1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

New: Adult Friend Finder is spamming when I browse the internet

Discussion in 'Virus & Other Malware Removal' started by a00714916, Jan 27, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. a00714916

    a00714916 Thread Starter

    Joined:
    Jan 27, 2015
    Messages:
    6
    Hi, I am new here and I found this site helpful because I read some past history about some members has a similar situation as I have. I believe I must have download something and somehow this bug came out of no where when I clicked on websites that I know is safe, but it turned out be adultfriendfinder.

    I would like help to remove this bug. Thanks
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    Click on this link to download : ADWCleaner Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop. Do not click on any links in the top Advert.

    See the screenshot where the proper download buttons are highlighted
    [​IMG]

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and double click on this icon on your desktop:

    [​IMG]

    You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done, you will get a message saying "PENDING" , Ignore that & click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.
    Please note: the newer versions of Adwcleaner have a pretty colour display on some versions of windows and slightly different icons. The screenshots are from the older version but are basically the same

    [​IMG]
     
  3. a00714916

    a00714916 Thread Starter

    Joined:
    Jan 27, 2015
    Messages:
    6
    Thanks for helping. I did it and the software can't find any problem. Is there another solution?
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    post the log so I can see what it found and what system you have, That way I can determine what would be the next step.
    Different cleaning tools or analysis tools run on different systems and some tools we commonly use won't run on some versions of windows
     
  5. a00714916

    a00714916 Thread Starter

    Joined:
    Jan 27, 2015
    Messages:
    6
    I ran it several times.

    The first time was yesterday and another one was today.

    # AdwCleaner v4.109 - Report created 26/01/2015 at 23:06:57
    # Updated 24/01/2015 by Xplode
    # Database : 2015-01-25.1 [Live]
    # Operating System : Windows 8.1 (64 bits)
    # Username : Tiffany - LAI
    # Running from : C:\Users\Tiffany\Downloads\adwcleaner_4.109.exe
    # Option : Scan

    ***** [ Services ] *****

    Service Found : vToolbarUpdater18.2.0

    ***** [ Files / Folders ] *****

    File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
    File Found : C:\Users\Tiffany\AppData\Roaming\Mozilla\Firefox\Profiles\6v0d2due.default-1396841135491\searchplugins\avg-secure-search.xml
    Folder Found : C:\Program Files (x86)\AVG SafeGuard toolbar
    Folder Found : C:\Program Files (x86)\AVG Security Toolbar
    Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Found : C:\Program Files (x86)\Toolbar Cleaner
    Folder Found : C:\Program Files\AVG SafeGuard toolbar
    Folder Found : C:\ProgramData\apn
    Folder Found : C:\ProgramData\AVG SafeGuard toolbar
    Folder Found : C:\ProgramData\AVG Secure Search
    Folder Found : C:\ProgramData\AVG Security Toolbar
    Folder Found : C:\ProgramData\Search Protection
    Folder Found : C:\Users\Guest\AppData\Local\AVG SafeGuard toolbar
    Folder Found : C:\Users\Guest\AppData\LocalLow\AVG SafeGuard toolbar
    Folder Found : C:\Users\Tiffany\AppData\Local\AVG SafeGuard toolbar
    Folder Found : C:\Users\Tiffany\AppData\LocalLow\adawaretb
    Folder Found : C:\Users\Tiffany\AppData\LocalLow\AVG SafeGuard toolbar

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;<local>
    Key Found : HKCU\Software\AppDataLow\Software\adawarebp
    Key Found : HKCU\Software\AVG SafeGuard toolbar
    Key Found : HKCU\Software\AVG Security Toolbar
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Softonic
    Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar
    Key Found : [x64] HKCU\Software\AVG Security Toolbar
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : [x64] HKCU\Software\Softonic
    Key Found : HKLM\SOFTWARE\adawaretb
    Key Found : HKLM\SOFTWARE\AVG SafeGuard toolbar
    Key Found : HKLM\SOFTWARE\AVG Security Toolbar
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
    Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
    Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
    Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Found : HKLM\SOFTWARE\Classes\S
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Found : HKLM\SOFTWARE\LookSafe
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Found : HKLM\SOFTWARE\Toolbar Cleaner
    Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Search Protection]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
    Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17416


    -\\ Mozilla Firefox v35.0 (x86 en-US)

    [6v0d2due.default-1396841135491] - Line Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");

    -\\ Google Chrome v40.0.2214.93

    [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M3A066732-7339-408F-AFB6-E9768E24BBE2&SearchSource=58&CUI=&UM=5&UP=SP9AA8362D-31D2-4675-B543-0CA0E048D480&q={searchTerms}&SSPV=
    [C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
    [C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

    *************************

    AdwCleaner[R0].txt - [7965 octets] - [26/01/2015 23:06:57]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8025 octets] ##########


    # AdwCleaner v4.109 - Report created 26/01/2015 at 23:13:41
    # Updated 24/01/2015 by Xplode
    # Database : 2015-01-25.1 [Live]
    # Operating System : Windows 8.1 (64 bits)
    # Username : Tiffany - LAI
    # Running from : C:\Users\Tiffany\Downloads\adwcleaner_4.109.exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : vToolbarUpdater18.2.0

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\ProgramData\AVG Security Toolbar
    Folder Deleted : C:\ProgramData\Search Protection
    Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
    Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar
    Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
    Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
    Folder Deleted : C:\Users\Guest\AppData\Local\AVG SafeGuard toolbar
    Folder Deleted : C:\Users\Guest\AppData\LocalLow\AVG SafeGuard toolbar
    [!] Folder Deleted : C:\Users\Tiffany\AppData\Local\AVG SafeGuard toolbar
    Folder Deleted : C:\Users\Tiffany\AppData\LocalLow\adawaretb
    Folder Deleted : C:\Users\Tiffany\AppData\LocalLow\AVG SafeGuard toolbar
    File Deleted : C:\Users\Tiffany\AppData\Roaming\Mozilla\Firefox\Profiles\6v0d2due.default-1396841135491\searchplugins\avg-secure-search.xml
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Search Protection]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\AVG SafeGuard toolbar
    Key Deleted : HKCU\Software\AVG Security Toolbar
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
    Key Deleted : HKLM\SOFTWARE\adawaretb
    Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
    Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
    Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner
    Key Deleted : HKLM\SOFTWARE\LookSafe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;<local>

