 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-14 05:53 - 2015-02-28 10:16 - 00000000 ____D C:\Users\joylake
2015-09-04 07:58 - 2015-03-04 13:12 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-09-04 07:58 - 2015-03-04 13:12 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-04 07:58 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-04 07:58 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-04 07:58 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-04 07:58 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-04 07:58 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-09-04 07:58 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-09-04 07:35 - 2015-08-17 11:57 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-09-04 07:27 - 2015-08-17 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-09-04 07:26 - 2015-08-17 12:05 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-09-02 14:13 - 2015-08-21 14:20 - 00000000 ____D C:\Program Files\HitmanPro
2015-09-02 13:58 - 2015-08-17 12:07 - 00003080 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2015-09-02 12:03 - 2015-07-15 07:44 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-31 20:29 - 2015-07-15 07:44 - 00000000 ____D C:\Users\joylake\AppData\Local\Google
2015-08-31 19:40 - 2015-08-22 17:51 - 00000000 ____D C:\Users\joylake\AppData\Local\Deployment
2015-08-28 15:30 - 2015-04-14 10:38 - 00000591 _____ C:\Users\joylake\Desktop\passwords.txt
2015-08-26 18:37 - 2015-03-03 17:10 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2015-09-23 08:08 - 2015-09-23 11:43 - 0000074 _____ () C:\Users\joylake\AppData\Roaming\sp_data.sys
2014-05-05 03:49 - 2014-05-05 03:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-04-18 18:51 - 2012-09-07 07:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-04-18 18:51 - 2009-07-22 06:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-04-18 18:51 - 2012-09-07 07:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Files to move or delete:
====================
C:\ProgramData\SetStretch.VBS

Some files in TEMP:
====================
C:\Users\joylake\AppData\Local\Temp\HitmanPro.exe
C:\Users\joylake\AppData\Local\Temp\McCSPInstall.dll
C:\Users\joylake\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-22 08:08

 



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:13 PM

Posted 27 September 2015 - 09:05 AM

Hello glorialagos



Now I need you to download this script that I have made for you --> Attached File  fixlist.txt   191bytes   4 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please attach the contents of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 glorialagos

glorialagos
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 27 September 2015 - 10:58 AM

Here it is!

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by joylake (2015-09-27 11:44:06) Run:1
Running from C:\Users\joylake\Downloads
Loaded Profiles: joylake (Available Profiles: joylake & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.malwarebytes.org/restorebrowser/"
EmptyTemp:
End






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users