Jump to content

Adware infected: MBAM Starts, but crashes on any action (scan or update)

arzachel
 Share

Recommended Posts

arzachel

arzachel

Posted
Posted

Regclean Pro/Advanced System Defender unremovable through conventional means(installer doesn't start)

Chrome search engine changes to "v9 search engine" (Only happens on system restart, if I set it to something different, it will stay put until I restart)

MBAM crashes on database update, clean removed it several times, and it wouldn't even reintsall unless I was in safe mode (installer would hang at the very end when you click finish), Continues to crash on update and if i try to scan

 

 

FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-06-2014 02
Ran by fix (administrator) on DANIELLE-HP on 28-06-2014 15:57:17
Running from C:\Users\fix\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\pcreg\pcreg.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\F978377C-B7D4-4536-8E10-14CA97B13394\SupraSavingsService64.exe
() C:\Windows\System32\U2VSvr.exe
() C:\Program Files (x86)\FRYS\FR-300USB revA\WlanWpsSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\Program Files (x86)\SupTab\SearchProtect64.dll [102512 2014-05-08] (Skytech Co., Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => C:\Program Files (x86)\SupTab\SearchProtect32.dll [91248 2014-05-08] (Skytech Co., Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk
ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com/web/?type=ds&ts=1403488958&from=tugs&uid=ST3750528AS_9VPCB42D&i=psd&t=3448b6b6c&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?type=hp&ts=1403488958&from=tugs&uid=ST3750528AS_9VPCB42D&i=psd&t=3448b6b6c
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com/web/?type=ds&ts=1403488958&from=tugs&uid=ST3750528AS_9VPCB42D&i=psd&t=3448b6b6c&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com/web/?type=ds&ts=1403488958&from=tugs&uid=ST3750528AS_9VPCB42D&i=psd&t=3448b6b6c&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?type=hp&ts=1403488958&from=tugs&uid=ST3750528AS_9VPCB42D&i=psd&t=3448b6b6c
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com/web/?type=ds&ts=1403488958&from=tugs&uid=ST3750528AS_9VPCB42D&i=psd&t=3448b6b6c&q={searchTerms}
SearchScopes: HKLM - DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://search.v9.com/web/?type=ds&ts=1403488958&from=tugs&uid=ST3750528AS_9VPCB42D&i=psd&t=3448b6b6c&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_cmi_14_25_ch&cd=2XzuyEtN2Y1L1QzutA0C0DzytB0ByD0AtD0FtAzz0ByBzz0FtN0D0Tzu0SzytDyEtN1L2XzutBtFtBtCtFzytFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2StDyCyC0CtBzz0C0EtGtA0FtAyCtGyE0C0DzytG0EyDyDzztGyDyC0FyEtCyEyBtA0Azy0Ezz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtDtB0FyDyCtAtGzzyDyCtAtG0FtA0C0DtGtAyDzytDtGtC0D0E0Bzy0CtAzyyB0F0EyC2Q&cr=398420547&ir=
SearchScopes: HKLM - {408B68F5-62BA-495F-9A57-7B11B7A37AA4} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E5Dwlim0,9a3e848b-7eca-4e7d-b355-82d5357df9af,&q={searchTerms}
SearchScopes: HKLM - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?type=ds&ts=1403488958&from=tugs&uid=ST3750528AS_9VPCB42D&i=psd&t=3448b6b6c&q={searchTerms}
SearchScopes: HKLM-x32 - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: No Name - {374CDE0E-83F4-3962-F29A-4383B09FF638} - No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: No Name - {375F83E9-2608-43DA-892C-D0CA048745C8} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
Toolbar: HKLM - No Name - {8319612E-9BBF-447E-9C4F-87C66D29CD9E} - No File
Toolbar: HKLM-x32 - No Name - {8319612E-9BBF-447E-9C4F-87C66D29CD9E} - No File
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-03-05]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR Extension: (Google Docs) - C:\Users\fix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-28]
CHR Extension: (Google Drive) - C:\Users\fix\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-28]
CHR Extension: (YouTube) - C:\Users\fix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-28]
CHR Extension: (Google Search) - C:\Users\fix\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-28]
CHR Extension: (Skype Click to Call) - C:\Users\fix\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-06-28]
CHR Extension: (Google Wallet) - C:\Users\fix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-28]
CHR Extension: (Quick start) - C:\Users\fix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-06-28]
CHR Extension: (Gmail) - C:\Users\fix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-28]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-06-22]

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-04-25] ()
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 SupraSavingsService64; C:\Program Files (x86)\F978377C-B7D4-4536-8E10-14CA97B13394\SupraSavingsService64.exe [172544 2014-06-25] () [File not signed]
R2 U2VSvr; C:\Windows\system32\U2VSvr.exe [270200 2009-08-26] ()
R2 WlanWpsSvc; C:\Program Files (x86)\FRYS\FR-300USB revA\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] ()

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-10-09] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed]
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-12] (NetFilterSDK.com)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R3 T1PExGrp64; C:\Windows\System32\DRIVERS\T1PExGrp64.sys [30336 2009-12-09] (Magic Control Technology Corp.)
R3 T1PMrGrp64; C:\Windows\System32\DRIVERS\T1PMrGrp64.sys [32896 2009-12-28] (Magic Control Technology Corp.)
S3 t1pusb64; C:\Windows\System32\drivers\t1pusb64.sys [128384 2009-12-28] (Magic Control Technology Corp.)
R1 {c486bc7a-4f2c-4a8b-ac38-4952f70809b9}Gw64; C:\Windows\System32\drivers\{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}Gw64.sys [61120 2014-06-17] (StdLib)
R1 {c486bc7a-4f2c-4a8b-ac38-4952f70809b9}w64; C:\Windows\System32\drivers\{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}w64.sys [61120 2014-06-09] (StdLib)
S3 SMUpdd; \??\C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [X]
S1 ssnfd; system32\drivers\ssnfd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-28 15:57 - 2014-06-28 15:57 - 00020480 _____ () C:\Users\fix\Downloads\FRST.txt
2014-06-28 15:57 - 2014-06-28 15:57 - 00000000 ____D () C:\FRST
2014-06-28 15:55 - 2014-06-28 15:56 - 02083328 _____ (Farbar) C:\Users\fix\Downloads\FRST64.exe
2014-06-28 15:54 - 2014-06-28 15:54 - 00000000 ____D () C:\Users\fix\AppData\Roaming\Hewlett-Packard
2014-06-28 15:51 - 2014-06-28 15:51 - 00000000 ____D () C:\Users\fix\AppData\Local\CrashDumps
2014-06-28 15:50 - 2014-06-28 15:50 - 00001415 _____ () C:\Users\fix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-28 15:50 - 2014-06-28 15:50 - 00000020 ___SH () C:\Users\fix\ntuser.ini
2014-06-28 15:50 - 2014-06-28 15:50 - 00000000 ____D () C:\Users\fix\AppData\Roaming\Apple Computer
2014-06-28 15:50 - 2014-06-28 15:50 - 00000000 ____D () C:\Users\fix\AppData\Roaming\Adobe
2014-06-28 15:50 - 2014-06-28 15:50 - 00000000 ____D () C:\Users\fix\AppData\Local\Google
2014-06-28 15:50 - 2014-06-28 15:50 - 00000000 ____D () C:\Users\fix
2014-06-28 15:50 - 2013-09-28 16:49 - 00002102 _____ () C:\Users\fix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-06-28 15:50 - 2011-10-09 20:32 - 00000000 ____D () C:\Users\fix\AppData\Local\Microsoft Help
2014-06-28 15:50 - 2011-07-07 13:14 - 00000000 ____D () C:\Users\fix\AppData\Roaming\Macromedia
2014-06-28 15:50 - 2011-07-07 13:04 - 00001974 _____ () C:\Users\fix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hulu Desktop.lnk
2014-06-28 15:50 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\fix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-28 15:50 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\fix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-28 15:29 - 2014-06-28 15:29 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Guest\Downloads\rkill.exe
2014-06-28 15:29 - 2014-06-28 15:29 - 00001444 _____ () C:\Users\Guest\Desktop\Rkill.txt
2014-06-28 15:20 - 2014-06-28 15:20 - 00000000 ____D () C:\Users\Guest\Downloads\Ref_replace
2014-06-28 15:18 - 2014-06-28 15:19 - 08661655 _____ () C:\Users\Guest\Downloads\Ref_replace.zip
2014-06-28 15:16 - 2014-06-28 15:16 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Guest\Downloads\sc-cleaner.exe
2014-06-28 15:16 - 2014-06-28 15:16 - 00001796 _____ () C:\sc-cleaner.txt
2014-06-28 14:49 - 2014-06-28 15:37 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-28 14:47 - 2014-06-28 15:16 - 00000000 ____D () C:\Users\Guest\Desktop\mbar
2014-06-28 14:45 - 2014-06-28 14:47 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Guest\Downloads\mbar-1.07.0.1012.exe
2014-06-28 14:41 - 2014-06-28 15:51 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-28 14:40 - 2014-06-28 15:14 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-28 14:40 - 2014-06-28 14:40 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-28 14:40 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-28 14:40 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-27 20:58 - 2014-06-27 21:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Guest\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-27 20:56 - 2014-06-27 20:56 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Guest\Downloads\mbam-clean-2.0.2.0.exe
2014-06-27 20:48 - 2014-06-27 20:48 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\InstallShield
2014-06-27 20:46 - 2014-06-27 20:46 - 00000000 ____D () C:\Program Files\SupraSavings
2014-06-27 20:43 - 2014-06-27 20:43 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\NewspaperDirect