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17416


    -\\ Mozilla Firefox v35.0 (x86 en-US)

    [6v0d2due.default-1396841135491\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

    -\\ Google Chrome v40.0.2214.93

    [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M3A066732-7339-408F-AFB6-E9768E24BBE2&SearchSource=58&CUI=&UM=5&UP=SP9AA8362D-31D2-4675-B543-0CA0E048D480&q={searchTerms}&SSPV=

    *************************

    AdwCleaner[R0].txt - [8165 octets] - [26/01/2015 23:06:57]
    AdwCleaner[S0].txt - [7802 octets] - [26/01/2015 23:13:41]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7862 octets] ##########
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    lease download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to download and run the 64 bit version

    • Right click to run as administrator. When the tool opens click Yes to disclaimer.
    • under the optional; scans, please also select shorcuts
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
     
  7. a00714916

    a00714916 Thread Starter

    Joined:
    Jan 27, 2015
    Messages:
    6
    Here is the Addition.txt

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
    Ran by Tiffany at 2015-01-28 21:55:56
    Running from C:\Users\Tiffany\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    ASUS VivoBook (HKLM\...\{04FDBE69-F9FD-42A2-9008-E5CE7F60C6BE}) (Version: 1.0.31 - ASUS)
    µTorrent (HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Akamai NetSession Interface (HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\Akamai) (Version: - Akamai Technologies, Inc)
    Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Arc Catalog (HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\[email protected]@XenApp 6.5.Arc Catalog) (Version: 1.0 - Delivered by Citrix)
    Arc Map (HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\[email protected]@XenApp 6.5.Arc Map) (Version: 1.0 - Delivered by Citrix)
    Arc Scene (HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\[email protected]@XenApp 6.5.Arc Scene) (Version: 1.0 - Delivered by Citrix)
    ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.6 - ASUS)
    ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.6 - ASUS)
    ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.2 - ASUS)
    ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.5 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0018 - ASUS)
    ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.7 - ASUS)
    ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5520.52 - CyberLink Corp.)
    ASUSDVD (x32 Version: 10.0.5520.52 - CyberLink Corp.) Hidden
    AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.310 - ASUSTEK)
    ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS)
    AutoCAD 2015 - English (Version: 20.0.51.0 - Autodesk) Hidden
    AutoCAD 2015 Language Pack - English (Version: 20.0.51.0 - Autodesk) Hidden
    Autodesk 360 (HKLM\...\{556966D9-F7F6-421B-9707-D07901604DDF}) (Version: 5.2.3.1000 - Autodesk)
    Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk)
    Autodesk AutoCAD 2015 - English (HKLM\...\AutoCAD 2015 - English) (Version: 20.0.51.0 - Autodesk)
    Autodesk AutoCAD Performance Feedback Tool Version 1.2.2 (HKLM-x32\...\{85735431-6CD3-4B16-BEC8-95332034E53B}) (Version: 1.2.2.0 - Autodesk)
    Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit (HKLM\...\{9D589081-AFC2-4932-9071-AC585AC1EA83}) (Version: 3.32.3004 - Autodesk)
    Autodesk CAD Manager Tools (HKLM\...\{5783F2D7-0111-0409-0110-0060B0CE6BBA}) (Version: 16.0.0.65 - Autodesk)
    Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
    Autodesk Content Service (x32 Version: 3.2.0.0 - Autodesk) Hidden
    Autodesk Content Service Language Pack (x32 Version: 3.2.0.0 - Autodesk) Hidden
    Autodesk Featured Apps (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk)
    Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
    Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
    Autodesk Network License Manager (HKLM\...\{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 11.12.0 - Autodesk)
    Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.3.1.39 - Autodesk)
    Autodesk ReCap (Version: 1.3.1.39 - Autodesk) Hidden
    AVG (HKLM\...\AvgZen) (Version: 1.0.445 - AVG Technologies)
    AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
    AVG 2015 (Version: 15.0.4273 - AVG Technologies) Hidden
    AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
    AVG Zen (Version: 1.0.445 - AVG Technologies) Hidden
    Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    BitTorrent (HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\BitTorrent) (Version: 7.9.2.37596 - BitTorrent Inc.)
    BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.1 - BlueJ Team)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Canon MP530 (HKLM\...\{3215EBED-1D06-42fb-A05C-A752A46FB24C}) (Version: - )
    CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
    Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
    Eclipse Luna - EE (HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\[email protected]@XenApp 6.5.Eclipse Luna - EE) (Version: 1.0 - Delivered by Citrix)
    Eclipse Luna - Window Builder Pro (HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\[email protected]@XenApp 6.5.Eclipse Luna - Window Builder Pro) (Version: 1.0 - Delivered by Citrix)
    ExpressCache (HKLM\...\{6E55C9F8-138E-4128-8A9F-6464725BE98A}) (Version: 1.0.102.0 - Condusiv Technologies)
    f.lux (HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\Flux) (Version: - )
    FileZilla 373 (HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\[email protected]@XenApp 6.5.FileZilla 373) (Version: 1.0 - Delivered by Citrix)
    Firefox (HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\[email protected]@XenApp 6.5.Firefox) (Version: 1.0 - Delivered by Citrix)
    FME Data Inspector (HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\[email protected]@XenApp 6.5.FME Data Inspector) (Version: 1.0 - Delivered by Citrix)
    FME Workbench (HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\[email protected]@XenApp 6.5.FME Workbench) (Version: 1.0 - Delivered by Citrix)
    FMW 1 (Version: 1.0.308 - AVG Technologies) Hidden
    Focus (HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\[email protected]@XenApp 6.5.Focus) (Version: 1.0 - Delivered by Citrix)
    gedit 2.30.1 (HKLM-x32\...\gedit_is1) (Version: 2.30.1 - GNOME)
    Getting to Know ArcGIS for Desktop Maps and Data (HKLM-x32\...\{FE17456F-23D4-447A-A1B1-26D1E4DB4042}) (Version: 1.00.0000 - Esri)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Greenshot 1.1.9.13 (HKLM\...\Greenshot_is1) (Version: 1.1.9.13 - Greenshot)
    HL-3140CW (HKLM-x32\...\{C6580DE1-F539-4700-ADD2-3185121E51A8}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
    IDLE Python GUI (HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\[email protected]@XenApp 6.5.IDLE Python GUI) (Version: 1.0 - Delivered by Citrix)
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2103 - Intel Corporation)
    Intel(R) Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420}) (Version: 1.9.0.8 - Intel)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
    Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
    iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
    Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    Java SE Development Kit 7 Update 55 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 - Oracle)
    LibreOffice Base (HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\[email protected]@XenApp 6.5.LibreOffice Base) (Version: 1.0 - Delivered by Citrix)
    LibreOffice Calc (HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\[email protected]@XenApp 6.5.LibreOffice Calc) (Version: 1.0 - Delivered by Citrix)
    LibreOffice Write (HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\[email protected]@XenApp 6.5.LibreOffice Write) (Version: 1.0 - Delivered by Citrix)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
    Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Modeler (HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\[email protected]@XenApp 6.5.Modeler) (Version: 1.0 - Delivered by Citrix)
    Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    Mp3tag v2.63 (HKLM-x32\...\Mp3tag) (Version: v2.63 - Florian Heidenreich)
    MusicBee 2.3 (HKLM-x32\...\MusicBee) (Version: 2.3 - Steven Mayall)
    Notepad++ (HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\[email protected]@XenApp 6.5.Notepad++ 667) (Version: 1.0 - Delivered by Citrix)
    NVIDIA Graphics Driver 326.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 326.83 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
    Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
    OrthoEngine (HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\[email protected]@XenApp 6.5.OrthoEngine) (Version: 1.0 - Delivered by Citrix)
    Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    PGAdmin III (HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\[email protected]@XenApp 6.5.PGAdmin III) (Version: 1.0 - Delivered by Citrix)
    PGModeler (HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\[email protected]@XenApp 6.5.PGModeler) (Version: 1.0 - Delivered by Citrix)
    Project 2013 (HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\[email protected]@XenApp 6.5.Project 2013) (Version: 1.0 - Delivered by Citrix)
    ProjectLibre (HKLM-x32\...\{E29A4ED9-3192-4D72-A2E2-9C32B512714D}) (Version: 1.5.19.0 - ProjectLibre)
    Putty (HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\[email protected]@XenApp 6.5.Putty) (Version: 1.0 - Delivered by Citrix)
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
    Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
    QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.)
    Remote Desktop (HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\[email protected]@XenApp 6.5.Remote Desktop) (Version: 1.0 - Delivered by Citrix)
    Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)
    Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    SketchUp Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
    Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.15.438 - ASUS Cloud Corporation)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden
    Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
    Windows Driver Package - ASUS (ATP) Mouse (09/17/2013 1.0.0.186) (HKLM\...\D9E691DCEE7D3B9B7C62A7F5C2EAABBB9335DC9A) (Version: 09/17/2013 1.0.0.186 - ASUS)
    Windows Explorer (HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\[email protected]@XenApp 6.5.Windows Explorer) (Version: 1.0 - Delivered by Citrix)
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
    WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
    WinSCP516 (HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\[email protected]@XenApp 6.5.WinSCP 516) (Version: 1.0 - Delivered by Citrix)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3009666392-3376280035-4207319893-1002_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3009666392-3376280035-4207319893-1002_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-3009666392-3376280035-4207319893-1002_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll (Autodesk, Inc.)

    ==================== Restore Points =========================

    30-12-2014 03:49:42 Scheduled Checkpoint
    14-01-2015 00:03:07 Windows Update
    24-01-2015 22:45:28 Windows Modules Installer
    26-01-2015 22:50:38 OTL Restore Point - 2015-01-26 10:50:38 PM

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {071BB0A4-56E9-45EA-B365-ADC7F9898AF8} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8f65f15a1000 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-02] (Google Inc.)
    Task: {15F37696-C276-44E1-8DC0-EDEACB665B2B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {19367B3B-4169-45B8-BBB2-C740872D92D1} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-08-16] (ASUSTeK Computer Inc.)
    Task: {22BA3113-699F-4805-BE79-317D8A468CF5} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-07-09] ()
    Task: {22CF6723-7DBB-4FFB-A06E-6A8EC3929908} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-28] (ASUSTeK Computer Inc.)
    Task: {2AED9389-3F8A-4477-874B-CF50221E4B3E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {2E2C2E06-7981-4FFD-981D-59376E7F8792} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-08-29] (ASUSTek Computer Inc.)
    Task: {31D0BDE1-A25A-42E9-A5DA-95483100C7D5} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-08-29] (ASUS)
    Task: {3998FD2F-D18E-4258-9976-D25C2186580E} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
    Task: {409DC33B-9666-4C7E-90EB-36F669A1CEB6} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)
    Task: {5438FD8A-A0A4-45EA-8362-20E73CBF5CDE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
    Task: {59C59C18-E58A-4D30-A16F-49CB30984DB9} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-09-23] (AsusTek)
    Task: {5CD13F8D-BC74-49C5-8D30-BB5E6DA3EB84} - System32\Tasks\P4GIntlCtrl => C:\Program Files\ASUS\P4G\IntlDPST.exe [2013-08-29] ()
    Task: {5EE230C3-27E6-4848-BFAB-CBE7BCAEC4DE} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-08-19] (ASUS)
    Task: {95B61B03-A97E-4E51-858E-2DCE5427BEC8} - System32\Tasks\1214tbUpdateInfo => C:\ProgramData\Avg_Update_1214tb\1214tb_{AB68958E-0BB8-4089-8B6B-E361FDE776D8}.exe [2014-12-10] ()
    Task: {A20CF2AA-A971-477E-AF68-FA4840B4914B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {AD639997-56B8-4DFF-ADBA-7BCC720C7950} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
    Task: {ADB69E00-00D3-44B6-9E8B-132CBB139029} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
    Task: {B4DBC3A6-2214-4E8A-AD60-CF9B8D4D637C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
    Task: {BE432767-0C98-4D5C-A1E7-AF54A7E3122C} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-28] (ASUSTeK Computer Inc.)
    Task: {C87D0B1A-3D01-4B55-A4B3-EE4C5BBE2EA4} - System32\Tasks\Open Chrome => Chrome.exe --new-window http://toolbar.avg.com/almost-done?pid=safeguard&amp;lang=en
    Task: {DCC30A5A-6954-4482-A7E2-BCB793F3241F} - System32\Tasks\ASUS Vivokey => C:\Program Files\ASUS\ASUS VivoBook\vivokey.exe [2013-08-23] (ASUSTek Computer Inc.)
    Task: {E0782233-5AF1-4BB5-B1EB-54CB733EF7DD} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6c75b50a257f => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-02] (Google Inc.)
    Task: {E1570C9E-1E66-4D68-973B-5CB05939FA4B} - System32\Tasks\AVG_SYS_TASK_0214d_RUN => C:\ProgramData\Avg_Update_0214d\AVG-Secure-Search-Update_0214d.exe
    Task: {EE9443C8-9FAD-4756-8DD3-CF101DB9927E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8f65f15a1000.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6c75b50a257f.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-12-18 08:07 - 2013-08-20 21:47 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
    2013-08-29 16:01 - 2013-08-29 16:01 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
    2013-09-07 01:48 - 2013-09-07 01:48 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
    2013-09-07 01:45 - 2013-09-07 01:45 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
    2013-09-07 01:52 - 2013-09-07 01:52 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
    2014-05-01 19:05 - 2014-05-01 19:05 - 00232328 _____ () C:\Program Files\Autodesk\Autodesk Sync\qjson_Ad_0.dll
    2014-05-01 19:05 - 2014-05-01 19:05 - 00048520 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
    2014-05-01 19:05 - 2014-05-01 19:05 - 00059784 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
    2014-05-01 19:05 - 2014-05-01 19:05 - 00922504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
    2014-05-01 19:05 - 2014-05-01 19:05 - 00228744 _____ () C:\Program Files\Autodesk\Autodesk Sync\plugins\crypto\qca-ossl_Ad_2.dll
    2014-11-06 21:10 - 2014-11-06 21:10 - 01362216 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe
    2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-08-16 10:03 - 2013-08-16 10:03 - 00023040 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
    2013-08-19 17:16 - 2013-08-19 17:16 - 00015440 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
    2014-04-22 19:23 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
    2014-11-16 21:17 - 2014-11-16 21:17 - 31842816 _____ () C:\Program Files (x86)\AVG\Framework\Common\libcef.dll
    2013-12-18 08:05 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2015-01-27 22:19 - 2015-01-27 22:19 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2015-01-26 22:51 - 2015-01-24 22:08 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
    2015-01-26 22:51 - 2015-01-24 22:08 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll
    2015-01-26 22:51 - 2015-01-24 22:08 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
    2013-04-27 10:24 - 2013-04-27 10:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
    2015-01-26 22:51 - 2015-01-24 22:08 - 14913864 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Tiffany\SkyDrive:ms-properties
    AlternateDataStreams: C:\Users\Tiffany\SkyDrive.old:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\Run32: => "iTunesHelper"

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3009666392-3376280035-4207319893-500 - Administrator - Disabled)
    Guest (S-1-5-21-3009666392-3376280035-4207319893-501 - Limited - Enabled) => C:\Users\Guest
    Tiffany (S-1-5-21-3009666392-3376280035-4207319893-1002 - Administrator - Enabled) => C:\Users\Tiffany
    UpdatusUser (S-1-5-21-3009666392-3376280035-4207319893-1001 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/27/2015 09:53:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 18123921

    Error: (01/27/2015 09:53:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 18123921

    Error: (01/27/2015 09:53:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/27/2015 04:52:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 36375

    Error: (01/27/2015 04:52:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 36375

    Error: (01/27/2015 04:52:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/27/2015 04:52:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 32390

    Error: (01/27/2015 04:52:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 32390

    Error: (01/27/2015 04:52:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/27/2015 04:52:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 28390


    System errors:
    =============
    Error: (01/27/2015 07:24:03 AM) (Source: Schannel) (EventID: 4116) (User: LAI)
    Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is client.wns.windows.com. The SSL connection request has failed. The attached data contains the server certificate.

    Error: (01/27/2015 07:24:03 AM) (Source: Schannel) (EventID: 4120) (User: LAI)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552.

    Error: (01/26/2015 11:14:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Search service failed to start due to the following error:
    %%3

    Error: (01/26/2015 11:13:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s).

    Error: (01/26/2015 11:13:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The McAfee Validation Trust Protection Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (01/26/2015 11:13:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The McAfee Firewall Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (01/26/2015 11:13:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The BrYNSvc service terminated unexpectedly. It has done this 1 time(s).

    Error: (01/26/2015 11:13:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (01/26/2015 11:13:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The GamesAppIntegrationService service terminated unexpectedly. It has done this 1 time(s).

    Error: (01/26/2015 11:13:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel(R) ME Service service terminated unexpectedly. It has done this 1 time(s).


    Microsoft Office Sessions:
    =========================
    Error: (01/27/2015 09:53:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 18123921

    Error: (01/27/2015 09:53:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 18123921

    Error: (01/27/2015 09:53:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/27/2015 04:52:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 36375

    Error: (01/27/2015 04:52:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 36375

    Error: (01/27/2015 04:52:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/27/2015 04:52:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 32390

    Error: (01/27/2015 04:52:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 32390

    Error: (01/27/2015 04:52:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/27/2015 04:52:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 28390


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
    Percentage of memory in use: 53%
    Total physical RAM: 6027.21 MB
    Available physical RAM: 2819.88 MB
    Total Pagefile: 17291.21 MB
    Available Pagefile: 13496.21 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.84 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:264.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (Data) (Fixed) (Total:537.8 GB) (Free:537.59 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: B0545A54)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 1 (Size: 22.4 GB) (Disk ID: 3D2AECB2)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================



    And the FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
    Ran by Tiffany (administrator) on LAI on 28-01-2015 21:54:36
    Running from C:\Users\Tiffany\Downloads
    Loaded Profiles: UpdatusUser & Tiffany (Available profiles: UpdatusUser & Tiffany & Guest)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
    (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
    (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
    (Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
    (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
    (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
    (ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
    (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    (ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS VivoBook\vivokey.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    (Microsoft Corporation) C:\Windows\System32\InputMethod\KOR\KorIME.exe
    (Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
    (Microsoft Corporation) C:\Windows\System32\InputMethod\CHT\ChtIME.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Akamai Technologies, Inc.) C:\Users\Tiffany\AppData\Local\Akamai\netsession_win.exe
    (Akamai Technologies, Inc.) C:\Users\Tiffany\AppData\Local\Akamai\netsession_win.exe
    (Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
    (Flux Software LLC) C:\Users\Tiffany\AppData\Local\FluxSoftware\Flux\flux.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
    (Microsoft Corporation) C:\Windows\System32\InputMethod\KOR\KorIME.exe
    (Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
    (Microsoft Corporation) C:\Windows\System32\InputMethod\CHT\ChtIME.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
    (TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe
    () C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\AuthManager\AuthManSvr.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [111976 2013-09-10] (Intel Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
    HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-09-06] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\ASUSWSLoader.exe [63272 2014-11-06] ()
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
    HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
    HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [zzzHPSETUP] => E:\Setup.exe
    HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1140688 2015-01-16] (AVG Technologies CZ, s.r.o.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Qualcomm®Atheros®))
    HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Tiffany\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1235336 2014-08-28] (Autodesk, Inc.)
    HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\Run: [f.lux] => C:\Users\Tiffany\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
    HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [761064 2014-12-02] (Adobe Systems Incorporated)
    HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\Policies\Explorer: []
    HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\...\Policies\Explorer: [NoLogOff] 0
    HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1235336 2014-08-28] (Autodesk, Inc.)
    AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-08-20] (NVIDIA Corporation)
    AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-08-20] (NVIDIA Corporation)
    Startup: C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk
    ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.15.438\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.15.438\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.15.438\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-3009666392-3376280035-4207319893-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com/?pc=ASJB
    HKU\S-1-5-21-3009666392-3376280035-4207319893-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
    HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.ca.msn.com/
    HKU\S-1-5-21-3009666392-3376280035-4207319893-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch2.lavasoft.com/...9&idate=__installtime__&ent=hp&u=___userid___
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3009666392-3376280035-4207319893-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 64.59.144.91 64.59.150.137 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Tiffany\AppData\Roaming\Mozilla\Firefox\Profiles\6v0d2due.default-1396841135491
    FF DefaultSearchEngine: Google
    FF Homepage: google.com
    FF Keyword.URL:
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Extension: MEGA - C:\Users\Tiffany\AppData\Roaming\Mozilla\Firefox\Profiles\6v0d2due.default-1396841135491\Extensions\[email protected] [2014-12-28]
    FF Extension: Adblock Plus - C:\Users\Tiffany\AppData\Roaming\Mozilla\Firefox\Profiles\6v0d2due.default-1396841135491\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-06]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M3A066732-7339-408F-AFB6-E9768E24BBE2&SearchSource=55&CUI=&UM=5&UP=SP9AA8362D-31D2-4675-B543-0CA0E048D480&SSPV=", "hxxp://mysearch.avg.com?cid={4083CD16-1B56-4C61-8E9D-2878455AA0C4}&mid=14994dacf2e147d2a1e4bd389f37d449-5d2391240712c075f1f4122fc22989471d21d3b2&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-24 13:47:56&v=18.1.0.443&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={4083CD16-1B56-4C61-8E9D-2878455AA0C4}&mid=14994dacf2e147d2a1e4bd389f37d449-5d2391240712c075f1f4122fc22989471d21d3b2&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-24 13:47:56&v=18.1.7.598&pid=safeguard&sg=&sap=hp", "https://mysearch.avg.com?cid={4083CD16-1B56-4C61-8E9D-2878455AA0C4}&mid=14994dacf2e147d2a1e4bd389f37d449-5d2391240712c075f1f4122fc22989471d21d3b2&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-24 13:47:56&v=18.1.9.799&pid=safeguard&sg=&sap=hp"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Translate) - C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-01-26]
    CHR Extension: (Google Slides) - C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-26]
    CHR Extension: (Google Docs) - C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-02]
    CHR Extension: (Google Drive) - C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-02]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
    CHR Extension: (YouTube) - C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-02]
    CHR Extension: (Adblock Plus) - C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-26]
    CHR Extension: (TypingWeb Typing Tutor) - C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Extensions\clcgempicojkfhpnepfecmklndooebjk [2015-01-26]
    CHR Extension: (Google Search) - C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-02]
    CHR Extension: (Black Menu for Google&#8482;) - C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Extensions\eignhdfgaldabilaaegmdfbajngjmoke [2015-01-26]
    CHR Extension: (Google Sheets) - C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-26]
    CHR Extension: (AdBlock) - C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-26]
    CHR Extension: (Hola Better Internet) - C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-01-26]
    CHR Extension: (Avast Online Security) - C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-26]
    CHR Extension: (Keep My Opt-Outs) - C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe [2015-01-26]
    CHR Extension: (Chromebook Recovery Utility) - C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndclpdbaamdhonoechobihbbiimdgai [2015-01-26]
    CHR Extension: (FVD Downloader) - C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2015-01-26]
    CHR Extension: (Google Input Tools) - C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Extensions\mclkkofklkfljcocdinagocijmpgbhab [2015-01-26]
    CHR Extension: (Google Dictionary (by Google)) - C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2015-01-26]
    CHR Extension: (Ghostery) - C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-01-26]
    CHR Extension: (Google Wallet) - C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-02]
    CHR Extension: (Gmail) - C:\Users\Tiffany\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-02]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
    R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
    R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
    R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [865744 2015-01-16] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
    R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
    R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115632 2013-09-10] (Intel Corporation)
    R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116656 2013-09-10] (Intel Corporation)
    R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148688 2013-09-10] (Intel Corporation)
    R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124880 2013-09-10] (Intel Corporation)
    R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107792 2013-07-03] (Condusiv Technologies)
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
    S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
    R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
    R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-07] (Atheros) [File not signed]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
    R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70416 2013-09-23] (ASUS Corporation)
    S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
    R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [52000 2014-12-31] (AVG Technologies)
    R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
    R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
    R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
    S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
    R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [143568 2013-09-10] (Intel Corporation)
    R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [114680 2013-09-10] (Intel Corporation)
    R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [287160 2013-09-10] (Intel Corporation)
    R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494272 2013-09-10] (Intel Corporation)
    R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [25872 2013-07-03] (Condusiv Technologies)
    R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112912 2013-07-03] (Condusiv Technologies)
    R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
    S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
    S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-04-03] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
    R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-08-29] (Windows (R) Win 7 DDK provider)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
    U0 msahci; No ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-28 21:54 - 2015-01-28 21:55 - 00032119 _____ () C:\Users\Tiffany\Downloads\FRST.txt
    2015-01-28 21:54 - 2015-01-28 21:54 - 00000000 ____D () C:\FRST
    2015-01-28 21:52 - 2015-01-28 21:52 - 02130432 _____ (Farbar) C:\Users\Tiffany\Downloads\FRST64.exe
    2015-01-27 22:43 - 2015-01-27 22:43 - 00000000 ___SH () C:\DkHyperbootSync
    2015-01-27 22:19 - 2015-01-27 22:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-27 08:49 - 2015-01-27 08:49 - 02194432 _____ () C:\Users\Tiffany\Downloads\AdwCleaner.exe
    2015-01-26 23:34 - 2015-01-26 23:34 - 00002325 _____ () C:\Users\Tiffany\Desktop\Chrome App Launcher.lnk
    2015-01-26 23:34 - 2015-01-26 23:34 - 00000000 ____D () C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-01-26 23:31 - 2015-01-26 23:31 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-01-26 23:12 - 2015-01-26 23:12 - 00134766 _____ () C:\Users\Tiffany\Downloads\OTL1.Txt
    2015-01-26 23:11 - 2015-01-26 23:11 - 00069226 _____ () C:\Users\Tiffany\Downloads\Extras.Txt
    2015-01-26 23:08 - 2015-01-26 23:08 - 00134766 _____ () C:\Users\Tiffany\Downloads\OTL.Txt
    2015-01-26 23:06 - 2015-01-27 22:05 - 00000000 ____D () C:\AdwCleaner
    2015-01-26 23:06 - 2015-01-26 23:06 - 02194432 _____ () C:\Users\Tiffany\Downloads\adwcleaner_4.109.exe
    2015-01-26 23:01 - 2015-01-26 23:01 - 00001820 _____ () C:\Users\Tiffany\Downloads\software_removal_tool.log
    2015-01-26 22:37 - 2015-01-26 22:37 - 00602112 _____ (OldTimer Tools) C:\Users\Tiffany\Downloads\OTL.exe
    2015-01-26 22:16 - 2015-01-26 22:16 - 00000000 ____D () C:\Users\Tiffany\Documents\Church Messages
    2015-01-21 22:56 - 2015-01-21 22:56 - 00001163 _____ () C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PGModeler.lnk
    2015-01-17 23:58 - 2015-01-17 23:58 - 00001221 _____ () C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IDLE Python GUI.lnk
    2015-01-17 23:31 - 2015-01-17 23:31 - 00001339 _____ () C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eclipse Luna - Window Builder Pro.lnk
    2015-01-17 23:31 - 2015-01-17 23:31 - 00001273 _____ () C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Explorer.lnk
    2015-01-17 23:31 - 2015-01-17 23:31 - 00001236 _____ () C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FME Data Inspector.lnk
    2015-01-17 23:31 - 2015-01-17 23:31 - 00001230 _____ () C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LibreOffice Write.lnk
    2015-01-17 23:31 - 2015-01-17 23:31 - 00001223 _____ () C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LibreOffice Calc.lnk
    2015-01-17 23:31 - 2015-01-17 23:31 - 00001223 _____ () C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LibreOffice Base.lnk
    2015-01-17 23:31 - 2015-01-17 23:31 - 00001220 _____ () C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eclipse Luna - EE.lnk
    2015-01-17 23:31 - 2015-01-17 23:31 - 00001205 _____ () C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Remote Desktop.lnk
    2015-01-17 23:31 - 2015-01-17 23:31 - 00001203 _____ () C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OrthoEngine.lnk
    2015-01-17 23:31 - 2015-01-17 23:31 - 00001202 _____ () C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla 373.lnk
    2015-01-17 23:31 - 2015-01-17 23:31 - 00001198 _____ () C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Arc Catalog.lnk
    2015-01-17 23:31 - 2015-01-17 23:31 - 00001194 _____ () C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FME Workbench.lnk
    2015-01-17 23:31 - 2015-01-17 23:31 - 00001187 _____ () C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Project 2013.lnk
    2015-01-17 23:31 - 2015-01-17 23:31 - 00001181 _____ () C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
    2015-01-17 23:31 - 2015-01-17 23:31 - 00001180 _____ () C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Arc Scene.lnk
    2015-01-17 23:31 - 2015-01-17 23:31 - 00001177 _____ () C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinSCP516.lnk
    2015-01-17 23:31 - 2015-01-17 23:31 - 00001176 _____ () C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PGAdmin III.lnk
    2015-01-17 23:31 - 2015-01-17 23:31 - 00001165 _____ () C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Modeler.lnk
    2015-01-17 23:31 - 2015-01-17 23:31 - 00001160 _____ () C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Arc Map.lnk
    2015-01-17 23:31 - 2015-01-17 23:31 - 00001145 _____ () C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Focus.lnk
    2015-01-17 23:31 - 2015-01-17 23:31 - 00001143 _____ () C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2015-01-17 23:31 - 2015-01-17 23:31 - 00001123 _____ () C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Putty.lnk
    2015-01-17 23:31 - 2015-01-17 23:31 - 00000000 ____D () C:\Users\Tiffany\AppData\Roaming\Citrix
    2015-01-17 15:23 - 2015-01-17 15:23 - 00000000 ____D () C:\Users\Tiffany\Documents\Project
    2015-01-13 22:38 - 2014-12-18 22:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-13 22:38 - 2014-12-11 18:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-13 22:38 - 2014-12-11 16:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
    2015-01-13 22:38 - 2014-12-08 17:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-13 22:38 - 2014-12-08 11:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
    2015-01-13 22:38 - 2014-12-08 11:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
    2015-01-13 22:38 - 2014-12-08 11:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
    2015-01-13 22:38 - 2014-12-08 11:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
    2015-01-13 22:38 - 2014-12-08 11:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
    2015-01-13 22:38 - 2014-12-08 11:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2015-01-13 22:38 - 2014-12-08 11:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
    2015-01-13 22:38 - 2014-12-08 11:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
    2015-01-13 22:38 - 2014-12-05 19:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
    2015-01-13 22:38 - 2014-12-05 17:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-13 22:38 - 2014-12-05 17:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
    2015-01-13 22:38 - 2014-10-28 20:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
    2015-01-13 22:38 - 2014-10-28 20:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
    2015-01-13 22:38 - 2014-10-28 19:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2015-01-13 22:38 - 2014-10-28 19:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2015-01-13 22:38 - 2014-10-28 19:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2015-01-13 22:38 - 2014-10-28 19:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2015-01-13 22:38 - 2014-10-28 19:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
    2015-01-13 22:38 - 2014-10-28 19:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
    2015-01-13 22:38 - 2014-10-28 19:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2015-01-13 22:38 - 2014-10-28 19:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2015-01-13 22:38 - 2014-10-28 19:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2015-01-13 22:38 - 2014-10-28 18:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
    2015-01-13 22:38 - 2014-10-28 17:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
    2015-01-13 22:38 - 2014-10-28 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
    2015-01-13 22:38 - 2014-10-28 17:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2015-01-13 22:38 - 2014-10-28 17:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-01-02 11:15 - 2015-01-02 11:29 - 866329197 _____ () C:\Users\Tiffany\Downloads\2014 Yoona Airport [@yoonaddictcom].zip
    2015-01-01 14:31 - 2015-01-01 14:47 - 00001746 _____ () C:\Users\Tiffany\Documents\export.ics
    2014-12-31 10:03 - 2014-12-31 10:03 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2014-12-31 00:26 - 2014-12-31 00:26 - 00000732 _____ () C:\Users\Public\Desktop\Intel(R) HD Graphics Control Panel.lnk
    2014-12-30 19:41 - 2014-12-30 19:41 - 00000863 _____ () C:\Users\Tiffany\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
    2014-12-30 19:40 - 2014-12-31 00:19 - 00000000 ____D () C:\Users\Tiffany\AppData\Roaming\BitTorrent
    2014-12-30 19:40 - 2014-12-30 19:40 - 01691224 _____ (BitTorrent Inc.) C:\Users\Tiffany\Downloads\BitTorrent.exe
    2014-12-30 19:39 - 2014-12-30 23:40 - 00000000 ____D () C:\Users\Tiffany\Downloads\Gone Girl (2014)
    2014-12-30 19:39 - 2014-12-30 19:39 - 00010509 _____ () C:\Users\Tiffany\Downloads\[kickass.so]gone.girl.2014.720p.brrip.x264.yify.torrent
    2014-12-30 19:35 - 2014-12-30 19:35 - 00022719 _____ () C:\Users\Tiffany\Downloads\[kickass.so]gone.girl.2014.1080p.brrip.x264.yify.torrent

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-28 21:54 - 2014-04-05 08:53 - 00000000 ____D () C:\ProgramData\MFAData
    2015-01-28 21:54 - 2014-04-02 20:13 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{142484A7-C1E5-4E86-AA5F-8CAEA7383B4C}
    2015-01-28 21:54 - 2013-12-18 08:54 - 00003474 _____ () C:\Windows\System32\Tasks\ASUS Live Update1
    2015-01-28 21:54 - 2013-12-18 08:54 - 00003464 _____ () C:\Windows\System32\Tasks\ASUS Live Update2
    2015-01-28 21:51 - 2014-10-22 21:13 - 01340125 _____ () C:\Windows\WindowsUpdate.log
    2015-01-28 21:51 - 2014-04-02 20:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-01-28 21:51 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sru
    2015-01-27 23:45 - 2014-04-27 22:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-27 22:47 - 2014-05-10 09:31 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6c75b50a257f.job
    2015-01-27 22:08 - 2014-04-02 19:29 - 00000000 ____D () C:\Users\Tiffany\AppData\Roaming\WebStorage
    2015-01-27 22:04 - 2014-04-02 19:26 - 00000074 _____ () C:\Users\Tiffany\AppData\Roaming\sp_data.sys
    2015-01-27 22:03 - 2014-09-01 19:43 - 00000000 ___RD () C:\Users\Tiffany\SkyDrive
    2015-01-27 22:03 - 2014-06-23 20:37 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8f65f15a1000.job
    2015-01-27 22:02 - 2014-12-13 17:23 - 00007933 _____ () C:\Windows\setupact.log
    2015-01-27 22:02 - 2014-11-18 08:31 - 00041386 _____ () C:\Windows\PFRO.log
    2015-01-27 22:02 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-27 22:02 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
    2015-01-27 21:56 - 2013-08-22 07:20 - 00000000 ____D () C:\Windows\CbsTemp
    2015-01-27 08:12 - 2014-04-02 19:31 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3009666392-3376280035-4207319893-1002
    2015-01-27 00:12 - 2013-08-22 07:36 - 00000000 __RSD () C:\Windows\Media
    2015-01-26 23:32 - 2014-04-06 19:32 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-26 23:31 - 2014-04-06 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-01-26 23:31 - 2014-04-06 19:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-01-26 22:51 - 2014-04-02 20:21 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-01-24 12:45 - 2014-04-27 22:16 - 00003712 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-01-22 00:26 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness
    2015-01-21 22:26 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
    2015-01-19 13:32 - 2014-04-03 21:05 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-01-19 13:32 - 2014-04-03 21:05 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-01-17 23:30 - 2014-09-03 17:41 - 00000000 ____D () C:\Users\Tiffany\AppData\Local\Citrix
    2015-01-16 23:57 - 2014-07-22 21:54 - 00000000 ____D () C:\Users\Tiffany\AppData\Roaming\vlc
    2015-01-14 21:22 - 2014-04-05 11:08 - 00000000 ____D () C:\Users\Tiffany\AppData\Local\CrashDumps
    2015-01-14 21:21 - 2014-04-02 21:10 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-14 00:05 - 2014-04-02 21:10 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-12 21:27 - 2014-11-16 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2015-01-12 21:27 - 2014-04-05 08:55 - 00000000 ___HD () C:\$AVG
    2015-01-10 11:13 - 2014-04-02 19:26 - 00000000 ____D () C:\Users\Tiffany\Documents\Bluetooth Folder
    2015-01-04 23:00 - 2014-08-25 09:19 - 00000000 ____D () C:\Users\Tiffany\Documents\BCIT
    2014-12-31 11:02 - 2014-06-24 12:47 - 00052000 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
    2014-12-31 10:13 - 2014-04-14 20:08 - 00000000 ____D () C:\Users\Tiffany\AppData\Local\Adobe
    2014-12-31 10:06 - 2014-06-18 18:25 - 00000000 ____D () C:\Users\Tiffany\Documents\Invoice
    2014-12-31 10:01 - 2013-12-18 08:01 - 00016822 _____ () C:\Windows\system32\results.xml
    2014-12-31 00:26 - 2013-12-18 08:00 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
    2014-12-31 00:23 - 2013-09-06 14:46 - 00202170 _____ () C:\Windows\system32\prfh0404.dat
    2014-12-31 00:23 - 2013-09-06 14:46 - 00066646 _____ () C:\Windows\system32\prfc0404.dat
    2014-12-31 00:23 - 2013-09-06 14:38 - 00463814 _____ () C:\Windows\system32\prfh0804.dat
    2014-12-31 00:23 - 2013-09-06 14:38 - 00145642 _____ () C:\Windows\system32\prfc0804.dat
    2014-12-31 00:23 - 2013-09-06 14:07 - 01660868 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-12-30 19:43 - 2014-07-18 22:37 - 00000000 ____D () C:\Users\Tiffany\AppData\Roaming\uTorrent
    2014-12-29 10:16 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\rescache

    ==================== Files in the root of some directories =======

    2014-06-24 12:47 - 2014-06-25 21:13 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
    2014-05-24 13:21 - 2014-05-24 13:21 - 0000021 _____ () C:\Users\Tiffany\AppData\Roaming\my_intel.sys
    2014-04-02 19:26 - 2015-01-27 22:04 - 0000074 _____ () C:\Users\Tiffany\AppData\Roaming\sp_data.sys
    2013-12-18 08:17 - 2013-12-18 08:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2014-09-20 15:11 - 2014-09-20 15:11 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    2013-09-06 14:06 - 2012-09-07 03:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
    2013-09-06 14:06 - 2009-07-22 02:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
    2013-09-06 14:06 - 2012-09-07 03:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

    Files to move or delete:
    ====================
    C:\ProgramData\SetStretch.exe
    C:\ProgramData\SetStretch.VBS


    Some content of TEMP:
    ====================
    C:\Users\Tiffany\AppData\Local\Temp\utt8628.tmp.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-22 00:26

    ==================== End Of Log ============================
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    I can see a few suspicious entries

    If you do not already have it, Download The 14 day free trial of Malwarebytes PRO, (which will revert to the free version if you decide not to buy it) from here: Malwarebytes Pro. Install the program, run it and let it update. If you already have Malwarebytes launch the program.

    • Select Perform full scan and click on the Scan button. When the scan completes click on Show Results.
    • If the scan does not find any infections the log will appear as soon as it completes, please Copy & Paste it into your next reply.
    • If items are detected it will stay on the Scanner window and you will see Objects detected: 1 (the number may be higher).
    • Click on Show Results and put a check mark next to all the items displayed in the list by clicking on each one in turn <--- very important, then click on Remove Selected.
    • The log will appear, Copy & Paste it into your next post.
    • Click on OK and close the window.
     
  9. a00714916

    a00714916 Thread Starter

    Joined:
    Jan 27, 2015
    Messages:
    6
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2015-01-29
    Scan Time: 7:32:07 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.01.30.01
    Rootkit Database: v2015.01.14.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Tiffany

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 443735
    Time Elapsed: 37 min, 37 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2015-01-29
    Scan Time: 7:32:07 PM
    Logfile: log.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.01.30.01
    Rootkit Database: v2015.01.14.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Tiffany

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 443735
    Time Elapsed: 37 min, 37 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
  11. a00714916

    a00714916 Thread Starter

    Joined:
    Jan 27, 2015
    Messages:
    6
    Thank you. I do notice my computer is very slow lately, I recently download hola and didn't realize it was causing the problem.
    I will report back if I find any problems with browsing the web again.
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1141943

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice