Please help

xterling · April 15, 2015

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2015

Ran by Joe (administrator) on OFFICE on 15-04-2015 01:50:21

Running from C:\Users\Joe\Desktop

Loaded Profiles: Joe (Available profiles: Joe & Studio)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool:

CHR HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Joe\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [cfiifhkkcanjbocdngcinebbnhabiccf] - C:\ProgramData\SaveAs\cfiifhkkcanjbocdngcinebbnhabiccf.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [cikkkfooompgefbcjlgdjejfdknkheaj] - C:\Program Files (x86)\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [gpiifgmgnfdiblgpaepbmfdkcheicgof] - C:\Program Files (x86)\Common Files\Spigot\GC\nta_1.0_0.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [jelaaoalhilpjlbbgcgimkdaeebdjbff] - C:\ProgramData\Bcool\jelaaoalhilpjlbbgcgimkdaeebdjbff.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Joe\AppData\Local\Torch\Plugins\TorchPlugin.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Joe\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx [2013-08-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2015-01-30] (Adobe Systems Incorporated)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)

R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-27] (NVIDIA Corporation)

R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-27] ()

R2 MSSQL$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]

S3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-27] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-27] (NVIDIA Corporation)

R2 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2938880 2012-05-18] (PACE Anti-Piracy, Inc.) [File not signed]

R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [485400 2014-10-03] (Sony Corporation)

R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)

R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-02-25] (Enigma Software Group USA, LLC.)

S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()

S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)

R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2014-10-24] (Enigma Software Group USA, LLC.)

S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2014-10-24] ()

S3 evserial; C:\Windows\System32\DRIVERS\evserial.sys [67072 2008-05-19] (ELTIMA Software)

R3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25752 2012-05-16] ()

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)

R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [56008 2015-03-26] (Kaspersky Lab ZAO)

R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [151240 2014-11-28] (Kaspersky Lab ZAO)

R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [245960 2014-10-22] (Kaspersky Lab ZAO)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [842440 2015-03-26] (Kaspersky Lab ZAO)

R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30920 2014-10-10] (Kaspersky Lab ZAO)

R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [30920 2014-10-30] (Kaspersky Lab ZAO)

R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)

R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)

R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [57032 2014-10-09] (Kaspersky Lab ZAO)

R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77000 2014-11-22] (Kaspersky Lab ZAO)

R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [181960 2014-11-10] (Kaspersky Lab ZAO)

S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2013-03-14] (http://libusb-win32.sourceforge.net)

R3 MBOXPRO; C:\Windows\System32\DRIVERS\AvidMboxPro.sys [436528 2012-02-23] (Avid)

S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-27] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)

R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)

U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-04] ()

R3 VSBC; C:\Windows\System32\DRIVERS\evsbc.sys [32768 2008-05-19] (ELTIMA Software)

S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2014-07-31] (Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 01:50 - 2015-04-15 01:50 - 02096640 _____ (Farbar) C:\Users\Joe\Desktop\FRST64.exe

2015-04-15 01:50 - 2015-04-15 01:50 - 00030851 _____ () C:\Users\Joe\Desktop\FRST.txt

2015-04-15 01:47 - 2015-04-15 01:47 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Joe\Desktop\mbam-setup-2.1.4.1018.exe

2015-04-15 01:45 - 2015-04-15 01:45 - 00000000 ____D () C:\Users\Joe\AppData\Local\FileMaintenance

2015-04-15 01:40 - 2015-04-15 01:40 - 00002615 _____ () C:\Users\Public\Desktop\JuiceCalculator.lnk

2015-04-15 01:40 - 2015-04-15 01:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JuiceCalculator

2015-04-15 01:40 - 2015-04-15 01:40 - 00000000 ____D () C:\Program Files (x86)\EJuiceCalculator

2015-04-14 20:39 - 2015-04-14 20:39 - 00000000 ____D () C:\Users\Joe\AppData\Local\openvr

2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX

2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX

2015-03-31 23:21 - 2015-04-15 01:26 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-03-31 23:21 - 2015-04-14 23:26 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-03-31 23:21 - 2015-03-31 23:21 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-03-31 23:21 - 2015-03-31 23:21 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-03-30 22:51 - 2015-03-13 15:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

2015-03-30 22:51 - 2015-03-13 15:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2015-03-30 22:51 - 2015-03-13 15:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2015-03-30 22:51 - 2015-03-13 15:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2015-03-30 22:51 - 2015-03-13 15:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2015-03-30 22:51 - 2015-03-13 15:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2015-03-30 22:51 - 2015-03-13 15:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2015-03-30 22:51 - 2015-03-13 15:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2015-03-30 22:51 - 2015-03-13 15:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2015-03-30 22:51 - 2015-03-13 15:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2015-03-30 22:51 - 2015-03-13 15:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2015-03-30 22:51 - 2015-03-13 15:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2015-03-30 22:51 - 2015-03-13 15:41 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2015-03-30 22:51 - 2015-03-13 15:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll

2015-03-30 22:51 - 2015-03-13 15:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll

2015-03-30 22:51 - 2015-03-13 15:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll

2015-03-30 22:51 - 2015-03-13 15:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2015-03-30 22:51 - 2015-03-13 15:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2015-03-30 22:51 - 2015-03-13 15:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2015-03-30 22:51 - 2015-03-13 15:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2015-03-30 22:51 - 2015-03-13 15:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2015-03-30 22:51 - 2015-03-13 15:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll

2015-03-30 22:51 - 2015-03-13 15:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2015-03-30 22:51 - 2015-03-13 15:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll

2015-03-30 22:51 - 2015-03-13 15:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2015-03-29 12:16 - 2015-03-29 12:16 - 00001754 _____ () C:\Users\Joe\Desktop\Black Mesa.lnk

2015-03-27 21:45 - 2015-04-14 20:39 - 00000000 ____D () C:\Program Files (x86)\Steam

2015-03-27 21:45 - 2015-03-27 21:45 - 00000963 _____ () C:\Users\Public\Desktop\Steam.lnk

2015-03-27 21:45 - 2015-03-27 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

2015-03-24 16:33 - 2015-03-11 00:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-03-24 16:33 - 2015-03-11 00:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2015-03-24 16:33 - 2015-03-11 00:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2015-03-24 16:33 - 2015-03-11 00:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2015-03-24 16:33 - 2015-03-11 00:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2015-03-24 16:33 - 2015-03-11 00:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2015-03-24 16:33 - 2015-03-11 00:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2015-03-24 16:33 - 2015-03-11 00:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2015-03-16 20:04 - 2015-03-16 20:03 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2015-03-16 19:56 - 2015-03-18 18:40 - 00000000 ____D () C:\ProgramData\AVAST Software

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 01:50 - 2015-02-26 23:00 - 00000000 ____D () C:\FRST

2015-04-15 01:40 - 2014-11-17 22:13 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\JuiceCalculator

2015-04-15 01:40 - 2013-05-19 00:31 - 00000000 ____D () C:\Users\Joe\AppData\Local\Downloaded Installations

2015-04-15 01:27 - 2013-04-24 22:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-04-15 01:21 - 2013-11-15 11:21 - 00639168 _____ () C:\Windows\setupact.log