2014-06-27 19:41 - 2014-06-27 19:41 - 00000000 ____D () C:\Users\Danielle\AppData\Roaming\Systweak
2014-06-27 10:31 - 2014-06-27 10:31 - 00000000 _____ () C:\Windows\SysWOW64\shoA86E.tmp
2014-06-26 18:12 - 2014-06-26 18:12 - 00289664 _____ () C:\Users\Guest\Downloads\Java (5).exe
2014-06-26 18:12 - 2014-06-26 18:12 - 00289664 _____ () C:\Users\Guest\Downloads\Java (4).exe
2014-06-26 16:13 - 2014-06-26 16:13 - 00000348 _____ () C:\Windows\Tasks\HPCeeScheduleForChristian.job
2014-06-26 16:08 - 2014-06-26 17:28 - 00000003 _____ () C:\Users\Christian\AppData\Local\proxy.log
2014-06-26 12:22 - 2014-06-26 12:22 - 00000000 ____D () C:\Program Files (x86)\F978377C-B7D4-4536-8E10-14CA97B13394
2014-06-26 10:13 - 2014-06-26 10:13 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Systweak
2014-06-25 14:27 - 2014-06-25 14:27 - 00001203 _____ () C:\Users\Public\Desktop\Advanced System Protector.lnk
2014-06-25 14:27 - 2014-06-25 14:27 - 00000000 ____D () C:\ProgramData\Systweak
2014-06-25 14:27 - 2014-06-25 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
2014-06-25 14:27 - 2014-06-25 14:27 - 00000000 ____D () C:\Program Files (x86)\Advanced System Protector
2014-06-25 14:27 - 2012-07-25 12:03 - 00016896 _____ () C:\Windows\system32\sasnative64.exe
2014-06-24 23:13 - 2014-06-24 23:13 - 02024312 _____ (SafeInstall, LLC) C:\Users\Guest\Downloads\vioplayerv.exe
2014-06-24 19:21 - 2014-06-24 19:21 - 00000044 _____ () C:\Users\Guest\AppData\Roaming\WB.CFG
2014-06-24 19:06 - 2014-06-09 12:08 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}w64.sys
2014-06-22 20:29 - 2014-06-22 20:29 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-06-22 20:29 - 2014-06-22 20:29 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-06-22 20:29 - 2014-06-22 20:29 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-06-22 20:29 - 2014-06-22 20:29 - 00000320 _____ () C:\Users\Guest\AppData\Roaming\aps.uninstall.scan.results
2014-06-22 20:20 - 2014-06-22 20:20 - 00623616 _____ (Click Me In Limited) C:\Users\Guest\AppData\Local\nsr2A6D.tmp
2014-06-22 20:08 - 2014-06-17 13:51 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}Gw64.sys
2014-06-22 19:22 - 2014-06-25 14:27 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Systweak
2014-06-22 19:22 - 2014-06-22 19:22 - 00001052 _____ () C:\Users\Public\Desktop\RegClean Pro.lnk
2014-06-22 19:22 - 2014-06-22 19:22 - 00000284 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-06-22 19:22 - 2014-06-22 19:22 - 00000276 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-06-22 19:22 - 2014-06-22 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
2014-06-22 19:22 - 2014-04-25 14:49 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-06-22 19:21 - 2014-06-22 19:22 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro
2014-06-22 19:10 - 2014-06-22 19:14 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-06-22 19:10 - 2014-06-22 19:10 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\SupTab
2014-06-22 19:10 - 2014-06-22 19:10 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-06-22 19:07 - 2014-06-28 15:11 - 00000000 ____D () C:\Program Files\003
2014-06-22 18:59 - 2014-06-22 18:59 - 00290176 _____ () C:\Users\Guest\Downloads\Java (3).exe
2014-06-22 18:59 - 2014-06-22 18:59 - 00290176 _____ () C:\Users\Guest\Downloads\Java (2).exe
2014-06-22 18:40 - 2014-06-22 18:40 - 00290176 _____ () C:\Users\Guest\Downloads\Java.exe
2014-06-22 18:40 - 2014-06-22 18:40 - 00290136 _____ () C:\Users\Guest\Downloads\Java (1).exe
2014-06-20 12:56 - 2014-06-20 12:56 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8cc1c01aa7b8.job
2014-06-17 21:27 - 2014-06-27 20:45 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-06-17 21:27 - 2014-06-27 19:53 - 00000003 _____ () C:\Users\Guest\AppData\Local\proxy.log
2014-06-17 21:27 - 2014-06-17 21:27 - 00000344 _____ () C:\Windows\Tasks\bench-S-1-5-21-2526211561-571015044-2383693603-501.job
2014-06-12 12:05 - 2014-06-12 12:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-06-11 17:40 - 2014-06-11 17:40 - 00000017 _____ () C:\Windows\SysWOW64\shortcut_ex.dat
2014-06-11 09:46 - 2014-05-30 03:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 09:46 - 2014-05-30 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 09:46 - 2014-05-30 03:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 09:46 - 2014-05-30 02:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 09:46 - 2014-05-30 02:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 09:46 - 2014-05-30 02:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 09:46 - 2014-05-30 02:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 09:46 - 2014-05-30 02:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 09:46 - 2014-05-30 02:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 09:46 - 2014-05-30 02:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 09:46 - 2014-05-30 02:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 09:46 - 2014-05-30 02:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 09:46 - 2014-05-30 02:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 09:46 - 2014-05-30 02:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 09:46 - 2014-05-30 02:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 09:46 - 2014-05-30 02:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 09:46 - 2014-05-30 02:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 09:46 - 2014-05-30 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 09:46 - 2014-05-30 01:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 09:46 - 2014-05-30 01:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 09:46 - 2014-05-30 01:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 09:46 - 2014-05-30 01:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 09:46 - 2014-05-30 01:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 09:46 - 2014-05-30 01:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 09:46 - 2014-05-30 01:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 09:46 - 2014-05-30 01:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 09:46 - 2014-05-30 01:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 09:46 - 2014-05-30 01:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 09:46 - 2014-05-30 01:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 09:46 - 2014-05-30 01:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 09:46 - 2014-05-30 01:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 09:46 - 2014-05-30 01:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 09:46 - 2014-05-30 01:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 09:46 - 2014-05-30 01:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 09:46 - 2014-05-30 01:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 09:46 - 2014-05-30 01:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 09:46 - 2014-05-30 01:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 09:46 - 2014-05-30 01:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 09:46 - 2014-05-30 01:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 09:46 - 2014-05-30 01:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 09:46 - 2014-05-30 00:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 09:46 - 2014-05-30 00:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 09:46 - 2014-05-30 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 09:46 - 2014-05-30 00:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 09:46 - 2014-05-30 00:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 09:46 - 2014-05-30 00:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 09:46 - 2014-05-30 00:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 09:46 - 2014-05-30 00:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 09:46 - 2014-05-30 00:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 09:46 - 2014-05-30 00:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 09:46 - 2014-05-30 00:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 09:46 - 2014-05-30 00:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 09:40 - 2014-04-24 19:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 09:40 - 2014-04-24 19:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 09:40 - 2014-04-04 19:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 09:40 - 2014-04-04 19:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 09:39 - 2014-05-08 02:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 09:39 - 2014-05-08 02:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 09:39 - 2014-03-26 07:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 09:39 - 2014-03-26 07:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 09:39 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 09:39 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 09:39 - 2014-03-26 07:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 09:39 - 2014-03-26 07:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 09:39 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 09:39 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 09:34 - 2014-06-08 02:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 09:34 - 2014-06-08 02:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-05 19:08 - 2014-06-05 19:08 - 00000000 ____D () C:\Users\Danielle\Desktop\(19 unread) - danistil2003 - Yahoo Mail_files
2014-06-05 19:07 - 2014-06-05 19:08 - 00484270 _____ () C:\Users\Danielle\Desktop\(19 unread) - danistil2003 - Yahoo Mail.htm
2014-06-05 19:06 - 2014-06-05 19:07 - 07097700 _____ () C:\Users\Danielle\Downloads\Attachments_201465 (1).zip
2014-06-05 19:04 - 2014-06-05 19:06 - 05326195 _____ () C:\Users\Danielle\Downloads\Attachments_201465.zip
2014-06-02 06:17 - 2014-06-02 06:17 - 02061584 _____ () C:\Users\Danielle\Desktop\pic of knee.htm
2014-06-02 06:17 - 2014-06-02 06:17 - 00000000 ____D () C:\Users\Danielle\Desktop\pic of knee_files

==================== One Month Modified Files and Folders =======

2014-06-28 15:57 - 2014-06-28 15:57 - 00020480 _____ () C:\Users\fix\Downloads\FRST.txt
2014-06-28 15:57 - 2014-06-28 15:57 - 00000000 ____D () C:\FRST
2014-06-28 15:56 - 2014-06-28 15:55 - 02083328 _____ (Farbar) C:\Users\fix\Downloads\FRST64.exe
2014-06-28 15:56 - 2011-09-22 16:08 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-28 15:54 - 2014-06-28 15:54 - 00000000 ____D () C:\Users\fix\AppData\Roaming\Hewlett-Packard
2014-06-28 15:51 - 2014-06-28 15:51 - 00000000 ____D () C:\Users\fix\AppData\Local\CrashDumps
2014-06-28 15:51 - 2014-06-28 14:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-28 15:50 - 2014-06-28 15:50 - 00001415 _____ () C:\Users\fix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-28 15:50 - 2014-06-28 15:50 - 00000020 ___SH () C:\Users\fix\ntuser.ini
2014-06-28 15:50 - 2014-06-28 15:50 - 00000000 ____D () C:\Users\fix\AppData\Roaming\Apple Computer
2014-06-28 15:50 - 2014-06-28 15:50 - 00000000 ____D () C:\Users\fix\AppData\Roaming\Adobe
2014-06-28 15:50 - 2014-06-28 15:50 - 00000000 ____D () C:\Users\fix\AppData\Local\Google
2014-06-28 15:50 - 2014-06-28 15:50 - 00000000 ____D () C:\Users\fix
2014-06-28 15:50 - 2009-07-13 21:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-28 15:48 - 2009-07-13 21:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-28 15:48 - 2009-07-13 21:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-28 15:47 - 2011-09-11 16:44 - 00000000 ____D () C:\Users\Danielle\AppData\Local\CrashDumps
2014-06-28 15:47 - 2011-09-05 16:04 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4F5F3FCB-1939-4E95-8EE1-CA2DBEC447E0}
2014-06-28 15:46 - 2009-07-13 22:13 - 00802040 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-28 15:44 - 2012-06-27 14:22 - 00000000 ____D () C:\Users\Guest\AppData\Local\CrashDumps
2014-06-28 15:44 - 2011-09-05 15:46 - 01361750 _____ () C:\Windows\WindowsUpdate.log
2014-06-28 15:41 - 2011-07-07 13:15 - 00000000 ____D () C:\ProgramData\PDFC
2014-06-28 15:38 - 2014-05-22 20:41 - 00008018 _____ () C:\Windows\setupact.log
2014-06-28 15:38 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-28 15:37 - 2014-06-28 14:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-28 15:35 - 2012-06-21 09:16 - 00000000 ____D () C:\Users\Public\Documents\World of Warcraft
2014-06-28 15:29 - 2014-06-28 15:29 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Guest\Downloads\rkill.exe
2014-06-28 15:29 - 2014-06-28 15:29 - 00001444 _____ () C:\Users\Guest\Desktop\Rkill.txt
2014-06-28 15:20 - 2014-06-28 15:20 - 00000000 ____D () C:\Users\Guest\Downloads\Ref_replace
2014-06-28 15:19 - 2014-06-28 15:18 - 08661655 _____ () C:\Users\Guest\Downloads\Ref_replace.zip
2014-06-28 15:16 - 2014-06-28 15:16 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Guest\Downloads\sc-cleaner.exe
2014-06-28 15:16 - 2014-06-28 15:16 - 00001796 _____ () C:\sc-cleaner.txt
2014-06-28 15:16 - 2014-06-28 14:47 - 00000000 ____D () C:\Users\Guest\Desktop\mbar
2014-06-28 15:14 - 2014-06-28 14:40 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-28 15:11 - 2014-06-22 19:07 - 00000000 ____D () C:\Program Files\003
2014-06-28 15:11 - 2014-05-22 20:41 - 00384604 _____ () C:\Windows\PFRO.log
2014-06-28 15:11 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-06-28 14:47 - 2014-06-28 14:45 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Guest\Downloads\mbar-1.07.0.1012.exe
2014-06-28 14:40 - 2014-06-28 14:40 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-27 21:00 - 2014-06-27 20:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Guest\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-27 20:56 - 2014-06-27 20:56 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Guest\Downloads\mbam-clean-2.0.2.0.exe
2014-06-27 20:48 - 2014-06-27 20:48 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\InstallShield
2014-06-27 20:46 - 2014-06-27 20:46 - 00000000 ____D () C:\Program Files\SupraSavings
2014-06-27 20:45 - 2014-06-17 21:27 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-06-27 20:45 - 2014-05-12 17:43 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
2014-06-27 20:45 - 2011-07-07 13:20 - 00000000 ____D () C:\ProgramData\Norton
2014-06-27 20:43 - 2014-06-27 20:43 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\NewspaperDirect
2014-06-27 20:41 - 2012-04-24 15:13 - 00001427 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-27 20:30 - 2011-07-07 12:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-27 20:29 - 2012-04-24 15:13 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer
2014-06-27 20:29 - 2011-09-22 16:42 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-06-27 20:28 - 2011-07-07 13:05 - 00000000 ____D () C:\Program Files (x86)\Cyberlink
2014-06-27 20:21 - 2011-07-07 13:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2014-06-27 20:06 - 2009-07-13 19:34 - 00000623 _____ () C:\Windows\win.ini
2014-06-27 19:53 - 2014-06-17 21:27 - 00000003 _____ () C:\Users\Guest\AppData\Local\proxy.log
2014-06-27 19:41 - 2014-06-27 19:41 - 00000000 ____D () C:\Users\Danielle\AppData\Roaming\Systweak
2014-06-27 10:31 - 2014-06-27 10:31 - 00000000 _____ () C:\Windows\SysWOW64\shoA86E.tmp
2014-06-26 19:11 - 2014-05-20 20:08 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForDanielle.job
2014-06-26 18:12 - 2014-06-26 18:12 - 00289664 _____ () C:\Users\Guest\Downloads\Java (5).exe
2014-06-26 18:12 - 2014-06-26 18:12 - 00289664 _____ () C:\Users\Guest\Downloads\Java (4).exe
2014-06-26 17:28 - 2014-06-26 16:08 - 00000003 _____ () C:\Users\Christian\AppData\Local\proxy.log
2014-06-26 17:27 - 2014-03-11 09:19 - 00000000 ____D () C:\Users\Christian\AppData\Local\Deployment
2014-06-26 16:13 - 2014-06-26 16:13 - 00000348 _____ () C:\Windows\Tasks\HPCeeScheduleForChristian.job
2014-06-26 12:22 - 2014-06-26 12:22 - 00000000 ____D () C:\Program Files (x86)\F978377C-B7D4-4536-8E10-14CA97B13394
2014-06-26 10:13 - 2014-06-26 10:13 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Systweak
2014-06-26 09:56 - 2012-04-24 15:13 - 00000000 ____D () C:\Users\Guest
2014-06-25 14:27 - 2014-06-25 14:27 - 00001203 _____ () C:\Users\Public\Desktop\Advanced System Protector.lnk
2014-06-25 14:27 - 2014-06-25 14:27 - 00000000 ____D () C:\ProgramData\Systweak
2014-06-25 14:27 - 2014-06-25 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
2014-06-25 14:27 - 2014-06-25 14:27 - 00000000 ____D () C:\Program Files (x86)\Advanced System Protector
2014-06-25 14:27 - 2014-06-22 19:22 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Systweak
2014-06-24 23:13 - 2014-06-24 23:13 - 02024312 _____ (SafeInstall, LLC) C:\Users\Guest\Downloads\vioplayerv.exe
2014-06-24 19:21 - 2014-06-24 19:21 - 00000044 _____ () C:\Users\Guest\AppData\Roaming\WB.CFG
2014-06-22 20:29 - 2014-06-22 20:29 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-06-22 20:29 - 2014-06-22 20:29 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-06-22 20:29 - 2014-06-22 20:29 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-06-22 20:29 - 2014-06-22 20:29 - 00000320 _____ () C:\Users\Guest\AppData\Roaming\aps.uninstall.scan.results
2014-06-22 20:20 - 2014-06-22 20:20 - 00623616 _____ (Click Me In Limited) C:\Users\Guest\AppData\Local\nsr2A6D.tmp
2014-06-22 19:22 - 2014-06-22 19:22 - 00001052 _____ () C:\Users\Public\Desktop\RegClean Pro.lnk
2014-06-22 19:22 - 2014-06-22 19:22 - 00000284 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-06-22 19:22 - 2014-06-22 19:22 - 00000276 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-06-22 19:22 - 2014-06-22 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
2014-06-22 19:22 - 2014-06-22 19:21 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro
2014-06-22 19:14 - 2014-06-22 19:10 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-06-22 19:10 - 2014-06-22 19:10 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\SupTab
2014-06-22 19:10 - 2014-06-22 19:10 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-06-22 18:59 - 2014-06-22 18:59 - 00290176 _____ () C:\Users\Guest\Downloads\Java (3).exe
2014-06-22 18:59 - 2014-06-22 18:59 - 00290176 _____ () C:\Users\Guest\Downloads\Java (2).exe
2014-06-22 18:40 - 2014-06-22 18:40 - 00290176 _____ () C:\Users\Guest\Downloads\Java.exe
2014-06-22 18:40 - 2014-06-22 18:40 - 00290136 _____ () C:\Users\Guest\Downloads\Java (1).exe
2014-06-21 11:48 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-06-20 12:56 - 2014-06-20 12:56 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8cc1c01aa7b8.job
2014-06-17 21:27 - 2014-06-17 21:27 - 00000344 _____ () C:\Windows\Tasks\bench-S-1-5-21-2526211561-571015044-2383693603-501.job
2014-06-17 21:27 - 2013-12-18 17:26 - 00000000 ____D () C:\temp
2014-06-17 21:26 - 2014-05-12 17:41 - 00000000 ____D () C:\Program Files\pcreg
2014-06-17 13:51 - 2014-06-22 20:08 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}Gw64.sys
2014-06-15 07:31 - 2011-09-06 11:09 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-06-15 07:11 - 2014-05-20 20:08 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDanielle
2014-06-14 21:04 - 2012-08-22 14:26 - 00003224 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDANIELLE-HP$
2014-06-14 21:04 - 2012-08-22 14:26 - 00000348 _____ () C:\Windows\Tasks\HPCeeScheduleForDANIELLE-HP$.job
2014-06-14 14:57 - 2009-07-13 22:08 - 00032544 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-13 14:59 - 2011-10-02 14:26 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-12 12:05 - 2014-06-12 12:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-06-11 17:40 - 2014-06-11 17:40 - 00000017 _____ () C:\Windows\SysWOW64\shortcut_ex.dat
2014-06-11 14:38 - 2013-09-28 16:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 14:34 - 2013-09-28 16:37 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 14:34 - 2011-10-09 17:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-11 14:31 - 2014-05-06 06:42 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-09 12:08 - 2014-06-24 19:06 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}w64.sys
2014-06-08 02:13 - 2014-06-11 09:34 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 02:08 - 2014-06-11 09:34 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-05 19:08 - 2014-06-05 19:08 - 00000000 ____D () C:\Users\Danielle\Desktop\(19 unread) - danistil2003 - Yahoo Mail_files
2014-06-05 19:08 - 2014-06-05 19:07 - 00484270 _____ () C:\Users\Danielle\Desktop\(19 unread) - danistil2003 - Yahoo Mail.htm
2014-06-05 19:07 - 2014-06-05 19:06 - 07097700 _____ () C:\Users\Danielle\Downloads\Attachments_201465 (1).zip
2014-06-05 19:06 - 2014-06-05 19:04 - 05326195 _____ () C:\Users\Danielle\Downloads\Attachments_201465.zip
2014-06-02 06:17 - 2014-06-02 06:17 - 02061584 _____ () C:\Users\Danielle\Desktop\pic of knee.htm
2014-06-02 06:17 - 2014-06-02 06:17 - 00000000 ____D () C:\Users\Danielle\Desktop\pic of knee_files
