Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hitman Pro Proxy Server on this computer (user) 127.0.0.1:16110


  • This topic is locked This topic is locked
13 replies to this topic

#1 ungerdog1

ungerdog1

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:09 AM

Posted 28 August 2016 - 10:38 AM

This has been driving me crazy for 5 days. I ran MBAM, CCleaner, RKill, AdwCleaner, Security Essentials, OTL (not sure why) and Hitman Pro. Every time I turn on my computer and run Hitman Pro I get the Proxy Server message above and that it needs to be repaired. What is this? How do I get rid of it? Is it something I want to get rid of? I did go on a questionable site and my computer was locked with some silly message about FB and my credit card info. I immediately turned off my computer using "control, alt, delete". Please let me know what I need to do. Thanks so much!



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,184 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:09 AM

Posted 29 August 2016 - 09:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

Wait for further instructions.

#3 ungerdog1

ungerdog1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:09 AM

Posted 29 August 2016 - 06:20 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-08-2016
Ran by Dan Unger (administrator) on DANUNGER-PC (29-08-2016 18:13:29)
Running from C:\Users\Dan Unger\Downloads
Loaded Profiles: Dan Unger (Available Profiles: Dan Unger)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Digital Market Research Apps Pty Ltd) C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1092\g2ax_service.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Sapro Systems) C:\Program Files (x86)\WinCalendar V4\WinCalendarV4_SysTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Digital Market Research Apps Pty Ltd) C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1092\g2ax_comm_customer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1092\g2ax_system_customer.exe
(Microsoft) C:\Program Files (x86)\MR APP\MRAPP.UI.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1092\g2ax_user_customer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6843024 2012-10-28] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [WinCalendar V4] => C:\Program Files (x86)\WinCalendar V4\WinCalendarV4_SysTray.exe [80856 2013-12-16] (Sapro Systems)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1092\g2ax_winlogonx64.dll (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\PCANotify-x32: PCANotify.dll [X]
HKU\S-1-5-21-1173050094-2409370911-3331524652-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-1173050094-2409370911-3331524652-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-1173050094-2409370911-3331524652-1000\...\MountPoints2: {6eeb092e-27c0-11e3-b382-806e6f6e6963} - D:\Bin\ASSETUP.exe
HKU\S-1-5-21-1173050094-2409370911-3331524652-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [WinCalendar V4] => C:\Program Files (x86)\WinCalendar V4\WinCalendarV4_SysTray.exe [80856 2013-12-16] (Sapro Systems)
Startup: C:\Users\Dan Unger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-03-28]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
BootExecute: autocheck autochk * bootdelete
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{22921280-05EC-41A2-ADDB-84F0EAF54307}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-1173050094-2409370911-3331524652-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.drudgereport.com/
SearchScopes: HKLM-x32 -> DefaultScope {1FCE73E5-1BC9-4BC8-A3FB-C0D04CC54C64} URL = 
SearchScopes: HKU\S-1-5-21-1173050094-2409370911-3331524652-1000 -> {B41D47D5-1394-457D-B868-18AB930CB7BA} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-07-12] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-07-05] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-31] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-07-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-31] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-09-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1173050094-2409370911-3331524652-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Dan Unger\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-24] (Citrix Online)
 
Chrome: 
=======
CHR StartupUrls: Profile 1 -> "hxxps://www.yahoo.com/"
CHR Profile: C:\Users\Dan Unger\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Dan Unger\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2016-08-16]
CHR Extension: (Google Docs) - C:\Users\Dan Unger\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Dan Unger\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\Dan Unger\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (uBlock Origin) - C:\Users\Dan Unger\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-08-29]
CHR Extension: (Gif Delayer) - C:\Users\Dan Unger\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmfcdkambpljcndgdmaccaagladfnepa [2015-03-11]
CHR Extension: (Google Search) - C:\Users\Dan Unger\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (HTTPS Everywhere) - C:\Users\Dan Unger\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-08-25]
CHR Extension: (Google Docs Offline) - C:\Users\Dan Unger\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Imagus) - C:\Users\Dan Unger\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2016-05-26]
CHR Extension: (Disconnect) - C:\Users\Dan Unger\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-01-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dan Unger\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Gmail) - C:\Users\Dan Unger\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Dan Unger\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-25]
CHR HKU\S-1-5-21-1173050094-2409370911-3331524652-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 awhost32; C:\Program Files (x86)\Symantec\pcAnywhere\awhost32.exe [793480 2012-04-02] (Symantec Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-05] (Microsoft Corporation)
R2 EventService; C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe [34304 2015-07-06] (Digital Market Research Apps Pty Ltd) [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1092\g2ax_service.exe [610528 2016-05-24] (Citrix Systems, Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-08-25] (SurfRight B.V.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093944 2011-01-19] (Symantec Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 TransferService; C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe [32256 2015-07-06] (Digital Market Research Apps Pty Ltd) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 TBS; %SystemRoot%\System32\tbssvc.dll [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 awecho; C:\Windows\SysWow64\drivers\awechomd.sys [16696 2012-04-01] (Symantec Corporation)
R1 AW_HOST; C:\Windows\SysWow64\drivers\aw_host5.sys [23864 2012-04-01] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [46960 2016-08-29] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-29 18:13 - 2016-08-29 18:13 - 00017746 _____ C:\Users\Dan Unger\Downloads\FRST.txt
2016-08-29 18:12 - 2016-08-29 18:13 - 00000000 ____D C:\FRST
2016-08-29 18:11 - 2016-08-29 18:11 - 02397696 _____ (Farbar) C:\Users\Dan Unger\Downloads\FRST64.exe
2016-08-29 16:19 - 2016-08-29 16:19 - 00078107 _____ C:\Users\Dan Unger\Downloads\F2735288.PDF
2016-08-28 10:11 - 2016-08-29 08:59 - 00046960 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2016-08-26 22:31 - 2016-08-26 22:32 - 00153286 _____ C:\Windows\ntbtlog.txt
2016-08-26 21:59 - 2016-08-26 21:59 - 00096050 _____ C:\Users\Dan Unger\Downloads\OTL.Txt
2016-08-26 21:59 - 2016-08-26 21:59 - 00054858 _____ C:\Users\Dan Unger\Downloads\Extras.Txt
2016-08-26 21:48 - 2016-08-26 21:48 - 00602112 _____ (OldTimer Tools) C:\Users\Dan Unger\Downloads\OTL.exe
2016-08-26 14:19 - 2016-08-26 14:19 - 03826240 _____ C:\Users\Dan Unger\Downloads\AdwCleaner (1).exe
2016-08-25 14:47 - 2016-08-27 00:36 - 00000000 ____D C:\AdwCleaner
2016-08-25 14:47 - 2016-08-25 14:47 - 03826240 _____ C:\Users\Dan Unger\Downloads\AdwCleaner.exe
2016-08-25 14:45 - 2016-08-25 14:45 - 11438608 _____ (SurfRight B.V.) C:\Users\Dan Unger\Downloads\hitmanpro_x64 (3).exe
2016-08-25 14:36 - 2016-08-25 14:36 - 11438608 _____ (SurfRight B.V.) C:\Users\Dan Unger\Downloads\hitmanpro_x64 (2).exe
2016-08-25 14:34 - 2016-08-25 14:34 - 00027192 _____ C:\Windows\system32\.crusader
2016-08-25 14:26 - 2016-08-25 14:26 - 00001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-08-25 14:26 - 2016-08-25 14:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-08-25 14:26 - 2016-08-25 14:26 - 00000000 ____D C:\Program Files\HitmanPro
2016-08-25 14:25 - 2016-08-25 14:34 - 00000000 ____D C:\ProgramData\HitmanPro
2016-08-25 14:25 - 2016-08-25 14:25 - 11438608 _____ (SurfRight B.V.) C:\Users\Dan Unger\Downloads\hitmanpro_x64.exe
2016-08-25 14:25 - 2016-08-25 14:25 - 11438608 _____ (SurfRight B.V.) C:\Users\Dan Unger\Downloads\hitmanpro_x64 (1).exe
2016-08-25 14:23 - 2016-08-25 14:23 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Dan Unger\Downloads\rkill (2).com
2016-08-25 14:15 - 2016-08-25 14:15 - 00005064 _____ C:\Users\Dan Unger\Downloads\TPM_Base_Services (1).reg
2016-08-25 14:14 - 2016-08-25 14:14 - 00005064 _____ C:\Users\Dan Unger\Downloads\TPM_Base_Services.reg
2016-08-25 14:12 - 2016-08-25 14:12 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Dan Unger\Downloads\rkill (1).com
2016-08-25 13:58 - 2016-08-25 13:58 - 00002658 _____ C:\Users\Dan Unger\Desktop\Rkill.txt
2016-08-25 13:58 - 2016-08-25 13:58 - 00000000 ____D C:\Users\Dan Unger\Desktop\rkill
2016-08-25 13:57 - 2016-08-25 13:57 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Dan Unger\Downloads\rkill.com
2016-08-25 11:50 - 2016-08-25 11:51 - 00206250 _____ C:\TDSSKiller.3.1.0.11_25.08.2016_11.50.38_log.txt
2016-08-25 11:50 - 2016-08-25 11:50 - 04656735 _____ C:\Users\Dan Unger\Downloads\tdsskiller (3).zip
2016-08-25 11:49 - 2016-08-25 11:50 - 00000352 _____ C:\TDSSKiller.2.8.6.0_25.08.2016_11.49.52_log.txt
2016-08-25 11:49 - 2016-08-25 11:49 - 04656735 _____ C:\Users\Dan Unger\Downloads\tdsskiller (2).zip
2016-08-25 11:49 - 2016-08-25 11:49 - 00000352 _____ C:\TDSSKiller.2.8.7.0_25.08.2016_11.49.05_log.txt
2016-08-25 10:35 - 2016-08-25 10:36 - 00207562 _____ C:\TDSSKiller.3.1.0.11_25.08.2016_10.35.11_log.txt
2016-08-24 22:13 - 2016-08-24 22:13 - 00206250 _____ C:\TDSSKiller.3.1.0.11_24.08.2016_22.13.17_log.txt
2016-08-24 22:12 - 2016-08-24 22:12 - 04656735 _____ C:\Users\Dan Unger\Downloads\tdsskiller (1).zip
2016-08-24 21:58 - 2016-08-24 22:12 - 00000352 _____ C:\TDSSKiller.2.8.7.0_24.08.2016_21.58.45_log.txt
2016-08-24 10:38 - 2016-08-24 10:38 - 00078488 _____ C:\Users\Dan Unger\Downloads\F2730224.PDF
2016-08-23 21:21 - 2016-08-24 10:36 - 00206250 _____ C:\TDSSKiller.3.1.0.11_23.08.2016_21.21.08_log.txt
2016-08-23 21:20 - 2016-08-23 21:20 - 04656735 _____ C:\Users\Dan Unger\Downloads\tdsskiller.zip
2016-08-23 21:20 - 2016-08-23 21:20 - 00000352 _____ C:\TDSSKiller.2.8.7.0_23.08.2016_21.20.36_log.txt
2016-08-23 21:18 - 2016-08-23 21:19 - 00206250 _____ C:\TDSSKiller.3.1.0.11_23.08.2016_21.18.57_log.txt
2016-08-22 17:58 - 2016-08-22 17:58 - 01482812 _____ C:\Users\Dan Unger\Downloads\Reg BL syllabus 2015-16 09 (2).pages
2016-08-22 15:07 - 2016-08-22 15:07 - 01482812 _____ C:\Users\Dan Unger\Downloads\Reg BL syllabus 2015-16 09 (1).pages
2016-08-22 14:51 - 2016-08-22 14:51 - 01482812 _____ C:\Users\Dan Unger\Downloads\Reg BL syllabus 2015-16 09.pages
2016-08-22 14:04 - 2016-08-22 14:04 - 00511189 _____ C:\Users\Dan Unger\Downloads\History 121-Syllabus Fall 2016 7.pdf
2016-08-22 14:03 - 2016-08-22 14:03 - 00000000 ____D C:\Users\Dan Unger\AppData\Local\Respondus
2016-08-22 14:02 - 2016-08-22 14:02 - 00000000 ____D C:\Program Files (x86)\Respondus
2016-08-20 10:06 - 2016-08-20 10:06 - 00035328 _____ C:\Users\Dan Unger\Documents\cal mom heart.xls
2016-08-17 10:26 - 2016-07-08 10:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-17 10:26 - 2016-07-08 10:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-08-12 21:40 - 2016-08-12 21:40 - 00000168 _____ C:\Users\Dan Unger\Downloads\ATT00001 (2).htm
2016-08-12 21:39 - 2016-08-12 21:39 - 00000168 _____ C:\Users\Dan Unger\Downloads\ATT00001.htm
2016-08-12 21:39 - 2016-08-12 21:39 - 00000168 _____ C:\Users\Dan Unger\Downloads\ATT00001 (1).htm
2016-08-11 20:12 - 2016-08-11 20:12 - 00003520 _____ C:\Windows\System32\Tasks\Weekly Clean-up
2016-08-10 10:53 - 2016-08-02 09:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-10 10:53 - 2016-08-02 09:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-10 10:53 - 2016-08-02 01:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-10 10:53 - 2016-08-02 01:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-10 10:53 - 2016-08-02 01:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-10 10:53 - 2016-08-02 01:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-10 10:53 - 2016-08-02 01:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-10 10:53 - 2016-08-02 01:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-10 10:53 - 2016-08-02 01:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-10 10:53 - 2016-08-02 01:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-10 10:53 - 2016-08-02 01:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-10 10:53 - 2016-08-02 01:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-10 10:53 - 2016-08-02 01:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-10 10:53 - 2016-08-02 01:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-10 10:53 - 2016-08-02 01:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-10 10:53 - 2016-08-02 01:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-10 10:53 - 2016-08-02 01:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-10 10:53 - 2016-08-02 01:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-10 10:53 - 2016-08-02 01:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-10 10:53 - 2016-08-02 01:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-10 10:53 - 2016-08-02 01:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-10 10:53 - 2016-08-02 01:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-10 10:53 - 2016-08-02 01:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-10 10:53 - 2016-08-02 00:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-10 10:53 - 2016-08-02 00:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-10 10:53 - 2016-08-02 00:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-10 10:53 - 2016-08-02 00:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-10 10:53 - 2016-08-02 00:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-10 10:53 - 2016-08-02 00:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-10 10:53 - 2016-08-02 00:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-10 10:53 - 2016-08-02 00:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-10 10:53 - 2016-08-02 00:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-10 10:53 - 2016-08-02 00:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-10 10:53 - 2016-08-02 00:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-10 10:53 - 2016-08-02 00:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-10 10:53 - 2016-08-02 00:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-10 10:53 - 2016-08-02 00:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-10 10:53 - 2016-08-02 00:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-10 10:53 - 2016-08-02 00:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-10 10:53 - 2016-08-02 00:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-10 10:53 - 2016-08-02 00:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-10 10:53 - 2016-08-02 00:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-10 10:53 - 2016-08-02 00:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-10 10:53 - 2016-08-02 00:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-10 10:53 - 2016-08-02 00:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-10 10:53 - 2016-08-02 00:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-10 10:53 - 2016-08-02 00:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-10 10:53 - 2016-08-02 00:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-10 10:53 - 2016-08-02 00:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-10 10:53 - 2016-08-02 00:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-10 10:53 - 2016-08-02 00:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-10 10:53 - 2016-08-02 00:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-10 10:53 - 2016-08-02 00:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-10 10:53 - 2016-08-02 00:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-10 10:53 - 2016-08-02 00:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-10 10:53 - 2016-08-02 00:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-10 10:53 - 2016-08-02 00:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-10 10:53 - 2016-08-02 00:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-10 10:53 - 2016-08-02 00:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-10 10:53 - 2016-08-02 00:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-10 10:53 - 2016-08-02 00:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-10 10:53 - 2016-08-02 00:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-10 10:53 - 2016-08-01 23:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-10 10:53 - 2016-08-01 23:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-10 10:53 - 2016-08-01 23:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-10 10:53 - 2016-08-01 23:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-10 10:53 - 2016-07-08 10:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-10 10:53 - 2016-07-08 10:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-10 10:53 - 2016-07-08 10:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-10 10:53 - 2016-07-08 10:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-10 10:53 - 2016-07-08 10:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-10 10:53 - 2016-07-08 10:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-10 10:53 - 2016-07-08 10:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-10 10:53 - 2016-07-08 10:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-10 10:53 - 2016-07-08 10:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-10 10:53 - 2016-07-08 10:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-10 10:53 - 2016-07-08 10:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-10 10:53 - 2016-07-08 10:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-10 10:53 - 2016-07-08 10:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-10 10:53 - 2016-07-08 10:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-10 10:53 - 2016-07-08 10:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-10 10:53 - 2016-07-08 10:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-10 10:53 - 2016-07-08 10:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-10 10:53 - 2016-07-08 10:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-10 10:53 - 2016-07-08 10:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-10 10:53 - 2016-07-08 10:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-10 10:53 - 2016-07-08 10:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-10 10:53 - 2016-07-08 10:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-10 10:53 - 2016-07-08 10:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-10 10:53 - 2016-07-08 10:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-10 10:53 - 2016-07-08 10:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-10 10:53 - 2016-07-08 10:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-10 10:53 - 2016-07-08 10:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-10 10:53 - 2016-07-08 10:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-10 10:53 - 2016-07-08 10:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-10 10:53 - 2016-07-08 10:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-10 10:53 - 2016-07-08 10:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-10 10:53 - 2016-07-08 10:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-10 10:53 - 2016-07-08 10:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-10 10:53 - 2016-07-08 10:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-10 10:53 - 2016-07-08 10:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-10 10:53 - 2016-07-08 10:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-10 10:53 - 2016-07-08 10:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-10 10:53 - 2016-07-08 09:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-10 10:53 - 2016-07-08 09:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-10 10:53 - 2016-07-08 09:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-10 10:53 - 2016-07-08 09:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-10 10:53 - 2016-07-08 09:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-10 10:53 - 2016-07-08 09:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-08-06 11:47 - 2016-08-06 11:47 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-08-06 11:47 - 2016-08-06 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-08-06 11:46 - 2016-08-06 11:47 - 00000000 ____D C:\Program Files\iTunes
2016-08-06 11:46 - 2016-08-06 11:46 - 00000000 ____D C:\Program Files\iPod
2016-08-06 11:46 - 2016-08-06 11:46 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-08-04 12:37 - 2016-08-04 12:37 - 00048945 _____ C:\Users\Dan Unger\Downloads\Cain 486.xlsx
2016-08-03 13:07 - 2016-08-03 13:07 - 02151319 _____ C:\Users\Dan Unger\Downloads\8-2016.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-29 17:42 - 2013-09-30 09:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-29 17:20 - 2013-10-07 12:33 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-29 16:43 - 2013-09-27 15:37 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F1C1DC74-6660-46C7-9E03-BA210E8414B1}
2016-08-29 16:06 - 2016-05-29 18:08 - 00000000 ____D C:\Users\Dan Unger\AppData\LocalLow\Adblock Plus for IE
2016-08-29 09:07 - 2009-07-13 23:45 - 00032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-29 09:07 - 2009-07-13 23:45 - 00032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-29 08:57 - 2014-01-20 10:50 - 00000000 ____D C:\ProgramData\WinCalendarV4
2016-08-29 08:56 - 2013-10-07 12:33 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-29 08:56 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-26 19:28 - 2014-04-10 08:11 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-25 10:43 - 2013-09-27 15:08 - 00000000 ____D C:\Users\Dan Unger
2016-08-25 10:42 - 2015-12-26 13:47 - 00000000 ____D C:\ProgramData\FitbitConnect
2016-08-25 10:42 - 2013-10-07 12:43 - 00000000 ____D C:\Program Files\CCleaner
2016-08-25 10:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-08-25 10:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-08-20 13:00 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-08-18 11:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-08-16 10:42 - 2013-09-27 15:48 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-16 10:42 - 2013-09-27 15:44 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-08-15 14:12 - 2015-09-01 10:09 - 00000000 ____D C:\isscomm
2016-08-13 13:08 - 2014-04-10 08:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-11 21:38 - 2014-08-25 10:58 - 02401280 ___SH C:\Users\Dan Unger\Downloads\Thumbs.db
2016-08-11 21:34 - 2014-04-10 08:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-11 21:34 - 2013-10-01 14:30 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-11 20:07 - 2013-10-07 12:43 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-08-11 10:49 - 2009-07-13 23:45 - 00438688 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-10 21:33 - 2013-09-27 16:27 - 00000000 ____D C:\Windows\system32\MRT
2016-08-10 21:29 - 2013-09-27 16:27 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-08 14:20 - 2013-10-07 12:35 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-06 11:46 - 2013-09-30 09:59 - 00000000 ____D C:\Program Files\Common Files\Apple
 
==================== Files in the root of some directories =======
 
2013-10-07 12:17 - 2013-10-07 12:33 - 0000161 _____ () C:\Users\Dan Unger\AppData\Roaming\default.rss
2014-11-03 11:02 - 2008-07-07 14:22 - 0000014 _____ () C:\Users\Dan Unger\AppData\Roaming\options.ini
2014-11-03 11:02 - 2012-07-07 14:04 - 0000003 _____ () C:\Users\Dan Unger\AppData\Roaming\options_pdfcombine.ini
2014-11-03 11:02 - 2013-02-23 13:15 - 0000003 _____ () C:\Users\Dan Unger\AppData\Roaming\options_pdfrotator.ini
2014-11-03 11:02 - 2014-06-27 22:07 - 0000701 _____ () C:\Users\Dan Unger\AppData\Roaming\pdfsound.dll
2014-11-03 11:02 - 2014-11-03 11:05 - 0000068 _____ () C:\Users\Dan Unger\AppData\Roaming\setting.ini
2014-11-03 11:02 - 2013-06-08 14:43 - 0000030 _____ () C:\Users\Dan Unger\AppData\Roaming\setup.ini
2014-11-03 11:02 - 2013-06-09 10:30 - 0000043 _____ () C:\Users\Dan Unger\AppData\Roaming\setup_pdfcombine.ini
2014-11-03 11:02 - 2013-06-09 11:34 - 0000043 _____ () C:\Users\Dan Unger\AppData\Roaming\setup_pdfrotator.ini
2016-05-01 14:56 - 2016-05-01 14:56 - 0000000 _____ () C:\Users\Dan Unger\AppData\Local\{0D8263D2-3426-49DD-B79B-99A9A3F6EA50}
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-26 11:35
 
==================== End of FRST.txt ============================

Thank you so much for helping me with this!

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,184 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:09 AM

Posted 30 August 2016 - 08:57 AM

(Digital Market Research Apps Pty Ltd) C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe
(Digital Market Research Apps Pty Ltd) C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe
R2 EventService; C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe [34304 2015-07-06] (Digital Market Research Apps Pty Ltd) [File not signed]
R2 TransferService; C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe [32256 2015-07-06] (Digital Market Research Apps Pty Ltd) [File not signed]
(Microsoft) C:\Program Files (x86)\MR APP\MRAPP.UI.exe
e-Rewards Plus (HKLM-x32\...\{28261AF8-00B3-4BE6-AFFD-114DB7DF5C1A}) (Version: 1.1.0.368 - e-Rewards Opinion Panel)

Let me know if you want to remove this this reward program. I will give you a fix for it.
https://www.reasoncoresecurity.com/mrapp.event.service.exe-731499afda7dead56e339fd914ba945f9d28b0a7.aspx
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:
RemoveProxy:

Winlogon\Notify\PCANotify-x32: PCANotify.dll [X]
GroupPolicyScripts: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dan Unger\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR HKU\S-1-5-21-1173050094-2409370911-3331524652-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
S3 TBS; %SystemRoot%\System32\tbssvc.dll [X]
C:\Users\Dan Unger\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.

Select the Settings option.
Under the Network section.
Select change proxy settings.
-> Connection.
-> Lan Settings.

Under the Proxy server section.
Uncheck the box " Use proxy...."
Click OK.

Restart the computer normally.

Any remaining issues?

#5 ungerdog1

ungerdog1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:09 AM

Posted 30 August 2016 - 09:33 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-08-2016
Ran by Dan Unger (30-08-2016 09:28:37) Run:1
Running from C:\Users\Dan Unger\Downloads
Loaded Profiles: Dan Unger (Available Profiles: Dan Unger)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
RemoveProxy:
 
Winlogon\Notify\PCANotify-x32: PCANotify.dll [X]
GroupPolicyScripts: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dan Unger\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR HKU\S-1-5-21-1173050094-2409370911-3331524652-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
S3 TBS; %SystemRoot%\System32\tbssvc.dll [X]
C:\Users\Dan Unger\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1173050094-2409370911-3331524652-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1173050094-2409370911-3331524652-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify" => key removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Dan Unger\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"HKU\S-1-5-21-1173050094-2409370911-3331524652-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully
TBS => service removed successfully
"C:\Users\Dan Unger\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9642003 B
Java, Flash, Steam htmlcache => 697 B
Windows/system/drivers => 1299363 B
Edge => 0 B
Chrome => 336654518 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42274201 B
systemprofile32 => 15511499 B
LocalService => 0 B
NetworkService => 370930 B
Dan Unger => 16805597 B
 
RecycleBin => 0 B
EmptyTemp: => 411 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 09:29:01 ====


#6 ungerdog1

ungerdog1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:09 AM

Posted 30 August 2016 - 09:40 AM

I would like to remove the rewards program too. Should I use reason core security to do that? Thanks again!



#7 ungerdog1

ungerdog1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:09 AM

Posted 30 August 2016 - 09:43 AM

I must've done something wrong. Hitman Pro is still catching the proxy



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,184 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:09 AM

Posted 31 August 2016 - 10:00 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove the program Via the Control Panel > Programs > Programs and Features.
(HKLM-x32\...\{28261AF8-00B3-4BE6-AFFD-114DB7DF5C1A}) (Version: 1.1.0.368 - e-Rewards Opinion Panel)
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
Hosts:

(Digital Market Research Apps Pty Ltd) C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe
(Digital Market Research Apps Pty Ltd) C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe
R2 EventService; C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe [34304 2015-07-06] (Digital Market Research Apps Pty Ltd) [File not signed]
R2 TransferService; C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe [32256 2015-07-06] (Digital Market Research Apps Pty Ltd) [File not signed]
C:\Program Files (x86)\MR APP
FirewallRules: [{9E942029-F924-4BDC-8B3E-A557B6EB9DAD}] => (Allow) C:\Program Files (x86)\MR APP\MRAPP.UI.exe
FirewallRules: [{961C8CAB-2521-45CD-9F2B-56F68D00B1CA}] => (Allow) C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe
FirewallRules: [{03A11A0B-F025-4F7B-953C-45D72E2D38EF}] => (Allow) C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If Hitman still reports the proxy continue.

Please run the Farbar Recovery Scan Tool. Enter 127.0.0.1:16110 in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

#9 ungerdog1

ungerdog1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:09 AM

Posted 31 August 2016 - 11:57 AM

I screwed up somewhere saving the FRST and the Fixlog. So I ran FRST and Entered 127.0.0.1:16110 in the Search Box. This is the Search.txt file:

 

Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Dan Unger (31-08-2016 11:54:59)
Running from C:\Users\Dan Unger\Downloads
Boot Mode: Normal
 
================== Search Registry: "127.0.0.1:16110" ===========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TeamViewer\Version7]
"ProxyAutoList"="127.0.0.1:16110;;
127.0.0.1:16111;;"
[HKEY_USERS\.DEFAULT\Software\Citrix\GoToAssist\ConnectionInfo]
"Proxy"="127.0.0.1:16110"
[HKEY_USERS\.DEFAULT\Software\Citrix\GoToAssist\ConnectionInfo]
"ProxyNotes"="127.0.0.1:16110,5"
[HKEY_USERS\S-1-5-21-1173050094-2409370911-3331524652-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"="http=127.0.0.1:16110;https=127.0.0.1:16110"
 
====== End of Search ======


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,184 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:09 AM

Posted 31 August 2016 - 01:17 PM

Copy the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.
 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TeamViewer\Version7]
"ProxyAutoList"=-
[HKEY_USERS\.DEFAULT\Software\Citrix\GoToAssist\ConnectionInfo]
"Proxy"=-
[HKEY_USERS\.DEFAULT\Software\Citrix\GoToAssist\ConnectionInfo]
"ProxyNotes"=-
[HKEY_USERS\S-1-5-21-1173050094-2409370911-3331524652-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"=-


Restart the computer when completed.

You can delete the fixme.reg file when done.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#11 ungerdog1

ungerdog1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:09 AM

Posted 05 September 2016 - 12:29 PM

None of these things have worked. Should I not "repair" the proxy problem with hitman pro before running these? Should I try running these in safe mode with networking? Thank you.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,184 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:09 AM

Posted 05 September 2016 - 12:36 PM

The fixme.reg file I suggested you create and run should have removed it.

Did you get any error message when executing the .reg file?

Clean it with Hitman pro if still around.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,184 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:09 AM

Posted 11 September 2016 - 07:32 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,184 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:09 AM

Posted 17 September 2016 - 08:37 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users