2015-04-15 01:15 - 2014-07-04 01:10 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2048471247-995751312-864157879-1000UA.job

2015-04-15 01:15 - 2014-07-04 01:10 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2048471247-995751312-864157879-1000Core.job

2015-04-15 01:05 - 2015-03-02 22:19 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2015-04-15 00:31 - 2009-07-14 00:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-04-15 00:31 - 2009-07-14 00:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-04-14 21:35 - 2014-11-17 22:13 - 00000000 ____D () C:\Users\Joe\Documents\JuiceCalculator

2015-04-14 20:50 - 2012-11-04 14:15 - 01700493 _____ () C:\Windows\WindowsUpdate.log

2015-04-14 20:39 - 2013-01-09 21:49 - 00000000 ____D () C:\Users\Joe\AppData\Local\Adobe

2015-04-13 21:12 - 2009-07-14 01:13 - 00823836 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-04-13 21:07 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-04-13 21:05 - 2012-11-04 16:03 - 00000000 ____D () C:\Users\Joe\Documents\Outlook Files

2015-04-12 09:21 - 2014-08-24 09:57 - 00000000 ____D () C:\Users\Joe\Documents\My Labels

2015-04-11 20:58 - 2014-07-19 15:36 - 00000000 ____D () C:\Users\Joe\Documents\EJuice Recipes

2015-04-05 08:22 - 2015-03-08 07:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-04-04 11:23 - 2015-03-05 22:18 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2015-04-01 06:06 - 2014-06-01 21:32 - 00000000 ____D () C:\ProgramData\CanonIJPLM

2015-04-01 05:39 - 2010-11-20 23:47 - 00833328 _____ () C:\Windows\PFRO.log

2015-03-31 23:22 - 2012-11-04 15:28 - 00000000 ____D () C:\Users\Joe\AppData\Local\Google

2015-03-31 23:22 - 2012-11-04 15:28 - 00000000 ____D () C:\Program Files (x86)\Google

2015-03-31 23:16 - 2014-05-11 22:45 - 00000000 ____D () C:\temp

2015-03-31 22:13 - 2012-11-04 14:29 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-03-30 22:52 - 2012-11-04 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

2015-03-30 22:52 - 2012-11-04 14:28 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

2015-03-30 22:52 - 2012-11-04 14:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

2015-03-27 23:44 - 2014-06-03 22:30 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll

2015-03-27 23:44 - 2013-12-01 13:35 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll

2015-03-27 23:43 - 2014-06-03 22:30 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll

2015-03-27 23:43 - 2013-12-01 13:35 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll

2015-03-27 21:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF

2015-03-26 05:10 - 2015-03-02 22:19 - 00842440 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys

2015-03-26 05:10 - 2014-08-19 13:31 - 00056008 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kldisk.sys

2015-03-25 20:18 - 2014-12-11 04:19 - 00000000 ____D () C:\Windows\system32\appraiser

2015-03-25 20:18 - 2014-05-06 21:45 - 00000000 ___SD () C:\Windows\system32\CompatTel

2015-03-20 21:32 - 2014-06-16 23:13 - 00002785 _____ () C:\Users\Public\Desktop\eJuice Me Up.lnk

2015-03-16 23:23 - 2014-05-25 21:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-03-16 20:03 - 2014-10-19 09:34 - 00191400 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2015-03-16 20:03 - 2014-10-19 09:34 - 00190888 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2015-03-16 20:03 - 2014-10-19 09:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2015-03-16 20:03 - 2013-05-01 23:14 - 00000000 ____D () C:\Program Files (x86)\Java

2015-03-16 20:02 - 2013-04-24 22:46 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-03-16 20:02 - 2013-04-24 22:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-03-16 20:02 - 2013-04-24 22:46 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-03-16 19:30 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

==================== Files in the root of some directories =======

2015-02-12 22:54 - 2015-02-12 22:54 - 0000000 _____ () C:\Users\Joe\AppData\Roaming\1E2.tmp

2013-04-13 15:25 - 2014-06-01 23:00 - 0000132 _____ () C:\Users\Joe\AppData\Roaming\Adobe BMP Format CS6 Prefs

2014-10-28 00:06 - 2014-11-08 08:05 - 0000004 _____ () C:\Users\Joe\AppData\Roaming\appdataFr2.bin

2013-05-27 11:23 - 2013-05-27 11:23 - 0000000 _____ () C:\Users\Joe\AppData\Roaming\bitlord_log.txt

2014-09-24 07:44 - 2014-09-24 07:44 - 0002258 _____ () C:\Users\Joe\AppData\Local\0E573315C9FE4442A821BB71EE4B9688.Havana Mist Co. 2.lbx

2014-08-03 10:16 - 2014-08-03 10:16 - 0001971 _____ () C:\Users\Joe\AppData\Local\63D9F3CACFD242ddBB80203A91870287.Layout2.lbx

2014-08-16 03:21 - 2014-08-16 03:21 - 0001962 _____ () C:\Users\Joe\AppData\Local\6C598F6581C64858BEE9D05BCAA5A999.Layout2.lbx

2014-08-17 14:48 - 2014-08-17 14:48 - 0001858 _____ () C:\Users\Joe\AppData\Local\7691DFF693A94f8cACC23A02BC50C5BF.Layout1.lbx

2013-12-11 00:46 - 2013-12-11 00:46 - 144752885 _____ () C:\Users\Joe\AppData\Local\ACCCx2_2_1_260.zip.aamdownload

2013-12-11 00:46 - 2013-12-11 00:46 - 0001817 _____ () C:\Users\Joe\AppData\Local\ACCCx2_2_1_260.zip.aamdownload.aamd

2012-11-04 15:53 - 2012-11-04 15:53 - 0004608 _____ () C:\Users\Joe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-08-09 13:32 - 2014-08-09 13:32 - 0001867 _____ () C:\Users\Joe\AppData\Local\E5A3B4C20C0749b28C5529AA8D7201FA.Layout2.lbx

2014-05-10 23:25 - 2014-05-10 23:25 - 0000091 _____ () C:\Users\Joe\AppData\Local\fusioncache.dat

2013-05-27 11:25 - 2013-05-27 11:25 - 0000218 _____ () C:\Users\Joe\AppData\Local\recently-used.xbel

2013-03-03 18:05 - 2014-03-12 20:45 - 0000795 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

2015-02-15 12:46 - 2015-02-15 13:06 - 0010938 _____ () C:\ProgramData\StreamingMediaTechnologyLog.txt

Files to move or delete:

====================

C:\Users\Joe\FRST64.exe

Some content of TEMP:

====================

C:\Users\Joe\AppData\Local\Temp\dllnt_dump.dll

C:\Users\Joe\AppData\Local\Temp\Nv3DVisionIePlugin.dll

C:\Users\Joe\AppData\Local\Temp\Nv3DVStreaming.dll

C:\Users\Joe\AppData\Local\Temp\Nv3DVStreaming64.dll

C:\Users\Joe\AppData\Local\Temp\Nv3DVStreamingIePlugin.dll

C:\Users\Joe\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\Joe\AppData\Local\Temp\nvSCPAPISvr.exe

C:\Users\Joe\AppData\Local\Temp\nvStInst.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-14 00:18

==================== End Of Log ============================

Addition.txt

FRST.txt

TwinHeadedEagle · April 15, 2015

Hello,

Can you describe your problem?

xterling · April 15, 2015

Malwarebytes Pro won't install. A couple of weeks back my proxy settings kept changing. I've used various malware removal software and the proxy issue seems to have gone away, but I'm not sure if I'm still infected or not. Thank you for the quick reply!

TwinHeadedEagle · April 15, 2015

I still see some malware remnants:

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

Uninstall outdated Malwarebytes' Anti-Malware

Please download MBAM-clean and save it to your desktop.

Right-click on mbam-clean.exe icon and select Run as Administrator to start the tool.
It will ask you to reboot the machine - please do so.

After that follow my next instructions to download & install the newset MBAM version.

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

Install the progam and select update.
Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
Click the Scan tab, choose Threat Scan is checked and click Scan Now.
If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs and double-click the Scan Log.
At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

fixlist.txt

xterling · April 15, 2015

Hello THE,

I've followed all the instructions up to the installation of malwarebytes. It still won't install. I get a "error 5: access is denied". Here is the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-04-2015 04

Ran by Joe at 2015-04-15 19:08:11 Run:1

Running from C:\Users\Joe\Desktop

Loaded Profiles: Joe (Available profiles: Joe & Studio)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

closeprocesses:

emptytemp:

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

AlternateDataStreams: C:\ProgramData\TEMP:DDE29E40

AlternateDataStreams: C:\Users\Joe\Local Settings:bx63UobVrw27y9ByfJNe

AlternateDataStreams: C:\Users\Joe\Local Settings:L0huz7lzlYaeg6DjvFwQrEcGWJP3

AlternateDataStreams: C:\Users\Joe\AppData\Local:bx63UobVrw27y9ByfJNe

AlternateDataStreams: C:\Users\Joe\AppData\Local:L0huz7lzlYaeg6DjvFwQrEcGWJP3

AlternateDataStreams: C:\Users\Joe\AppData\Local\570Fnw0Fptm:vjUtIC2r8tTgzJfDjebAApn

AlternateDataStreams: C:\Users\Joe\AppData\Local\Application Data:bx63UobVrw27y9ByfJNe

AlternateDataStreams: C:\Users\Joe\AppData\Local\Application Data:L0huz7lzlYaeg6DjvFwQrEcGWJP3

AlternateDataStreams: C:\Users\Joe\AppData\Local\HkhbGYK4n:kVbn1JlDo4aLnrJx4F

AlternateDataStreams: C:\Users\Joe\AppData\Local\qWAnz1MXRi:Iq6Hke5HtEBRKutWypzGmRS7

AlternateDataStreams: C:\Users\Joe\AppData\Local\Temporary Internet Files:0Nw8avmZRVjUWFMDFYwJBZ0

Task: {C04ADDCD-F9EE-47EE-93A5-FC67E1A75BE2} - \Jelbrus Secure Web Task No Task File <==== ATTENTION

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

RemoveProxy:

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:63020;https=127.0.0.1:63020

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 0x68007400740070003A002F002F0067006F002E006D006900630072006F0073006F00660074002E0063006F006D002F00660077006C0069006E006B002F0070002F003F004C0069006E006B00490064003D003200350035003100340031000000

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 0x68007400740070003A002F002F0067006F002E006D006900630072006F0073006F00660074002E0063006F006D002F00660077006C0069006E006B002F003F004C0069006E006B00490064003D00350034003800390036000000

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 0x00

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 0x00

HKU\S-1-5-21-2048471247-995751312-864157879-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 0x68007400740070003A002F002F0067006F002E006D006900630072006F0073006F00660074002E0063006F006D002F00660077006C0069006E006B002F0070002F003F004C0069006E006B00490064003D003200350035003100340031000000

HKU\S-1-5-21-2048471247-995751312-864157879-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =

CHR HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Joe\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [cfiifhkkcanjbocdngcinebbnhabiccf] - C:\ProgramData\SaveAs\cfiifhkkcanjbocdngcinebbnhabiccf.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [cikkkfooompgefbcjlgdjejfdknkheaj] - C:\Program Files (x86)\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [gpiifgmgnfdiblgpaepbmfdkcheicgof] - C:\Program Files (x86)\Common Files\Spigot\GC\nta_1.0_0.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [jelaaoalhilpjlbbgcgimkdaeebdjbff] - C:\ProgramData\Bcool\jelaaoalhilpjlbbgcgimkdaeebdjbff.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Joe\AppData\Local\Torch\Plugins\TorchPlugin.crx [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Joe\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [Not Found]

S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [X]

*****************

Processes closed successfully.

C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.

C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.

C:\ProgramData\TEMP => ":DDE29E40" ADS removed successfully.

"C:\Users\Joe\Local Settings" => ":bx63UobVrw27y9ByfJNe" ADS not found.

"C:\Users\Joe\Local Settings" => ":L0huz7lzlYaeg6DjvFwQrEcGWJP3" ADS not found.

C:\Users\Joe\AppData\Local => ":bx63UobVrw27y9ByfJNe" ADS removed successfully.

C:\Users\Joe\AppData\Local => ":L0huz7lzlYaeg6DjvFwQrEcGWJP3" ADS removed successfully.

C:\Users\Joe\AppData\Local\570Fnw0Fptm => ":vjUtIC2r8tTgzJfDjebAApn" ADS removed successfully.

"C:\Users\Joe\AppData\Local\Application Data" => ":bx63UobVrw27y9ByfJNe" ADS not found.

"C:\Users\Joe\AppData\Local\Application Data" => ":L0huz7lzlYaeg6DjvFwQrEcGWJP3" ADS not found.

C:\Users\Joe\AppData\Local\HkhbGYK4n => ":kVbn1JlDo4aLnrJx4F" ADS removed successfully.

C:\Users\Joe\AppData\Local\qWAnz1MXRi => ":Iq6Hke5HtEBRKutWypzGmRS7" ADS removed successfully.

"C:\Users\Joe\AppData\Local\Temporary Internet Files" => ":0Nw8avmZRVjUWFMDFYwJBZ0" ADS not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C04ADDCD-F9EE-47EE-93A5-FC67E1A75BE2}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C04ADDCD-F9EE-47EE-93A5-FC67E1A75BE2}" => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jelbrus Secure Web Task => Key not found.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.

HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.

HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.

HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.

========= End of RemoveProxy: =========

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value not found.

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.

HKU\S-1-5-21-2048471247-995751312-864157879-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKU\S-1-5-21-2048471247-995751312-864157879-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.

"HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.

HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.

"HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{50CFB8A2-79FC-4820-8DED-40C33706E0D8}" => Key deleted successfully.

HKCR\CLSID\{50CFB8A2-79FC-4820-8DED-40C33706E0D8} => Key not found.

"HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{522AFA45-0CC5-45E8-BB1E-25CEA66CED17}" => Key deleted successfully.

HKCR\CLSID\{522AFA45-0CC5-45E8-BB1E-25CEA66CED17} => Key not found.

"HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5EA2073B-62FB-4125-9862-0E2C52673205}" => Key deleted successfully.

HKCR\CLSID\{5EA2073B-62FB-4125-9862-0E2C52673205} => Key not found.

C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\gce51ng1.default\user.js => Moved successfully.

"HKLM\SOFTWARE\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully.

"HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\Google\Chrome\Extensions\oajgghejjpgkmpgbchgjieahoefimdle" => Key deleted successfully.

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cfiifhkkcanjbocdngcinebbnhabiccf" => Key deleted successfully.

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cikkkfooompgefbcjlgdjejfdknkheaj" => Key deleted successfully.

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully.

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gpiifgmgnfdiblgpaepbmfdkcheicgof" => Key deleted successfully.

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jelaaoalhilpjlbbgcgimkdaeebdjbff" => Key deleted successfully.

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof" => Key deleted successfully.

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oajgghejjpgkmpgbchgjieahoefimdle" => Key deleted successfully.

SBSDWSCService => Service deleted successfully.

EmptyTemp: => Removed 1.9 GB temporary data.

The system needed a reboot.

==== End of Fixlog 19:08:24 ====

TwinHeadedEagle · April 16, 2015

I think I know what is the problem, but before we take some radical steps, let's try this:

Uninstall outdated Malwarebytes' Anti-Malware

Please download MBAM-clean and save it to your desktop.

Right-click on mbam-clean.exe icon and select Run as Administrator to start the tool.
It will ask you to reboot the machine - please do so.

After that follow my next instructions to download & install the newset MBAM version.

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

Install the progam and select update.
Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
Click the Scan tab, choose Threat Scan is checked and click Scan Now.
If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs and double-click the Scan Log.
At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

xterling · April 16, 2015

Re-did those steps again. Still not able to install Malwarebytes. Still getting the same error.

TwinHeadedEagle · April 16, 2015

Please download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.
Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer
Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.
In the Choose Recovery Tool menu select Command Prompt.
You will see a big black window with a blinking cursor (command prompt).

Access the notepad and identify your USB drive

In the Command Prompt please type in:
```
notepad
```
and press Enter.
When the notepad opens, go to File menu.
Select Open.
Go to Computer and search there for your USB drive letter.
Note down the letter and close the notepad.

Scan with Farbar Recovery Scan Tool

Once back in the command prompt window, please do the following:
Type in e:\frst64.exe and press Enter.
You need to replace e with the letter of your USB drive taken from notepad!
FRST will start to run. Give him a minute or so to load itself.
Click Yes to Disclaimer.
In the main console, please click Scan and wait.
When finished it will produce a logfile named FRST.txt in the root of your pendrive and display it. Close that logfile.

Transfer it to your clean machine and include it in your next reply.

xterling · April 18, 2015

Sorry for the delay, I needed to procure a 'clean machine'... Here's the log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04

Ran by SYSTEM on MININT-6NENMLC on 17-04-2015 19:54:52

Running from I:\

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)

HKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"

HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-27] (NVIDIA Corporation)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557984 2014-08-26] (Adobe Systems Incorporated)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)

HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)

HKLM-x32\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)

HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)

HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()

HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)

HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)

HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2711576 2014-10-03] (Sony Corporation)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1679360 2012-02-28] (Wondershare)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)

HKU\Joe\...\Run: [spybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

HKU\Joe\...\Run: [Google Update] => C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-03] (Google Inc.)

HKU\Joe\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-13] (Valve Corporation)

HKU\Joe\...\Run: [GoogleChromeAutoLaunch_D08BC2BD8F1B6BE4ACC60C8748C6E102] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)

HKU\Joe\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)

Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk

ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

Startup: C:\Users\Studio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.6.lnk

ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2015-01-30] (Adobe Systems Incorporated)

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)

S2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)

S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-27] (NVIDIA Corporation)

S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-27] ()

S2 MSSQL$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation)

S3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)

S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-27] (NVIDIA Corporation)

S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-27] (NVIDIA Corporation)

S2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [485400 2014-10-03] (Sony Corporation)

S2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)

S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-02-25] (Enigma Software Group USA, LLC.)

S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)

S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

S2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)

S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2014-10-24] (Enigma Software Group USA, LLC.)

S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2014-10-24] ()

S3 evserial; C:\Windows\System32\DRIVERS\evserial.sys [67072 2008-05-19] (ELTIMA Software)

S3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25752 2012-05-16] ()

S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)

S2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [56008 2015-03-26] (Kaspersky Lab ZAO)

S3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [151240 2014-11-28] (Kaspersky Lab ZAO)

S1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [245960 2014-10-22] (Kaspersky Lab ZAO)

S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [842440 2015-03-26] (Kaspersky Lab ZAO)

S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30920 2014-10-10] (Kaspersky Lab ZAO)

S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [30920 2014-10-30] (Kaspersky Lab ZAO)

S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)

S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)

S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [57032 2014-10-09] (Kaspersky Lab ZAO)

S1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77000 2014-11-22] (Kaspersky Lab ZAO)

S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [181960 2014-11-10] (Kaspersky Lab ZAO)

S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2013-03-14] (http://libusb-win32.sourceforge.net)

S3 MBOXPRO; C:\Windows\System32\DRIVERS\AvidMboxPro.sys [436528 2012-02-23] (Avid)

S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)

S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-27] (NVIDIA Corporation)

S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)

S0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)

S3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-15] ()

S3 VSBC; C:\Windows\System32\DRIVERS\evsbc.sys [32768 2008-05-19] (ELTIMA Software)

S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2014-07-31] (Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 17:39 - 2015-04-15 17:39 - 00002029 _____ () C:\Users\Public\Desktop\H&R Block 2014.lnk

2015-04-15 17:39 - 2015-04-15 17:39 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\TaxCut

2015-04-15 17:38 - 2015-04-15 17:52 - 00000000 ____D () C:\Users\Joe\Documents\HRBlock

2015-04-15 17:38 - 2015-04-15 17:38 - 00000000 ____D () C:\ProgramData\TaxCut

2015-04-15 17:38 - 2015-04-15 17:38 - 00000000 ____D () C:\Program Files (x86)\PDF995

2015-04-15 17:38 - 2015-04-15 17:38 - 00000000 ____D () C:\Program Files (x86)\HRBlock2014

2015-04-15 15:17 - 2015-04-15 15:17 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Joe\Desktop\mbam-clean-2.1.1.1001.exe

2015-04-15 15:08 - 2015-04-15 15:08 - 00000000 ____D () C:\Users\Joe\Desktop\FRST-OlderVersion

2015-04-15 03:19 - 2015-04-01 16:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2015-04-15 03:19 - 2015-04-01 15:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-04-15 03:19 - 2015-03-24 19:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2015-04-15 03:19 - 2015-03-24 19:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2015-04-15 03:19 - 2015-03-24 19:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2015-04-15 03:19 - 2015-03-24 19:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2015-04-15 03:19 - 2015-03-24 19:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2015-04-15 03:19 - 2015-03-24 19:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\WinSetupUI.dll

2015-04-15 03:19 - 2015-03-24 19:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll

2015-04-15 03:19 - 2015-03-24 19:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll

2015-04-15 03:19 - 2015-03-24 19:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2015-04-15 03:19 - 2015-03-24 19:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2015-04-15 03:19 - 2015-03-24 19:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\wu.upgrade.ps.dll

2015-04-15 03:19 - 2015-03-24 19:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2015-04-15 03:19 - 2015-03-24 19:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2015-04-15 03:19 - 2015-03-24 19:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2015-04-15 03:19 - 2015-03-24 19:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2015-04-15 03:19 - 2015-03-24 19:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2015-04-15 03:19 - 2015-03-22 19:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll

2015-04-15 03:19 - 2015-03-22 19:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll

2015-04-15 03:19 - 2015-03-22 19:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll

2015-04-15 03:19 - 2015-03-22 19:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll

2015-04-15 03:19 - 2015-03-22 19:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll

2015-04-15 03:19 - 2015-03-22 19:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll

2015-04-15 03:19 - 2015-03-22 19:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll

2015-04-15 03:19 - 2015-03-22 19:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll

2015-04-15 03:19 - 2015-03-16 21:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2015-04-15 03:19 - 2015-03-16 21:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2015-04-15 03:19 - 2015-03-16 21:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2015-04-15 03:19 - 2015-03-16 21:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll

2015-04-15 03:19 - 2015-03-16 21:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2015-04-15 03:19 - 2015-03-16 21:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll

2015-04-15 03:19 - 2015-03-16 21:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2015-04-15 03:19 - 2015-03-16 21:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll

2015-04-15 03:19 - 2015-03-16 21:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2015-04-15 03:19 - 2015-03-16 21:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll

2015-04-15 03:19 - 2015-03-16 21:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll

2015-04-15 03:19 - 2015-03-16 21:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2015-04-15 03:19 - 2015-03-16 21:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll

2015-04-15 03:19 - 2015-03-16 21:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll

2015-04-15 03:19 - 2015-03-16 21:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2015-04-15 03:19 - 2015-03-16 21:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe

2015-04-15 03:19 - 2015-03-16 21:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2015-04-15 03:19 - 2015-03-16 21:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll

2015-04-15 03:19 - 2015-03-16 21:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll

2015-04-15 03:19 - 2015-03-16 21:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe

2015-04-15 03:19 - 2015-03-16 21:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll

2015-04-15 03:19 - 2015-03-16 21:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll

2015-04-15 03:19 - 2015-03-16 21:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll

2015-04-15 03:19 - 2015-03-16 21:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll

2015-04-15 03:19 - 2015-03-16 21:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll

2015-04-15 03:19 - 2015-03-16 21:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll

2015-04-15 03:19 - 2015-03-16 21:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2015-04-15 03:19 - 2015-03-16 21:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe

2015-04-15 03:19 - 2015-03-16 21:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe

2015-04-15 03:19 - 2015-03-16 21:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe

2015-04-15 03:19 - 2015-03-16 21:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll

2015-04-15 03:19 - 2015-03-16 21:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll

2015-04-15 03:19 - 2015-03-16 21:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll

2015-04-15 03:19 - 2015-03-16 21:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll

2015-04-15 03:19 - 2015-03-16 21:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 21:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 21:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 21:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 21:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-04-15 03:19 - 2015-03-16 21:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-04-15 03:19 - 2015-03-16 20:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2015-04-15 03:19 - 2015-03-16 20:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-04-15 03:19 - 2015-03-16 20:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-04-15 03:19 - 2015-03-16 20:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-04-15 03:19 - 2015-03-16 20:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-04-15 03:19 - 2015-03-16 20:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-04-15 03:19 - 2015-03-16 20:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-04-15 03:19 - 2015-03-16 20:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-04-15 03:19 - 2015-03-16 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-04-15 03:19 - 2015-03-16 20:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2015-04-15 03:19 - 2015-03-16 20:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2015-04-15 03:19 - 2015-03-16 20:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2015-04-15 03:19 - 2015-03-16 20:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-04-15 03:19 - 2015-03-16 20:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-04-15 03:19 - 2015-03-16 20:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2015-04-15 03:19 - 2015-03-16 20:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-04-15 03:19 - 2015-03-16 20:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2015-04-15 03:19 - 2015-03-16 20:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-04-15 03:19 - 2015-03-16 20:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-04-15 03:19 - 2015-03-16 20:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-04-15 03:19 - 2015-03-16 20:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2015-04-15 03:19 - 2015-03-16 20:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 20:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 19:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2015-04-15 03:19 - 2015-03-16 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2015-04-15 03:19 - 2015-03-16 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2015-04-15 03:19 - 2015-03-16 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2015-04-15 03:19 - 2015-03-12 20:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2015-04-15 03:19 - 2015-03-12 20:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll

2015-04-15 03:19 - 2015-03-12 20:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2015-04-15 03:19 - 2015-03-12 20:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2015-04-15 03:19 - 2015-03-12 20:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\System32\html.iec

2015-04-15 03:19 - 2015-03-12 20:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll

2015-04-15 03:19 - 2015-03-12 20:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2015-04-15 03:19 - 2015-03-12 20:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2015-04-15 03:19 - 2015-03-12 19:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2015-04-15 03:19 - 2015-03-12 19:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll

2015-04-15 03:19 - 2015-03-12 19:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2015-04-15 03:19 - 2015-03-12 19:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe

2015-04-15 03:19 - 2015-03-12 19:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll

2015-04-15 03:19 - 2015-03-12 19:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2015-04-15 03:19 - 2015-03-12 19:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

2015-04-15 03:19 - 2015-03-12 19:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-04-15 03:19 - 2015-03-12 19:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-04-15 03:19 - 2015-03-12 19:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2015-04-15 03:19 - 2015-03-12 19:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll

2015-04-15 03:19 - 2015-03-12 19:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-04-15 03:19 - 2015-03-12 19:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-04-15 03:19 - 2015-03-12 19:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-04-15 03:19 - 2015-03-12 19:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-04-15 03:19 - 2015-03-12 19:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2015-04-15 03:19 - 2015-03-12 19:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-04-15 03:19 - 2015-03-12 19:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2015-04-15 03:19 - 2015-03-12 19:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-04-15 03:19 - 2015-03-12 19:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-04-15 03:19 - 2015-03-12 19:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-04-15 03:19 - 2015-03-12 19:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-04-15 03:19 - 2015-03-12 19:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-04-15 03:19 - 2015-03-12 19:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-04-15 03:19 - 2015-03-12 19:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2015-04-15 03:19 - 2015-03-12 19:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2015-04-15 03:19 - 2015-03-12 19:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-04-15 03:19 - 2015-03-12 19:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2015-04-15 03:19 - 2015-03-12 19:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll

2015-04-15 03:19 - 2015-03-12 19:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-04-15 03:19 - 2015-03-12 19:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2015-04-15 03:19 - 2015-03-12 18:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-04-15 03:19 - 2015-03-12 18:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-04-15 03:19 - 2015-03-12 18:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-04-15 03:19 - 2015-03-12 18:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-04-15 03:19 - 2015-03-12 18:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll

2015-04-15 03:19 - 2015-03-12 18:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-04-15 03:19 - 2015-03-12 18:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-04-15 03:19 - 2015-03-12 18:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-04-15 03:19 - 2015-03-12 18:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-04-15 03:19 - 2015-03-12 18:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2015-04-15 03:19 - 2015-03-12 18:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2015-04-15 03:19 - 2015-03-12 18:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-04-15 03:19 - 2015-03-12 18:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-04-15 03:19 - 2015-03-12 18:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-04-15 03:19 - 2015-03-09 19:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2015-04-15 03:19 - 2015-03-09 19:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll

2015-04-15 03:19 - 2015-03-09 19:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2015-04-15 03:19 - 2015-03-09 19:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2015-04-15 03:19 - 2015-03-04 21:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll

2015-04-15 03:19 - 2015-03-04 20:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2015-04-15 03:19 - 2015-02-24 19:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys

2015-04-15 03:18 - 2015-03-12 20:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2015-04-15 03:18 - 2015-03-12 20:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll

2015-04-15 03:18 - 2015-03-12 19:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll

2015-04-15 03:18 - 2015-03-03 20:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\System32\clfs.sys

2015-04-15 03:18 - 2015-03-03 20:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\System32\clfsw32.dll

2015-04-15 03:18 - 2015-03-03 20:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll

2015-04-14 21:56 - 2015-04-14 21:56 - 21541880 _____ (Malwarebytes Corporation ) C:\Users\Joe\Desktop\MBPro.exe

2015-04-14 21:50 - 2015-04-15 15:08 - 02097664 _____ (Farbar) C:\Users\Joe\Desktop\FRST64.exe

2015-04-14 21:50 - 2015-04-14 21:50 - 00045135 _____ () C:\Users\Joe\Desktop\FRST.txt

2015-04-14 21:50 - 2015-04-14 21:50 - 00041654 _____ () C:\Users\Joe\Desktop\Addition.txt

2015-04-14 21:45 - 2015-04-14 21:45 - 00000000 ____D () C:\Users\Joe\AppData\Local\FileMaintenance

2015-04-14 21:40 - 2015-04-14 21:40 - 00002615 _____ () C:\Users\Public\Desktop\JuiceCalculator.lnk

2015-04-14 21:40 - 2015-04-14 21:40 - 00000000 ____D () C:\Program Files (x86)\EJuiceCalculator

2015-04-14 16:39 - 2015-04-14 16:39 - 00000000 ____D () C:\Users\Joe\AppData\Local\openvr

2015-04-04 23:00 - 2015-04-04 23:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX

2015-04-04 23:00 - 2015-04-04 23:00 - 00000000 ___SD () C:\Windows\System32\GWX

2015-03-31 19:21 - 2015-04-17 03:17 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-03-31 19:21 - 2015-04-17 02:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-03-31 19:21 - 2015-04-15 15:12 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-03-31 19:21 - 2015-04-15 15:12 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-03-30 18:51 - 2015-03-13 11:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll

2015-03-30 18:51 - 2015-03-13 11:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll

2015-03-30 18:51 - 2015-03-13 11:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2015-03-30 18:51 - 2015-03-13 11:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2015-03-30 18:51 - 2015-03-13 11:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll

2015-03-30 18:51 - 2015-03-13 11:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll

2015-03-30 18:51 - 2015-03-13 11:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll

2015-03-30 18:51 - 2015-03-13 11:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2015-03-30 18:51 - 2015-03-13 11:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2015-03-30 18:51 - 2015-03-13 11:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys

2015-03-30 18:51 - 2015-03-13 11:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll

2015-03-30 18:51 - 2015-03-13 11:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2015-03-30 18:51 - 2015-03-13 11:41 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2015-03-30 18:51 - 2015-03-13 11:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6434788.dll

2015-03-30 18:51 - 2015-03-13 11:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6434788.dll

2015-03-30 18:51 - 2015-03-13 11:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll

2015-03-30 18:51 - 2015-03-13 11:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll

2015-03-30 18:51 - 2015-03-13 11:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll

2015-03-30 18:51 - 2015-03-13 11:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2015-03-30 18:51 - 2015-03-13 11:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2015-03-30 18:51 - 2015-03-13 11:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2015-03-30 18:51 - 2015-03-13 11:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll

2015-03-30 18:51 - 2015-03-13 11:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2015-03-30 18:51 - 2015-03-13 11:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll

2015-03-30 18:51 - 2015-03-13 11:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2015-03-29 08:16 - 2015-03-29 08:16 - 00001754 _____ () C:\Users\Joe\Desktop\Black Mesa.lnk

2015-03-27 17:45 - 2015-04-17 02:37 - 00000000 ____D () C:\Program Files (x86)\Steam

2015-03-27 17:45 - 2015-03-27 17:45 - 00000963 _____ () C:\Users\Public\Desktop\Steam.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-17 19:54 - 2015-02-26 19:00 - 00000000 ____D () C:\FRST

2015-04-17 03:31 - 2012-11-04 10:15 - 01171139 _____ () C:\Windows\WindowsUpdate.log

2015-04-17 03:27 - 2013-04-24 18:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-04-17 03:19 - 2014-07-03 21:10 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2048471247-995751312-864157879-1000UA.job

2015-04-17 03:07 - 2015-03-02 18:19 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2015-04-17 01:52 - 2013-11-15 07:21 - 00648016 _____ () C:\Windows\setupact.log

2015-04-16 23:56 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache

2015-04-16 23:27 - 2009-07-13 20:45 - 00027568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-04-16 23:27 - 2009-07-13 20:45 - 00027568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-04-16 23:26 - 2009-07-13 21:13 - 00823836 _____ () C:\Windows\System32\PerfStringBackup.INI

2015-04-16 23:19 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-04-16 23:18 - 2014-12-11 00:19 - 00000000 ____D () C:\Windows\System32\appraiser

2015-04-16 23:18 - 2014-05-06 17:45 - 00000000 ___SD () C:\Windows\System32\CompatTel

2015-04-16 23:03 - 2013-04-22 15:08 - 00815958 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2015-04-16 23:03 - 2012-11-04 11:55 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-04-16 23:02 - 2009-07-13 18:34 - 00000580 _____ () C:\Windows\win.ini

2015-04-16 22:00 - 2013-01-09 17:49 - 00000000 ____D () C:\Users\Joe\AppData\Local\Adobe

2015-04-16 15:19 - 2014-07-03 21:10 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2048471247-995751312-864157879-1000Core.job

2015-04-16 03:07 - 2010-11-20 19:47 - 00878236 _____ () C:\Windows\PFRO.log

2015-04-16 03:04 - 2012-11-04 11:27 - 00106944 _____ () C:\Users\Joe\AppData\Local\GDIPFONTCACHEV1.DAT

2015-04-15 18:43 - 2009-07-13 20:45 - 05015072 _____ () C:\Windows\System32\FNTCACHE.DAT

2015-04-15 17:29 - 2014-11-17 18:13 - 00000000 ____D () C:\Users\Joe\Documents\JuiceCalculator

2015-04-15 15:53 - 2015-03-05 18:18 - 00035064 _____ () C:\Windows\System32\Drivers\TrueSight.sys

2015-04-15 15:20 - 2012-11-04 11:28 - 00000000 ____D () C:\Users\Joe\AppData\Local\Google

2015-04-15 15:14 - 2014-07-03 21:10 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2048471247-995751312-864157879-1000UA

2015-04-15 15:14 - 2014-07-03 21:10 - 00003470 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2048471247-995751312-864157879-1000Core

2015-04-15 15:05 - 2012-11-04 12:03 - 00000000 ____D () C:\Users\Joe\Documents\Outlook Files

2015-04-15 05:27 - 2013-04-24 18:46 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-04-15 05:27 - 2013-04-24 18:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-04-15 05:27 - 2013-04-24 18:46 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-04-14 21:40 - 2014-11-17 18:13 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\JuiceCalculator

2015-04-14 21:40 - 2013-05-18 20:31 - 00000000 ____D () C:\Users\Joe\AppData\Local\Downloaded Installations

2015-04-12 05:21 - 2014-08-24 05:57 - 00000000 ____D () C:\Users\Joe\Documents\My Labels

2015-04-11 16:58 - 2014-07-19 11:36 - 00000000 ____D () C:\Users\Joe\Documents\EJuice Recipes

2015-04-05 04:22 - 2015-03-08 03:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-04-01 02:06 - 2014-06-01 17:32 - 00000000 ____D () C:\ProgramData\CanonIJPLM

2015-03-31 19:22 - 2012-11-04 11:28 - 00000000 ____D () C:\Program Files (x86)\Google

2015-03-31 19:16 - 2014-05-11 18:45 - 00000000 ____D () C:\temp

2015-03-31 18:13 - 2012-11-04 10:29 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-03-30 18:52 - 2012-11-04 10:28 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

2015-03-30 18:52 - 2012-11-04 10:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

2015-03-27 19:44 - 2014-06-03 18:30 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll

2015-03-27 19:44 - 2013-12-01 09:35 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll

2015-03-27 19:43 - 2014-06-03 18:30 - 01756424 _____ (NVIDIA Corporation) C:\Windows\System32\nvspbridge64.dll

2015-03-27 19:43 - 2013-12-01 09:35 - 01570672 _____ (NVIDIA Corporation) C:\Windows\System32\nvspcap64.dll

2015-03-27 17:31 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF

2015-03-26 01:10 - 2015-03-02 18:19 - 00842440 _____ (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klif.sys

2015-03-26 01:10 - 2014-08-19 09:31 - 00056008 _____ (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kldisk.sys

2015-03-20 17:32 - 2014-06-16 19:13 - 00002785 _____ () C:\Users\Public\Desktop\eJuice Me Up.lnk

2015-03-18 14:40 - 2015-03-16 15:56 - 00000000 ____D () C:\ProgramData\AVAST Software

Files to move or delete:

====================

C:\Users\Joe\FRST64.exe

Some content of TEMP:

====================

C:\Users\Joe\AppData\Local\Temp\dllnt_dump.dll

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

Restore point made on: 2015-04-04 23:00:22

Restore point made on: 2015-04-10 01:24:45

Restore point made on: 2015-04-14 01:09:20

Restore point made on: 2015-04-14 21:40:26

Restore point made on: 2015-04-15 17:38:45

Restore point made on: 2015-04-16 23:00:21

==================== Memory info ===========================

Percentage of memory in use: 7%

Total physical RAM: 16358.46 MB

Available physical RAM: 15131.09 MB

Total Pagefile: 16356.66 MB

Available Pagefile: 15124.76 MB

Total Virtual: 8192 MB

Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.02 GB) (Free:719.89 GB) NTFS

Drive d: (Data HDD) (Fixed) (Total:1397.26 GB) (Free:843.36 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive e: (SSD) (Fixed) (Total:223.57 GB) (Free:223.44 GB) NTFS

Drive i: (MALWAREBYTE) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (SYSTEM) (Fixed) (Total:0.49 GB) (Free:0.24 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7D123E89)

Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: B5E47E0B)

Partition 1: (Active) - (Size=1397.3 GB) - (Type=07 NTFS)

========================================================

Disk: 2 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 36CBC858)

Partition 1: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS)

========================================================

Disk: 4 (Size: 1.9 GB) (Disk ID: 6F20736B)

No partition Table on disk 4.

Disk 4 is a removable device.

LastRegBack: 2015-04-13 20:18

==================== End Of Log ============================

TwinHeadedEagle · April 18, 2015

I am not seeing something that could block MalwareBytes from installing. Can you disable Kaspersky and then try to install MalwareBytes?

xterling · April 18, 2015

Disabling Kapersky worked! Here is the Malwarebytes scan log:

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 4/18/2015

Scan Time: 6:12:55 AM

Logfile: Scan Log.txt

Administrator: Yes

Version: 2.01.4.1018

Malware Database: v2015.04.18.01

Rootkit Database: v2015.03.31.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Joe

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 470711

Time Elapsed: 6 min, 29 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 5

PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [0aff84eaa0eaa195600e341273927789],

PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [92774628820833032e3f61e517eed22e],

PUP.Optional.GenericAddon.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\GenericAddon, Quarantined, [94751c52cac0e74f399a4b95ca3938c8],

PUP.Optional.GenericAddon.A, HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\APPDATALOW\SOFTWARE\GenericAddon, Quarantined, [61a83f2f0a8003333d965c84f31004fc],

PUP.Optional.VideoPerformer.A, HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\PERFORMERSOFT LLC\Video Performer, Quarantined, [9673333bec9edb5b3db737b363a0c937],

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 13

PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnkhknblpbolmcdhmflicaflhefdmbn\1.0_0, Quarantined, [8881ea84741653e3662c430f30d5b848],

PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnkhknblpbolmcdhmflicaflhefdmbn, Quarantined, [8881ea84741653e3662c430f30d5b848],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\246, Quarantined, [60a9046a2169181ea7eb331f46bff010],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc, Quarantined, [60a9046a2169181ea7eb331f46bff010],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddehdnnhjimbggeeenghijehnpakijod\120, Quarantined, [2ddc4c2229618da9682a3220b74e748c],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddehdnnhjimbggeeenghijehnpakijod, Quarantined, [2ddc4c2229618da9682a3220b74e748c],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpnkndcjocnjgdbjdjhimgnjfmighjf\237, Quarantined, [ad5c72fced9d5ed8425071e10afb1ae6],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpnkndcjocnjgdbjdjhimgnjfmighjf, Quarantined, [ad5c72fced9d5ed8425071e10afb1ae6],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\infbohjcpbljfmnimjodijobdhjfijnp\245, Quarantined, [fa0fea848dfd3600dab855fd12f3a060],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\infbohjcpbljfmnimjodijobdhjfijnp, Quarantined, [fa0fea848dfd3600dab855fd12f3a060],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lclbbneapfiaihigbkalcoophalpbapl\168, Quarantined, [64a5b8b6107a9d990e84ed654db85ea2],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lclbbneapfiaihigbkalcoophalpbapl, Quarantined, [64a5b8b6107a9d990e84ed654db85ea2],

PUP.Optional.MultiPlug, C:\ProgramData\dipclmbkdjgcbbbpmlilhibggmibdbgj, Quarantined, [7990b6b8d7b37cbaf6f0381b4db89f61],

Files: 38

PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, Quarantined, [9a6f7bf35832ff377cf5d07653b27c84],

PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnkhknblpbolmcdhmflicaflhefdmbn\1.0_0\lsdb.js, Quarantined, [8881ea84741653e3662c430f30d5b848],

PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnkhknblpbolmcdhmflicaflhefdmbn\1.0_0\background.html, Quarantined, [8881ea84741653e3662c430f30d5b848],

PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnkhknblpbolmcdhmflicaflhefdmbn\1.0_0\indexeddb.js, Quarantined, [8881ea84741653e3662c430f30d5b848],

PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnkhknblpbolmcdhmflicaflhefdmbn\1.0_0\jquery.js, Quarantined, [8881ea84741653e3662c430f30d5b848],

PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnkhknblpbolmcdhmflicaflhefdmbn\1.0_0\manifest.json, Quarantined, [8881ea84741653e3662c430f30d5b848],

PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnkhknblpbolmcdhmflicaflhefdmbn\1.0_0\sqlite.js, Quarantined, [8881ea84741653e3662c430f30d5b848],

PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnkhknblpbolmcdhmflicaflhefdmbn\1.0_0\worker.js, Quarantined, [8881ea84741653e3662c430f30d5b848],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\246\lsdb.js, Quarantined, [60a9046a2169181ea7eb331f46bff010],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\246\b.js, Quarantined, [60a9046a2169181ea7eb331f46bff010],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\246\background.html, Quarantined, [60a9046a2169181ea7eb331f46bff010],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\246\content.js, Quarantined, [60a9046a2169181ea7eb331f46bff010],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\246\DWbQCg7g4w.js, Quarantined, [60a9046a2169181ea7eb331f46bff010],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\246\manifest.json, Quarantined, [60a9046a2169181ea7eb331f46bff010],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddehdnnhjimbggeeenghijehnpakijod\120\lsdb.js, Quarantined, [2ddc4c2229618da9682a3220b74e748c],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddehdnnhjimbggeeenghijehnpakijod\120\background.html, Quarantined, [2ddc4c2229618da9682a3220b74e748c],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddehdnnhjimbggeeenghijehnpakijod\120\content.js, Quarantined, [2ddc4c2229618da9682a3220b74e748c],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddehdnnhjimbggeeenghijehnpakijod\120\manifest.json, Quarantined, [2ddc4c2229618da9682a3220b74e748c],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpnkndcjocnjgdbjdjhimgnjfmighjf\237\lsdb.js, Quarantined, [ad5c72fced9d5ed8425071e10afb1ae6],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpnkndcjocnjgdbjdjhimgnjfmighjf\237\background.html, Quarantined, [ad5c72fced9d5ed8425071e10afb1ae6],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpnkndcjocnjgdbjdjhimgnjfmighjf\237\content.js, Quarantined, [ad5c72fced9d5ed8425071e10afb1ae6],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpnkndcjocnjgdbjdjhimgnjfmighjf\237\manifest.json, Quarantined, [ad5c72fced9d5ed8425071e10afb1ae6],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\infbohjcpbljfmnimjodijobdhjfijnp\245\lsdb.js, Quarantined, [fa0fea848dfd3600dab855fd12f3a060],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\infbohjcpbljfmnimjodijobdhjfijnp\245\background.html, Quarantined, [fa0fea848dfd3600dab855fd12f3a060],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\infbohjcpbljfmnimjodijobdhjfijnp\245\content.js, Quarantined, [fa0fea848dfd3600dab855fd12f3a060],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\infbohjcpbljfmnimjodijobdhjfijnp\245\jTL.js, Quarantined, [fa0fea848dfd3600dab855fd12f3a060],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\infbohjcpbljfmnimjodijobdhjfijnp\245\manifest.json, Quarantined, [fa0fea848dfd3600dab855fd12f3a060],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\infbohjcpbljfmnimjodijobdhjfijnp\245\Yfgl.js, Quarantined, [fa0fea848dfd3600dab855fd12f3a060],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lclbbneapfiaihigbkalcoophalpbapl\168\lsdb.js, Quarantined, [64a5b8b6107a9d990e84ed654db85ea2],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lclbbneapfiaihigbkalcoophalpbapl\168\background.html, Quarantined, [64a5b8b6107a9d990e84ed654db85ea2],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lclbbneapfiaihigbkalcoophalpbapl\168\content.js, Quarantined, [64a5b8b6107a9d990e84ed654db85ea2],

PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lclbbneapfiaihigbkalcoophalpbapl\168\manifest.json, Quarantined, [64a5b8b6107a9d990e84ed654db85ea2],

PUP.Optional.MultiPlug, C:\ProgramData\dipclmbkdjgcbbbpmlilhibggmibdbgj\lsdb.js, Quarantined, [7990b6b8d7b37cbaf6f0381b4db89f61],

PUP.Optional.MultiPlug, C:\ProgramData\dipclmbkdjgcbbbpmlilhibggmibdbgj\background.html, Quarantined, [7990b6b8d7b37cbaf6f0381b4db89f61],

PUP.Optional.MultiPlug, C:\ProgramData\dipclmbkdjgcbbbpmlilhibggmibdbgj\BoCdOmJxnP.js, Quarantined, [7990b6b8d7b37cbaf6f0381b4db89f61],

PUP.Optional.MultiPlug, C:\ProgramData\dipclmbkdjgcbbbpmlilhibggmibdbgj\content.js, Quarantined, [7990b6b8d7b37cbaf6f0381b4db89f61],

PUP.Optional.MultiPlug, C:\ProgramData\dipclmbkdjgcbbbpmlilhibggmibdbgj\EDa4owsa.js, Quarantined, [7990b6b8d7b37cbaf6f0381b4db89f61],

PUP.Optional.MultiPlug, C:\ProgramData\dipclmbkdjgcbbbpmlilhibggmibdbgj\manifest.json, Quarantined, [7990b6b8d7b37cbaf6f0381b4db89f61],

Physical Sectors: 0

(No malicious items detected)

(end)

TwinHeadedEagle · April 18, 2015

Excellent. Is everything fine, PC is clean now.

xterling · April 18, 2015

THE you're the man!! Thank you for everything. You're doing God's work my brother! Lol... I will most definitely donate to you... Have a great weekend.

TwinHeadedEagle · April 18, 2015

Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself

Recommended reading:

MUST READ - security tips:

Computer Security - a short guide to staying safer online.

Simple and easy ways to keep your computer safe and secure on the Internet

How Malware Spreads - How did I get infected

MUST READ - general maintenance:

What to do if your Computer is running slowly?

The Importance of Software Updating:

In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.

Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

Recommended additional software:

CCleaner - to clean unneeded temporary files.
Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
McShield - to prevent infections spread by removable media.
Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
Adblock - to surf the web without annoying ads!

Post-cleanup procedures:

Download DelFix by Xplode and save it to your desktop.

Run the tool by right click on the icon and Run as administrator option.
Make sure that these ones are checked:
- Remove disinfection tools
- Purge system restore
- Reset system settings
Push Run.
The program will run for a few seconds and display a notepad report. You do not need to attach it.

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:

Thank you!

Stay safe,
TwinHeadedEagle

AdvancedSetup · April 21, 2015

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Please help

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information