2014-05-30 03:21 - 2014-06-11 09:46 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 03:02 - 2014-06-11 09:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 03:02 - 2014-06-11 09:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 02:45 - 2014-06-11 09:46 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 02:39 - 2014-06-11 09:46 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 02:39 - 2014-06-11 09:46 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 02:38 - 2014-06-11 09:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 02:28 - 2014-06-11 09:46 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 02:27 - 2014-06-11 09:46 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 02:24 - 2014-06-11 09:46 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 02:21 - 2014-06-11 09:46 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 02:21 - 2014-06-11 09:46 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 02:20 - 2014-06-11 09:46 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 02:18 - 2014-06-11 09:46 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 02:11 - 2014-06-11 09:46 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 02:08 - 2014-06-11 09:46 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 02:06 - 2014-06-11 09:46 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 02:02 - 2014-06-11 09:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 01:55 - 2014-06-11 09:46 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 01:49 - 2014-06-11 09:46 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 01:46 - 2014-06-11 09:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 01:44 - 2014-06-11 09:46 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 01:44 - 2014-06-11 09:46 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 01:43 - 2014-06-11 09:46 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 01:42 - 2014-06-11 09:46 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 01:38 - 2014-06-11 09:46 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 01:35 - 2014-06-11 09:46 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 01:34 - 2014-06-11 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 01:33 - 2014-06-11 09:46 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 01:30 - 2014-06-11 09:46 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 01:29 - 2014-06-11 09:46 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 01:28 - 2014-06-11 09:46 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 01:27 - 2014-06-11 09:46 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 01:24 - 2014-06-11 09:46 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 01:23 - 2014-06-11 09:46 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 01:16 - 2014-06-11 09:46 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 01:10 - 2014-06-11 09:46 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 01:06 - 2014-06-11 09:46 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 01:04 - 2014-06-11 09:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 01:02 - 2014-06-11 09:46 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 00:56 - 2014-06-11 09:46 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 00:56 - 2014-06-11 09:46 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 00:54 - 2014-06-11 09:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 00:50 - 2014-06-11 09:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 00:49 - 2014-06-11 09:46 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 00:43 - 2014-06-11 09:46 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 00:40 - 2014-06-11 09:46 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 00:30 - 2014-06-11 09:46 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 00:21 - 2014-06-11 09:46 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 00:15 - 2014-06-11 09:46 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 00:13 - 2014-06-11 09:46 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 00:13 - 2014-06-11 09:46 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Christian\AppData\Local\Temp\cabex.dll
C:\Users\Christian\AppData\Local\Temp\ezmzMsg.dll
C:\Users\Christian\AppData\Local\Temp\file_3750912636.exe
C:\Users\Christian\AppData\Local\Temp\SendMsg.dll
C:\Users\Christian\AppData\Local\Temp\sp64126.exe
C:\Users\Christian\AppData\Local\Temp\unelevate.exe
C:\Users\Christian\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Christian\AppData\Local\Temp\uttDFA8.tmp.exe
C:\Users\Christian\AppData\Local\Temp\vbmz4.exe
C:\Users\Danielle\AppData\Local\Temp\cabex.dll
C:\Users\Danielle\AppData\Local\Temp\nsb8317.exe
C:\Users\Danielle\AppData\Local\Temp\nsc494.tmp.exe
C:\Users\Danielle\AppData\Local\Temp\nsj8473.exe
C:\Users\Danielle\AppData\Local\Temp\nst28F7.exe
C:\Users\Danielle\AppData\Local\Temp\nst2C04.exe
C:\Users\Danielle\AppData\Local\Temp\nst880C.exe
C:\Users\Danielle\AppData\Local\Temp\Quarantine.exe
C:\Users\Danielle\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Danielle\AppData\Local\Temp\System.Data.SQLite43710.dll
C:\Users\Danielle\AppData\Local\Temp\tu17p84.exe
C:\Users\Guest\AppData\Local\Temp\BackupSetup.exe
C:\Users\Guest\AppData\Local\Temp\file_to_run551895.exe
C:\Users\Guest\AppData\Local\Temp\nscEA14.exe
C:\Users\Guest\AppData\Local\Temp\nscEEF5.exe
C:\Users\Guest\AppData\Local\Temp\nsm4C73.exe
C:\Users\Guest\AppData\Local\Temp\nsx481F.exe
C:\Users\Guest\AppData\Local\Temp\SPSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-21 11:40

==================== End Of Log ============================



Addition is an attachment due to length.

Addition.txt

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello arzachel and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall the following programs:

Advanced System Protector

RegClean-Pro

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Threat Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • A new fresh FRST log
Link to post
Share on other sites
arzachel

arzachel

Posted
  • Author
Posted

I very much appreciate the help but:

 

The first things  I said in my post are:

 

step 1: I cannot uninstall regclean pro/advanced system defender - the uninstaller for either of these programs freezes as soon as the icon appears on the windows taskbar, and does not do anything further other than appear on the taskbar.

 

step 2: I cannot update nor run any scans with malwarebytes - the program crashes in either scenario. Tried every different scan (before coming to ask for help)

 

thank you for your time: I didn't post any logs because I haven't made any changes :)

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Okay, let's try to work this way:

  • On a clean machine, please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system.

    Plug the flashdrive into the infected PC.

  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:

    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.

    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

    To enter System Recovery Options by using Windows installation disc:

    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:

    Startup Repair

    System Restore

    Windows Complete PC Restore

    Windows Memory Diagnostic Tool

    Command Prompt

    Select Command Prompt

  • Once in the Command Prompt:
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter

      Note: Replace letter e with the drive letter of your flash drive.

    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Link to post
Share on other sites
  • 4 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept