xterling Posted April 15, 2015 ID:955781 Share Posted April 15, 2015 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2015Ran by Joe (administrator) on OFFICE on 15-04-2015 01:50:21Running from C:\Users\Joe\DesktopLoaded Profiles: Joe (Available profiles: Joe & Studio)Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: CHR HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Joe\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [cfiifhkkcanjbocdngcinebbnhabiccf] - C:\ProgramData\SaveAs\cfiifhkkcanjbocdngcinebbnhabiccf.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [cikkkfooompgefbcjlgdjejfdknkheaj] - C:\Program Files (x86)\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]CHR HKLM-x32\...\Chrome\Extension: [gpiifgmgnfdiblgpaepbmfdkcheicgof] - C:\Program Files (x86)\Common Files\Spigot\GC\nta_1.0_0.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [jelaaoalhilpjlbbgcgimkdaeebdjbff] - C:\ProgramData\Bcool\jelaaoalhilpjlbbgcgimkdaeebdjbff.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Joe\AppData\Local\Torch\Plugins\TorchPlugin.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Joe\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx [2013-08-24] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2015-01-30] (Adobe Systems Incorporated)R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-27] (NVIDIA Corporation)R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-27] ()R2 MSSQL$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]S3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-27] (NVIDIA Corporation)R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-27] (NVIDIA Corporation)R2 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2938880 2012-05-18] (PACE Anti-Piracy, Inc.) [File not signed]R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [485400 2014-10-03] (Sony Corporation)R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-02-25] (Enigma Software Group USA, LLC.)S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2014-10-24] (Enigma Software Group USA, LLC.)S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2014-10-24] ()S3 evserial; C:\Windows\System32\DRIVERS\evserial.sys [67072 2008-05-19] (ELTIMA Software)R3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25752 2012-05-16] ()R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [56008 2015-03-26] (Kaspersky Lab ZAO)R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [151240 2014-11-28] (Kaspersky Lab ZAO)R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [245960 2014-10-22] (Kaspersky Lab ZAO)R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [842440 2015-03-26] (Kaspersky Lab ZAO)R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30920 2014-10-10] (Kaspersky Lab ZAO)R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [30920 2014-10-30] (Kaspersky Lab ZAO)R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [57032 2014-10-09] (Kaspersky Lab ZAO)R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77000 2014-11-22] (Kaspersky Lab ZAO)R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [181960 2014-11-10] (Kaspersky Lab ZAO)S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2013-03-14] (http://libusb-win32.sourceforge.net) R3 MBOXPRO; C:\Windows\System32\DRIVERS\AvidMboxPro.sys [436528 2012-02-23] (Avid)S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-27] (NVIDIA Corporation)R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-04] ()R3 VSBC; C:\Windows\System32\DRIVERS\evsbc.sys [32768 2008-05-19] (ELTIMA Software)S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2014-07-31] (Wondershare) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-15 01:50 - 2015-04-15 01:50 - 02096640 _____ (Farbar) C:\Users\Joe\Desktop\FRST64.exe2015-04-15 01:50 - 2015-04-15 01:50 - 00030851 _____ () C:\Users\Joe\Desktop\FRST.txt2015-04-15 01:47 - 2015-04-15 01:47 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Joe\Desktop\mbam-setup-2.1.4.1018.exe2015-04-15 01:45 - 2015-04-15 01:45 - 00000000 ____D () C:\Users\Joe\AppData\Local\FileMaintenance2015-04-15 01:40 - 2015-04-15 01:40 - 00002615 _____ () C:\Users\Public\Desktop\JuiceCalculator.lnk2015-04-15 01:40 - 2015-04-15 01:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JuiceCalculator2015-04-15 01:40 - 2015-04-15 01:40 - 00000000 ____D () C:\Program Files (x86)\EJuiceCalculator2015-04-14 20:39 - 2015-04-14 20:39 - 00000000 ____D () C:\Users\Joe\AppData\Local\openvr2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX2015-03-31 23:21 - 2015-04-15 01:26 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-03-31 23:21 - 2015-04-14 23:26 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-03-31 23:21 - 2015-03-31 23:21 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-03-31 23:21 - 2015-03-31 23:21 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-03-30 22:51 - 2015-03-13 15:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll2015-03-30 22:51 - 2015-03-13 15:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll2015-03-30 22:51 - 2015-03-13 15:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll2015-03-30 22:51 - 2015-03-13 15:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll2015-03-30 22:51 - 2015-03-13 15:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll2015-03-30 22:51 - 2015-03-13 15:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll2015-03-30 22:51 - 2015-03-13 15:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll2015-03-30 22:51 - 2015-03-13 15:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll2015-03-30 22:51 - 2015-03-13 15:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll2015-03-30 22:51 - 2015-03-13 15:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys2015-03-30 22:51 - 2015-03-13 15:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll2015-03-30 22:51 - 2015-03-13 15:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll2015-03-30 22:51 - 2015-03-13 15:41 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll2015-03-30 22:51 - 2015-03-13 15:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll2015-03-30 22:51 - 2015-03-13 15:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll2015-03-30 22:51 - 2015-03-13 15:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll2015-03-30 22:51 - 2015-03-13 15:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll2015-03-30 22:51 - 2015-03-13 15:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll2015-03-30 22:51 - 2015-03-13 15:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll2015-03-30 22:51 - 2015-03-13 15:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll2015-03-30 22:51 - 2015-03-13 15:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll2015-03-30 22:51 - 2015-03-13 15:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll2015-03-30 22:51 - 2015-03-13 15:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll2015-03-30 22:51 - 2015-03-13 15:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll2015-03-30 22:51 - 2015-03-13 15:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll2015-03-29 12:16 - 2015-03-29 12:16 - 00001754 _____ () C:\Users\Joe\Desktop\Black Mesa.lnk2015-03-27 21:45 - 2015-04-14 20:39 - 00000000 ____D () C:\Program Files (x86)\Steam2015-03-27 21:45 - 2015-03-27 21:45 - 00000963 _____ () C:\Users\Public\Desktop\Steam.lnk2015-03-27 21:45 - 2015-03-27 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam2015-03-24 16:33 - 2015-03-11 00:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2015-03-24 16:33 - 2015-03-11 00:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll2015-03-24 16:33 - 2015-03-11 00:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2015-03-24 16:33 - 2015-03-11 00:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2015-03-24 16:33 - 2015-03-11 00:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2015-03-24 16:33 - 2015-03-11 00:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll2015-03-24 16:33 - 2015-03-11 00:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll2015-03-24 16:33 - 2015-03-11 00:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2015-03-16 20:04 - 2015-03-16 20:03 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2015-03-16 19:56 - 2015-03-18 18:40 - 00000000 ____D () C:\ProgramData\AVAST Software ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-15 01:50 - 2015-02-26 23:00 - 00000000 ____D () C:\FRST2015-04-15 01:40 - 2014-11-17 22:13 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\JuiceCalculator2015-04-15 01:40 - 2013-05-19 00:31 - 00000000 ____D () C:\Users\Joe\AppData\Local\Downloaded Installations2015-04-15 01:27 - 2013-04-24 22:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-04-15 01:21 - 2013-11-15 11:21 - 00639168 _____ () C:\Windows\setupact.log2015-04-15 01:15 - 2014-07-04 01:10 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2048471247-995751312-864157879-1000UA.job2015-04-15 01:15 - 2014-07-04 01:10 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2048471247-995751312-864157879-1000Core.job2015-04-15 01:05 - 2015-03-02 22:19 - 00000000 ____D () C:\ProgramData\Kaspersky Lab2015-04-15 00:31 - 2009-07-14 00:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-04-15 00:31 - 2009-07-14 00:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-04-14 21:35 - 2014-11-17 22:13 - 00000000 ____D () C:\Users\Joe\Documents\JuiceCalculator2015-04-14 20:50 - 2012-11-04 14:15 - 01700493 _____ () C:\Windows\WindowsUpdate.log2015-04-14 20:39 - 2013-01-09 21:49 - 00000000 ____D () C:\Users\Joe\AppData\Local\Adobe2015-04-13 21:12 - 2009-07-14 01:13 - 00823836 _____ () C:\Windows\system32\PerfStringBackup.INI2015-04-13 21:07 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-04-13 21:05 - 2012-11-04 16:03 - 00000000 ____D () C:\Users\Joe\Documents\Outlook Files2015-04-12 09:21 - 2014-08-24 09:57 - 00000000 ____D () C:\Users\Joe\Documents\My Labels2015-04-11 20:58 - 2014-07-19 15:36 - 00000000 ____D () C:\Users\Joe\Documents\EJuice Recipes2015-04-05 08:22 - 2015-03-08 07:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2015-04-04 11:23 - 2015-03-05 22:18 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys2015-04-01 06:06 - 2014-06-01 21:32 - 00000000 ____D () C:\ProgramData\CanonIJPLM2015-04-01 05:39 - 2010-11-20 23:47 - 00833328 _____ () C:\Windows\PFRO.log2015-03-31 23:22 - 2012-11-04 15:28 - 00000000 ____D () C:\Users\Joe\AppData\Local\Google2015-03-31 23:22 - 2012-11-04 15:28 - 00000000 ____D () C:\Program Files (x86)\Google2015-03-31 23:16 - 2014-05-11 22:45 - 00000000 ____D () C:\temp2015-03-31 22:13 - 2012-11-04 14:29 - 00000000 ____D () C:\ProgramData\NVIDIA2015-03-30 22:52 - 2012-11-04 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation2015-03-30 22:52 - 2012-11-04 14:28 - 00000000 ____D () C:\Program Files\NVIDIA Corporation2015-03-30 22:52 - 2012-11-04 14:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation2015-03-27 23:44 - 2014-06-03 22:30 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll2015-03-27 23:44 - 2013-12-01 13:35 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll2015-03-27 23:43 - 2014-06-03 22:30 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll2015-03-27 23:43 - 2013-12-01 13:35 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll2015-03-27 21:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF2015-03-26 05:10 - 2015-03-02 22:19 - 00842440 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys2015-03-26 05:10 - 2014-08-19 13:31 - 00056008 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kldisk.sys2015-03-25 20:18 - 2014-12-11 04:19 - 00000000 ____D () C:\Windows\system32\appraiser2015-03-25 20:18 - 2014-05-06 21:45 - 00000000 ___SD () C:\Windows\system32\CompatTel2015-03-20 21:32 - 2014-06-16 23:13 - 00002785 _____ () C:\Users\Public\Desktop\eJuice Me Up.lnk2015-03-16 23:23 - 2014-05-25 21:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2015-03-16 20:03 - 2014-10-19 09:34 - 00191400 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2015-03-16 20:03 - 2014-10-19 09:34 - 00190888 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2015-03-16 20:03 - 2014-10-19 09:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2015-03-16 20:03 - 2013-05-01 23:14 - 00000000 ____D () C:\Program Files (x86)\Java2015-03-16 20:02 - 2013-04-24 22:46 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-03-16 20:02 - 2013-04-24 22:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-03-16 20:02 - 2013-04-24 22:46 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-03-16 19:30 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD ==================== Files in the root of some directories ======= 2015-02-12 22:54 - 2015-02-12 22:54 - 0000000 _____ () C:\Users\Joe\AppData\Roaming\1E2.tmp2013-04-13 15:25 - 2014-06-01 23:00 - 0000132 _____ () C:\Users\Joe\AppData\Roaming\Adobe BMP Format CS6 Prefs2014-10-28 00:06 - 2014-11-08 08:05 - 0000004 _____ () C:\Users\Joe\AppData\Roaming\appdataFr2.bin2013-05-27 11:23 - 2013-05-27 11:23 - 0000000 _____ () C:\Users\Joe\AppData\Roaming\bitlord_log.txt2014-09-24 07:44 - 2014-09-24 07:44 - 0002258 _____ () C:\Users\Joe\AppData\Local\0E573315C9FE4442A821BB71EE4B9688.Havana Mist Co. 2.lbx2014-08-03 10:16 - 2014-08-03 10:16 - 0001971 _____ () C:\Users\Joe\AppData\Local\63D9F3CACFD242ddBB80203A91870287.Layout2.lbx2014-08-16 03:21 - 2014-08-16 03:21 - 0001962 _____ () C:\Users\Joe\AppData\Local\6C598F6581C64858BEE9D05BCAA5A999.Layout2.lbx2014-08-17 14:48 - 2014-08-17 14:48 - 0001858 _____ () C:\Users\Joe\AppData\Local\7691DFF693A94f8cACC23A02BC50C5BF.Layout1.lbx2013-12-11 00:46 - 2013-12-11 00:46 - 144752885 _____ () C:\Users\Joe\AppData\Local\ACCCx2_2_1_260.zip.aamdownload2013-12-11 00:46 - 2013-12-11 00:46 - 0001817 _____ () C:\Users\Joe\AppData\Local\ACCCx2_2_1_260.zip.aamdownload.aamd2012-11-04 15:53 - 2012-11-04 15:53 - 0004608 _____ () C:\Users\Joe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-08-09 13:32 - 2014-08-09 13:32 - 0001867 _____ () C:\Users\Joe\AppData\Local\E5A3B4C20C0749b28C5529AA8D7201FA.Layout2.lbx2014-05-10 23:25 - 2014-05-10 23:25 - 0000091 _____ () C:\Users\Joe\AppData\Local\fusioncache.dat2013-05-27 11:25 - 2013-05-27 11:25 - 0000218 _____ () C:\Users\Joe\AppData\Local\recently-used.xbel2013-03-03 18:05 - 2014-03-12 20:45 - 0000795 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc2015-02-15 12:46 - 2015-02-15 13:06 - 0010938 _____ () C:\ProgramData\StreamingMediaTechnologyLog.txt Files to move or delete:====================C:\Users\Joe\FRST64.exe Some content of TEMP:====================C:\Users\Joe\AppData\Local\Temp\dllnt_dump.dllC:\Users\Joe\AppData\Local\Temp\Nv3DVisionIePlugin.dllC:\Users\Joe\AppData\Local\Temp\Nv3DVStreaming.dllC:\Users\Joe\AppData\Local\Temp\Nv3DVStreaming64.dllC:\Users\Joe\AppData\Local\Temp\Nv3DVStreamingIePlugin.dllC:\Users\Joe\AppData\Local\Temp\nvSCPAPI.dllC:\Users\Joe\AppData\Local\Temp\nvSCPAPISvr.exeC:\Users\Joe\AppData\Local\Temp\nvStInst.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-14 00:18 ==================== End Of Log ============================ Addition.txtFRST.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted April 15, 2015 ID:955783 Share Posted April 15, 2015 Hello, Can you describe your problem? Link to post Share on other sites More sharing options...
xterling Posted April 15, 2015 Author ID:955786 Share Posted April 15, 2015 Malwarebytes Pro won't install. A couple of weeks back my proxy settings kept changing. I've used various malware removal software and the proxy issue seems to have gone away, but I'm not sure if I'm still infected or not. Thank you for the quick reply! Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted April 15, 2015 ID:955814 Share Posted April 15, 2015 I still see some malware remnants: Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable. Download attached fixlist.txt file and save it to the Desktop: Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!Right-click on icon and select Run as Administrator to start the tool.(XP users click run after receipt of Windows Security Warning - Open File).Press the Fix button just once and wait.If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.When finished FRST will generate a log on the Desktop, called Fixlog.txt.Please post it to your reply. Uninstall outdated Malwarebytes' Anti-Malware Please download MBAM-clean and save it to your desktop.Right-click on mbam-clean.exe icon and select Run as Administrator to start the tool.It will ask you to reboot the machine - please do so.After that follow my next instructions to download & install the newset MBAM version. Scan with Malwarebytes' Anti-Malware Please download Malwarebytes Anti-Malware and save it to your desktop.Install the progam and select update.Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.Click the Scan tab, choose Threat Scan is checked and click Scan Now.If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.Upon completion of the scan (or after the reboot), click the History tab.Click Application Logs and double-click the Scan Log.At the bottom click Export and choose Text file.Save the file to your desktop and include its content in your next reply.fixlist.txt Link to post Share on other sites More sharing options...
xterling Posted April 15, 2015 Author ID:955959 Share Posted April 15, 2015 Hello THE,I've followed all the instructions up to the installation of malwarebytes. It still won't install. I get a "error 5: access is denied". Here is the fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-04-2015 04Ran by Joe at 2015-04-15 19:08:11 Run:1Running from C:\Users\Joe\DesktopLoaded Profiles: Joe (Available profiles: Joe & Studio)Boot Mode: Normal============================================== Content of fixlist:*****************closeprocesses:emptytemp:AlternateDataStreams: C:\ProgramData\TEMP:373E1720AlternateDataStreams: C:\ProgramData\TEMP:5C321E34AlternateDataStreams: C:\ProgramData\TEMP:DDE29E40AlternateDataStreams: C:\Users\Joe\Local Settings:bx63UobVrw27y9ByfJNeAlternateDataStreams: C:\Users\Joe\Local Settings:L0huz7lzlYaeg6DjvFwQrEcGWJP3AlternateDataStreams: C:\Users\Joe\AppData\Local:bx63UobVrw27y9ByfJNeAlternateDataStreams: C:\Users\Joe\AppData\Local:L0huz7lzlYaeg6DjvFwQrEcGWJP3AlternateDataStreams: C:\Users\Joe\AppData\Local\570Fnw0Fptm:vjUtIC2r8tTgzJfDjebAApnAlternateDataStreams: C:\Users\Joe\AppData\Local\Application Data:bx63UobVrw27y9ByfJNeAlternateDataStreams: C:\Users\Joe\AppData\Local\Application Data:L0huz7lzlYaeg6DjvFwQrEcGWJP3AlternateDataStreams: C:\Users\Joe\AppData\Local\HkhbGYK4n:kVbn1JlDo4aLnrJx4FAlternateDataStreams: C:\Users\Joe\AppData\Local\qWAnz1MXRi:Iq6Hke5HtEBRKutWypzGmRS7AlternateDataStreams: C:\Users\Joe\AppData\Local\Temporary Internet Files:0Nw8avmZRVjUWFMDFYwJBZ0Task: {C04ADDCD-F9EE-47EE-93A5-FC67E1A75BE2} - \Jelbrus Secure Web Task No Task File <==== ATTENTIONShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No FileCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONRemoveProxy:ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.ProxyServer: [.DEFAULT] => http=127.0.0.1:63020;https=127.0.0.1:63020HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 0x68007400740070003A002F002F0067006F002E006D006900630072006F0073006F00660074002E0063006F006D002F00660077006C0069006E006B002F0070002F003F004C0069006E006B00490064003D003200350035003100340031000000HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 0x68007400740070003A002F002F0067006F002E006D006900630072006F0073006F00660074002E0063006F006D002F00660077006C0069006E006B002F003F004C0069006E006B00490064003D00350034003800390036000000HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 0x00HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 0x00HKU\S-1-5-21-2048471247-995751312-864157879-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 0x68007400740070003A002F002F0067006F002E006D006900630072006F0073006F00660074002E0063006F006D002F00660077006C0069006E006B002F0070002F003F004C0069006E006B00490064003D003200350035003100340031000000HKU\S-1-5-21-2048471247-995751312-864157879-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = CHR HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Joe\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [cfiifhkkcanjbocdngcinebbnhabiccf] - C:\ProgramData\SaveAs\cfiifhkkcanjbocdngcinebbnhabiccf.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [cikkkfooompgefbcjlgdjejfdknkheaj] - C:\Program Files (x86)\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]CHR HKLM-x32\...\Chrome\Extension: [gpiifgmgnfdiblgpaepbmfdkcheicgof] - C:\Program Files (x86)\Common Files\Spigot\GC\nta_1.0_0.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [jelaaoalhilpjlbbgcgimkdaeebdjbff] - C:\ProgramData\Bcool\jelaaoalhilpjlbbgcgimkdaeebdjbff.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Joe\AppData\Local\Torch\Plugins\TorchPlugin.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Joe\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [Not Found]S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [X] ***************** Processes closed successfully.C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.C:\ProgramData\TEMP => ":DDE29E40" ADS removed successfully."C:\Users\Joe\Local Settings" => ":bx63UobVrw27y9ByfJNe" ADS not found."C:\Users\Joe\Local Settings" => ":L0huz7lzlYaeg6DjvFwQrEcGWJP3" ADS not found.C:\Users\Joe\AppData\Local => ":bx63UobVrw27y9ByfJNe" ADS removed successfully.C:\Users\Joe\AppData\Local => ":L0huz7lzlYaeg6DjvFwQrEcGWJP3" ADS removed successfully.C:\Users\Joe\AppData\Local\570Fnw0Fptm => ":vjUtIC2r8tTgzJfDjebAApn" ADS removed successfully."C:\Users\Joe\AppData\Local\Application Data" => ":bx63UobVrw27y9ByfJNe" ADS not found."C:\Users\Joe\AppData\Local\Application Data" => ":L0huz7lzlYaeg6DjvFwQrEcGWJP3" ADS not found.C:\Users\Joe\AppData\Local\HkhbGYK4n => ":kVbn1JlDo4aLnrJx4F" ADS removed successfully.C:\Users\Joe\AppData\Local\qWAnz1MXRi => ":Iq6Hke5HtEBRKutWypzGmRS7" ADS removed successfully."C:\Users\Joe\AppData\Local\Temporary Internet Files" => ":0Nw8avmZRVjUWFMDFYwJBZ0" ADS not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C04ADDCD-F9EE-47EE-93A5-FC67E1A75BE2}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C04ADDCD-F9EE-47EE-93A5-FC67E1A75BE2}" => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jelbrus Secure Web Task => Key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. ========= RemoveProxy: ========= HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully. ========= End of RemoveProxy: ========= HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value not found.HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.HKU\S-1-5-21-2048471247-995751312-864157879-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.HKU\S-1-5-21-2048471247-995751312-864157879-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value deleted successfully.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully."HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. "HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. "HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{50CFB8A2-79FC-4820-8DED-40C33706E0D8}" => Key deleted successfully.HKCR\CLSID\{50CFB8A2-79FC-4820-8DED-40C33706E0D8} => Key not found. "HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{522AFA45-0CC5-45E8-BB1E-25CEA66CED17}" => Key deleted successfully.HKCR\CLSID\{522AFA45-0CC5-45E8-BB1E-25CEA66CED17} => Key not found. "HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5EA2073B-62FB-4125-9862-0E2C52673205}" => Key deleted successfully.HKCR\CLSID\{5EA2073B-62FB-4125-9862-0E2C52673205} => Key not found. C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\gce51ng1.default\user.js => Moved successfully."HKLM\SOFTWARE\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully."HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\Google\Chrome\Extensions\oajgghejjpgkmpgbchgjieahoefimdle" => Key deleted successfully."HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cfiifhkkcanjbocdngcinebbnhabiccf" => Key deleted successfully."HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cikkkfooompgefbcjlgdjejfdknkheaj" => Key deleted successfully."HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully."HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gpiifgmgnfdiblgpaepbmfdkcheicgof" => Key deleted successfully."HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jelaaoalhilpjlbbgcgimkdaeebdjbff" => Key deleted successfully."HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof" => Key deleted successfully."HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oajgghejjpgkmpgbchgjieahoefimdle" => Key deleted successfully.SBSDWSCService => Service deleted successfully.EmptyTemp: => Removed 1.9 GB temporary data. The system needed a reboot. ==== End of Fixlog 19:08:24 ==== Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted April 16, 2015 ID:956010 Share Posted April 16, 2015 I think I know what is the problem, but before we take some radical steps, let's try this: Uninstall outdated Malwarebytes' Anti-Malware Please download MBAM-clean and save it to your desktop.Right-click on mbam-clean.exe icon and select Run as Administrator to start the tool.It will ask you to reboot the machine - please do so.After that follow my next instructions to download & install the newset MBAM version. Scan with Malwarebytes' Anti-Malware Please download Malwarebytes Anti-Malware and save it to your desktop.Install the progam and select update.Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.Click the Scan tab, choose Threat Scan is checked and click Scan Now.If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.Upon completion of the scan (or after the reboot), click the History tab.Click Application Logs and double-click the Scan Log.At the bottom click Export and choose Text file.Save the file to your desktop and include its content in your next reply. Link to post Share on other sites More sharing options...
xterling Posted April 16, 2015 Author ID:956045 Share Posted April 16, 2015 Re-did those steps again. Still not able to install Malwarebytes. Still getting the same error. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted April 16, 2015 ID:956117 Share Posted April 16, 2015 Please download Farbar Recovery Scan Tool x64 and save it to a flash drive.Plug the flashdrive into the infected PC.Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computerFollow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.In the Choose Recovery Tool menu select Command Prompt.You will see a big black window with a blinking cursor (command prompt). Access the notepad and identify your USB drive In the Command Prompt please type in:notepadand press Enter.When the notepad opens, go to File menu.Select Open.Go to Computer and search there for your USB drive letter.Note down the letter and close the notepad. Scan with Farbar Recovery Scan Tool Once back in the command prompt window, please do the following:Type in e:\frst64.exe and press Enter.You need to replace e with the letter of your USB drive taken from notepad!FRST will start to run. Give him a minute or so to load itself.Click Yes to Disclaimer.In the main console, please click Scan and wait.When finished it will produce a logfile named FRST.txt in the root of your pendrive and display it. Close that logfile. Transfer it to your clean machine and include it in your next reply. Link to post Share on other sites More sharing options...
xterling Posted April 18, 2015 Author ID:956447 Share Posted April 18, 2015 Sorry for the delay, I needed to procure a 'clean machine'... Here's the log:Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04Ran by SYSTEM on MININT-6NENMLC on 17-04-2015 19:54:52Running from I:\Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Recovery The current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)HKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStartHKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-27] (NVIDIA Corporation)HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557984 2014-08-26] (Adobe Systems Incorporated)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)HKLM-x32\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2711576 2014-10-03] (Sony Corporation)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1679360 2012-02-28] (Wondershare)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)HKU\Joe\...\Run: [spybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeHKU\Joe\...\Run: [Google Update] => C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-03] (Google Inc.)HKU\Joe\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-13] (Valve Corporation)HKU\Joe\...\Run: [GoogleChromeAutoLaunch_D08BC2BD8F1B6BE4ACC60C8748C6E102] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)HKU\Joe\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnkShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)Startup: C:\Users\Studio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.6.lnkShortcutTarget: Intel® Turbo Boost Technology Monitor 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation) ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2015-01-30] (Adobe Systems Incorporated)S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)S2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-27] (NVIDIA Corporation)S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-27] ()S2 MSSQL$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation)S3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-27] (NVIDIA Corporation)S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-27] (NVIDIA Corporation)S2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [485400 2014-10-03] (Sony Corporation)S2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-02-25] (Enigma Software Group USA, LLC.)S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)S2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2014-10-24] (Enigma Software Group USA, LLC.)S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2014-10-24] ()S3 evserial; C:\Windows\System32\DRIVERS\evserial.sys [67072 2008-05-19] (ELTIMA Software)S3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25752 2012-05-16] ()S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)S2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [56008 2015-03-26] (Kaspersky Lab ZAO)S3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [151240 2014-11-28] (Kaspersky Lab ZAO)S1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [245960 2014-10-22] (Kaspersky Lab ZAO)S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [842440 2015-03-26] (Kaspersky Lab ZAO)S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30920 2014-10-10] (Kaspersky Lab ZAO)S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [30920 2014-10-30] (Kaspersky Lab ZAO)S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [57032 2014-10-09] (Kaspersky Lab ZAO)S1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77000 2014-11-22] (Kaspersky Lab ZAO)S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [181960 2014-11-10] (Kaspersky Lab ZAO)S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2013-03-14] (http://libusb-win32.sourceforge.net) S3 MBOXPRO; C:\Windows\System32\DRIVERS\AvidMboxPro.sys [436528 2012-02-23] (Avid)S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-27] (NVIDIA Corporation)S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)S0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)S3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-15] ()S3 VSBC; C:\Windows\System32\DRIVERS\evsbc.sys [32768 2008-05-19] (ELTIMA Software)S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2014-07-31] (Wondershare) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-15 17:39 - 2015-04-15 17:39 - 00002029 _____ () C:\Users\Public\Desktop\H&R Block 2014.lnk2015-04-15 17:39 - 2015-04-15 17:39 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\TaxCut2015-04-15 17:38 - 2015-04-15 17:52 - 00000000 ____D () C:\Users\Joe\Documents\HRBlock2015-04-15 17:38 - 2015-04-15 17:38 - 00000000 ____D () C:\ProgramData\TaxCut2015-04-15 17:38 - 2015-04-15 17:38 - 00000000 ____D () C:\Program Files (x86)\PDF9952015-04-15 17:38 - 2015-04-15 17:38 - 00000000 ____D () C:\Program Files (x86)\HRBlock20142015-04-15 15:17 - 2015-04-15 15:17 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Joe\Desktop\mbam-clean-2.1.1.1001.exe2015-04-15 15:08 - 2015-04-15 15:08 - 00000000 ____D () C:\Users\Joe\Desktop\FRST-OlderVersion2015-04-15 03:19 - 2015-04-01 16:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll2015-04-15 03:19 - 2015-04-01 15:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2015-04-15 03:19 - 2015-03-24 19:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll2015-04-15 03:19 - 2015-03-24 19:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll2015-04-15 03:19 - 2015-03-24 19:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll2015-04-15 03:19 - 2015-03-24 19:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll2015-04-15 03:19 - 2015-03-24 19:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll2015-04-15 03:19 - 2015-03-24 19:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\WinSetupUI.dll2015-04-15 03:19 - 2015-03-24 19:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll2015-04-15 03:19 - 2015-03-24 19:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll2015-04-15 03:19 - 2015-03-24 19:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe2015-04-15 03:19 - 2015-03-24 19:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe2015-04-15 03:19 - 2015-03-24 19:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\wu.upgrade.ps.dll2015-04-15 03:19 - 2015-03-24 19:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2015-04-15 03:19 - 2015-03-24 19:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2015-04-15 03:19 - 2015-03-24 19:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2015-04-15 03:19 - 2015-03-24 19:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2015-04-15 03:19 - 2015-03-24 19:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll2015-04-15 03:19 - 2015-03-22 19:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll2015-04-15 03:19 - 2015-03-22 19:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll2015-04-15 03:19 - 2015-03-22 19:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll2015-04-15 03:19 - 2015-03-22 19:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll2015-04-15 03:19 - 2015-03-22 19:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll2015-04-15 03:19 - 2015-03-22 19:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll2015-04-15 03:19 - 2015-03-22 19:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll2015-04-15 03:19 - 2015-03-22 19:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll2015-04-15 03:19 - 2015-03-16 21:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe2015-04-15 03:19 - 2015-03-16 21:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys2015-04-15 03:19 - 2015-03-16 21:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys2015-04-15 03:19 - 2015-03-16 21:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll2015-04-15 03:19 - 2015-03-16 21:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll2015-04-15 03:19 - 2015-03-16 21:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll2015-04-15 03:19 - 2015-03-16 21:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll2015-04-15 03:19 - 2015-03-16 21:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll2015-04-15 03:19 - 2015-03-16 21:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe2015-04-15 03:19 - 2015-03-16 21:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe2015-04-15 03:19 - 2015-03-16 21:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll2015-04-15 03:19 - 2015-03-16 21:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe2015-04-15 03:19 - 2015-03-16 21:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe2015-04-15 03:19 - 2015-03-16 21:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe2015-04-15 03:19 - 2015-03-16 21:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll2015-04-15 03:19 - 2015-03-16 21:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2015-04-15 03:19 - 2015-03-16 21:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2015-04-15 03:19 - 2015-03-16 20:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2015-04-15 03:19 - 2015-03-16 20:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2015-04-15 03:19 - 2015-03-16 20:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2015-04-15 03:19 - 2015-03-16 20:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2015-04-15 03:19 - 2015-03-16 20:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2015-04-15 03:19 - 2015-03-16 20:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2015-04-15 03:19 - 2015-03-16 20:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2015-04-15 03:19 - 2015-03-16 20:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2015-04-15 03:19 - 2015-03-16 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2015-04-15 03:19 - 2015-03-16 20:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2015-04-15 03:19 - 2015-03-16 20:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2015-04-15 03:19 - 2015-03-16 20:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2015-04-15 03:19 - 2015-03-16 20:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2015-04-15 03:19 - 2015-03-16 20:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe2015-04-15 03:19 - 2015-03-16 20:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2015-04-15 03:19 - 2015-03-16 20:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2015-04-15 03:19 - 2015-03-16 20:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2015-04-15 03:19 - 2015-03-16 20:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2015-04-15 03:19 - 2015-03-16 20:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 19:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2015-04-15 03:19 - 2015-03-16 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2015-04-15 03:19 - 2015-03-16 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2015-04-15 03:19 - 2015-03-12 20:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2015-04-15 03:19 - 2015-03-12 20:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll2015-04-15 03:19 - 2015-03-12 20:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll2015-04-15 03:19 - 2015-03-12 20:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll2015-04-15 03:19 - 2015-03-12 20:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\System32\html.iec2015-04-15 03:19 - 2015-03-12 20:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll2015-04-15 03:19 - 2015-03-12 20:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll2015-04-15 03:19 - 2015-03-12 20:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2015-04-15 03:19 - 2015-03-12 19:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll2015-04-15 03:19 - 2015-03-12 19:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll2015-04-15 03:19 - 2015-03-12 19:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2015-04-15 03:19 - 2015-03-12 19:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe2015-04-15 03:19 - 2015-03-12 19:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll2015-04-15 03:19 - 2015-03-12 19:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll2015-04-15 03:19 - 2015-03-12 19:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe2015-04-15 03:19 - 2015-03-12 19:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-04-15 03:19 - 2015-03-12 19:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2015-04-15 03:19 - 2015-03-12 19:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll2015-04-15 03:19 - 2015-03-12 19:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll2015-04-15 03:19 - 2015-03-12 19:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-04-15 03:19 - 2015-03-12 19:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2015-04-15 03:19 - 2015-03-12 19:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2015-04-15 03:19 - 2015-03-12 19:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2015-04-15 03:19 - 2015-03-12 19:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2015-04-15 03:19 - 2015-03-12 19:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2015-04-15 03:19 - 2015-03-12 19:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll2015-04-15 03:19 - 2015-03-12 19:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-04-15 03:19 - 2015-03-12 19:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2015-04-15 03:19 - 2015-03-12 19:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2015-04-15 03:19 - 2015-03-12 19:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2015-04-15 03:19 - 2015-03-12 19:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2015-04-15 03:19 - 2015-03-12 19:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2015-04-15 03:19 - 2015-03-12 19:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2015-04-15 03:19 - 2015-03-12 19:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2015-04-15 03:19 - 2015-03-12 19:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2015-04-15 03:19 - 2015-03-12 19:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2015-04-15 03:19 - 2015-03-12 19:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll2015-04-15 03:19 - 2015-03-12 19:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2015-04-15 03:19 - 2015-03-12 19:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll2015-04-15 03:19 - 2015-03-12 18:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2015-04-15 03:19 - 2015-03-12 18:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2015-04-15 03:19 - 2015-03-12 18:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2015-04-15 03:19 - 2015-03-12 18:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-04-15 03:19 - 2015-03-12 18:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll2015-04-15 03:19 - 2015-03-12 18:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-04-15 03:19 - 2015-03-12 18:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-04-15 03:19 - 2015-03-12 18:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2015-04-15 03:19 - 2015-03-12 18:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-04-15 03:19 - 2015-03-12 18:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll2015-04-15 03:19 - 2015-03-12 18:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll2015-04-15 03:19 - 2015-03-12 18:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-04-15 03:19 - 2015-03-12 18:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-04-15 03:19 - 2015-03-12 18:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2015-04-15 03:19 - 2015-03-09 19:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll2015-04-15 03:19 - 2015-03-09 19:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll2015-04-15 03:19 - 2015-03-09 19:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2015-04-15 03:19 - 2015-03-09 19:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll2015-04-15 03:19 - 2015-03-04 21:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll2015-04-15 03:19 - 2015-03-04 20:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll2015-04-15 03:19 - 2015-02-24 19:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys2015-04-15 03:18 - 2015-03-12 20:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll2015-04-15 03:18 - 2015-03-12 20:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll2015-04-15 03:18 - 2015-03-12 19:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll2015-04-15 03:18 - 2015-03-03 20:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\System32\clfs.sys2015-04-15 03:18 - 2015-03-03 20:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\System32\clfsw32.dll2015-04-15 03:18 - 2015-03-03 20:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll2015-04-14 21:56 - 2015-04-14 21:56 - 21541880 _____ (Malwarebytes Corporation ) C:\Users\Joe\Desktop\MBPro.exe2015-04-14 21:50 - 2015-04-15 15:08 - 02097664 _____ (Farbar) C:\Users\Joe\Desktop\FRST64.exe2015-04-14 21:50 - 2015-04-14 21:50 - 00045135 _____ () C:\Users\Joe\Desktop\FRST.txt2015-04-14 21:50 - 2015-04-14 21:50 - 00041654 _____ () C:\Users\Joe\Desktop\Addition.txt2015-04-14 21:45 - 2015-04-14 21:45 - 00000000 ____D () C:\Users\Joe\AppData\Local\FileMaintenance2015-04-14 21:40 - 2015-04-14 21:40 - 00002615 _____ () C:\Users\Public\Desktop\JuiceCalculator.lnk2015-04-14 21:40 - 2015-04-14 21:40 - 00000000 ____D () C:\Program Files (x86)\EJuiceCalculator2015-04-14 16:39 - 2015-04-14 16:39 - 00000000 ____D () C:\Users\Joe\AppData\Local\openvr2015-04-04 23:00 - 2015-04-04 23:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX2015-04-04 23:00 - 2015-04-04 23:00 - 00000000 ___SD () C:\Windows\System32\GWX2015-03-31 19:21 - 2015-04-17 03:17 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-03-31 19:21 - 2015-04-17 02:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-03-31 19:21 - 2015-04-15 15:12 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-03-31 19:21 - 2015-04-15 15:12 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-03-30 18:51 - 2015-03-13 11:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll2015-03-30 18:51 - 2015-03-13 11:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll2015-03-30 18:51 - 2015-03-13 11:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll2015-03-30 18:51 - 2015-03-13 11:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll2015-03-30 18:51 - 2015-03-13 11:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll2015-03-30 18:51 - 2015-03-13 11:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll2015-03-30 18:51 - 2015-03-13 11:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll2015-03-30 18:51 - 2015-03-13 11:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll2015-03-30 18:51 - 2015-03-13 11:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll2015-03-30 18:51 - 2015-03-13 11:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys2015-03-30 18:51 - 2015-03-13 11:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll2015-03-30 18:51 - 2015-03-13 11:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll2015-03-30 18:51 - 2015-03-13 11:41 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll2015-03-30 18:51 - 2015-03-13 11:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6434788.dll2015-03-30 18:51 - 2015-03-13 11:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6434788.dll2015-03-30 18:51 - 2015-03-13 11:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll2015-03-30 18:51 - 2015-03-13 11:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll2015-03-30 18:51 - 2015-03-13 11:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll2015-03-30 18:51 - 2015-03-13 11:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll2015-03-30 18:51 - 2015-03-13 11:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll2015-03-30 18:51 - 2015-03-13 11:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll2015-03-30 18:51 - 2015-03-13 11:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll2015-03-30 18:51 - 2015-03-13 11:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll2015-03-30 18:51 - 2015-03-13 11:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll2015-03-30 18:51 - 2015-03-13 11:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll2015-03-29 08:16 - 2015-03-29 08:16 - 00001754 _____ () C:\Users\Joe\Desktop\Black Mesa.lnk2015-03-27 17:45 - 2015-04-17 02:37 - 00000000 ____D () C:\Program Files (x86)\Steam2015-03-27 17:45 - 2015-03-27 17:45 - 00000963 _____ () C:\Users\Public\Desktop\Steam.lnk ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-17 19:54 - 2015-02-26 19:00 - 00000000 ____D () C:\FRST2015-04-17 03:31 - 2012-11-04 10:15 - 01171139 _____ () C:\Windows\WindowsUpdate.log2015-04-17 03:27 - 2013-04-24 18:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-04-17 03:19 - 2014-07-03 21:10 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2048471247-995751312-864157879-1000UA.job2015-04-17 03:07 - 2015-03-02 18:19 - 00000000 ____D () C:\ProgramData\Kaspersky Lab2015-04-17 01:52 - 2013-11-15 07:21 - 00648016 _____ () C:\Windows\setupact.log2015-04-16 23:56 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache2015-04-16 23:27 - 2009-07-13 20:45 - 00027568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-04-16 23:27 - 2009-07-13 20:45 - 00027568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-04-16 23:26 - 2009-07-13 21:13 - 00823836 _____ () C:\Windows\System32\PerfStringBackup.INI2015-04-16 23:19 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-04-16 23:18 - 2014-12-11 00:19 - 00000000 ____D () C:\Windows\System32\appraiser2015-04-16 23:18 - 2014-05-06 17:45 - 00000000 ___SD () C:\Windows\System32\CompatTel2015-04-16 23:03 - 2013-04-22 15:08 - 00815958 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI2015-04-16 23:03 - 2012-11-04 11:55 - 00000000 ____D () C:\ProgramData\Microsoft Help2015-04-16 23:02 - 2009-07-13 18:34 - 00000580 _____ () C:\Windows\win.ini2015-04-16 22:00 - 2013-01-09 17:49 - 00000000 ____D () C:\Users\Joe\AppData\Local\Adobe2015-04-16 15:19 - 2014-07-03 21:10 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2048471247-995751312-864157879-1000Core.job2015-04-16 03:07 - 2010-11-20 19:47 - 00878236 _____ () C:\Windows\PFRO.log2015-04-16 03:04 - 2012-11-04 11:27 - 00106944 _____ () C:\Users\Joe\AppData\Local\GDIPFONTCACHEV1.DAT2015-04-15 18:43 - 2009-07-13 20:45 - 05015072 _____ () C:\Windows\System32\FNTCACHE.DAT2015-04-15 17:29 - 2014-11-17 18:13 - 00000000 ____D () C:\Users\Joe\Documents\JuiceCalculator2015-04-15 15:53 - 2015-03-05 18:18 - 00035064 _____ () C:\Windows\System32\Drivers\TrueSight.sys2015-04-15 15:20 - 2012-11-04 11:28 - 00000000 ____D () C:\Users\Joe\AppData\Local\Google2015-04-15 15:14 - 2014-07-03 21:10 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2048471247-995751312-864157879-1000UA2015-04-15 15:14 - 2014-07-03 21:10 - 00003470 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2048471247-995751312-864157879-1000Core2015-04-15 15:05 - 2012-11-04 12:03 - 00000000 ____D () C:\Users\Joe\Documents\Outlook Files2015-04-15 05:27 - 2013-04-24 18:46 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-04-15 05:27 - 2013-04-24 18:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-04-15 05:27 - 2013-04-24 18:46 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-04-14 21:40 - 2014-11-17 18:13 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\JuiceCalculator2015-04-14 21:40 - 2013-05-18 20:31 - 00000000 ____D () C:\Users\Joe\AppData\Local\Downloaded Installations2015-04-12 05:21 - 2014-08-24 05:57 - 00000000 ____D () C:\Users\Joe\Documents\My Labels2015-04-11 16:58 - 2014-07-19 11:36 - 00000000 ____D () C:\Users\Joe\Documents\EJuice Recipes2015-04-05 04:22 - 2015-03-08 03:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2015-04-01 02:06 - 2014-06-01 17:32 - 00000000 ____D () C:\ProgramData\CanonIJPLM2015-03-31 19:22 - 2012-11-04 11:28 - 00000000 ____D () C:\Program Files (x86)\Google2015-03-31 19:16 - 2014-05-11 18:45 - 00000000 ____D () C:\temp2015-03-31 18:13 - 2012-11-04 10:29 - 00000000 ____D () C:\ProgramData\NVIDIA2015-03-30 18:52 - 2012-11-04 10:28 - 00000000 ____D () C:\Program Files\NVIDIA Corporation2015-03-30 18:52 - 2012-11-04 10:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation2015-03-27 19:44 - 2014-06-03 18:30 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll2015-03-27 19:44 - 2013-12-01 09:35 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll2015-03-27 19:43 - 2014-06-03 18:30 - 01756424 _____ (NVIDIA Corporation) C:\Windows\System32\nvspbridge64.dll2015-03-27 19:43 - 2013-12-01 09:35 - 01570672 _____ (NVIDIA Corporation) C:\Windows\System32\nvspcap64.dll2015-03-27 17:31 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF2015-03-26 01:10 - 2015-03-02 18:19 - 00842440 _____ (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klif.sys2015-03-26 01:10 - 2014-08-19 09:31 - 00056008 _____ (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kldisk.sys2015-03-20 17:32 - 2014-06-16 19:13 - 00002785 _____ () C:\Users\Public\Desktop\eJuice Me Up.lnk2015-03-18 14:40 - 2015-03-16 15:56 - 00000000 ____D () C:\ProgramData\AVAST Software Files to move or delete:====================C:\Users\Joe\FRST64.exe Some content of TEMP:====================C:\Users\Joe\AppData\Local\Temp\dllnt_dump.dll ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= Restore point made on: 2015-04-04 23:00:22Restore point made on: 2015-04-10 01:24:45Restore point made on: 2015-04-14 01:09:20Restore point made on: 2015-04-14 21:40:26Restore point made on: 2015-04-15 17:38:45Restore point made on: 2015-04-16 23:00:21 ==================== Memory info =========================== Percentage of memory in use: 7%Total physical RAM: 16358.46 MBAvailable physical RAM: 15131.09 MBTotal Pagefile: 16356.66 MBAvailable Pagefile: 15124.76 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.89 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.02 GB) (Free:719.89 GB) NTFSDrive d: (Data HDD) (Fixed) (Total:1397.26 GB) (Free:843.36 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive e: (SSD) (Fixed) (Total:223.57 GB) (Free:223.44 GB) NTFSDrive i: (MALWAREBYTE) (Removable) (Total:1.86 GB) (Free:1.86 GB) FATDrive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFSDrive y: (SYSTEM) (Fixed) (Total:0.49 GB) (Free:0.24 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7D123E89)Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: B5E47E0B)Partition 1: (Active) - (Size=1397.3 GB) - (Type=07 NTFS) ========================================================Disk: 2 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 36CBC858)Partition 1: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS) ========================================================Disk: 4 (Size: 1.9 GB) (Disk ID: 6F20736B)No partition Table on disk 4.Disk 4 is a removable device. LastRegBack: 2015-04-13 20:18 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted April 18, 2015 ID:956520 Share Posted April 18, 2015 I am not seeing something that could block MalwareBytes from installing. Can you disable Kaspersky and then try to install MalwareBytes? Link to post Share on other sites More sharing options...
xterling Posted April 18, 2015 Author ID:956534 Share Posted April 18, 2015 Disabling Kapersky worked! Here is the Malwarebytes scan log: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 4/18/2015Scan Time: 6:12:55 AMLogfile: Scan Log.txtAdministrator: Yes Version: 2.01.4.1018Malware Database: v2015.04.18.01Rootkit Database: v2015.03.31.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Joe Scan Type: Threat ScanResult: CompletedObjects Scanned: 470711Time Elapsed: 6 min, 29 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 5PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [0aff84eaa0eaa195600e341273927789], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [92774628820833032e3f61e517eed22e], PUP.Optional.GenericAddon.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\GenericAddon, Quarantined, [94751c52cac0e74f399a4b95ca3938c8], PUP.Optional.GenericAddon.A, HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\APPDATALOW\SOFTWARE\GenericAddon, Quarantined, [61a83f2f0a8003333d965c84f31004fc], PUP.Optional.VideoPerformer.A, HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\PERFORMERSOFT LLC\Video Performer, Quarantined, [9673333bec9edb5b3db737b363a0c937], Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 13PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnkhknblpbolmcdhmflicaflhefdmbn\1.0_0, Quarantined, [8881ea84741653e3662c430f30d5b848], PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnkhknblpbolmcdhmflicaflhefdmbn, Quarantined, [8881ea84741653e3662c430f30d5b848], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\246, Quarantined, [60a9046a2169181ea7eb331f46bff010], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc, Quarantined, [60a9046a2169181ea7eb331f46bff010], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddehdnnhjimbggeeenghijehnpakijod\120, Quarantined, [2ddc4c2229618da9682a3220b74e748c], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddehdnnhjimbggeeenghijehnpakijod, Quarantined, [2ddc4c2229618da9682a3220b74e748c], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpnkndcjocnjgdbjdjhimgnjfmighjf\237, Quarantined, [ad5c72fced9d5ed8425071e10afb1ae6], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpnkndcjocnjgdbjdjhimgnjfmighjf, Quarantined, [ad5c72fced9d5ed8425071e10afb1ae6], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\infbohjcpbljfmnimjodijobdhjfijnp\245, Quarantined, [fa0fea848dfd3600dab855fd12f3a060], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\infbohjcpbljfmnimjodijobdhjfijnp, Quarantined, [fa0fea848dfd3600dab855fd12f3a060], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lclbbneapfiaihigbkalcoophalpbapl\168, Quarantined, [64a5b8b6107a9d990e84ed654db85ea2], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lclbbneapfiaihigbkalcoophalpbapl, Quarantined, [64a5b8b6107a9d990e84ed654db85ea2], PUP.Optional.MultiPlug, C:\ProgramData\dipclmbkdjgcbbbpmlilhibggmibdbgj, Quarantined, [7990b6b8d7b37cbaf6f0381b4db89f61], Files: 38PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, Quarantined, [9a6f7bf35832ff377cf5d07653b27c84], PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnkhknblpbolmcdhmflicaflhefdmbn\1.0_0\lsdb.js, Quarantined, [8881ea84741653e3662c430f30d5b848], PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnkhknblpbolmcdhmflicaflhefdmbn\1.0_0\background.html, Quarantined, [8881ea84741653e3662c430f30d5b848], PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnkhknblpbolmcdhmflicaflhefdmbn\1.0_0\indexeddb.js, Quarantined, [8881ea84741653e3662c430f30d5b848], PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnkhknblpbolmcdhmflicaflhefdmbn\1.0_0\jquery.js, Quarantined, [8881ea84741653e3662c430f30d5b848], PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnkhknblpbolmcdhmflicaflhefdmbn\1.0_0\manifest.json, Quarantined, [8881ea84741653e3662c430f30d5b848], PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnkhknblpbolmcdhmflicaflhefdmbn\1.0_0\sqlite.js, Quarantined, [8881ea84741653e3662c430f30d5b848], PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnkhknblpbolmcdhmflicaflhefdmbn\1.0_0\worker.js, Quarantined, [8881ea84741653e3662c430f30d5b848], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\246\lsdb.js, Quarantined, [60a9046a2169181ea7eb331f46bff010], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\246\b.js, Quarantined, [60a9046a2169181ea7eb331f46bff010], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\246\background.html, Quarantined, [60a9046a2169181ea7eb331f46bff010], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\246\content.js, Quarantined, [60a9046a2169181ea7eb331f46bff010], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\246\DWbQCg7g4w.js, Quarantined, [60a9046a2169181ea7eb331f46bff010], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\246\manifest.json, Quarantined, [60a9046a2169181ea7eb331f46bff010], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddehdnnhjimbggeeenghijehnpakijod\120\lsdb.js, Quarantined, [2ddc4c2229618da9682a3220b74e748c], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddehdnnhjimbggeeenghijehnpakijod\120\background.html, Quarantined, [2ddc4c2229618da9682a3220b74e748c], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddehdnnhjimbggeeenghijehnpakijod\120\content.js, Quarantined, [2ddc4c2229618da9682a3220b74e748c], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddehdnnhjimbggeeenghijehnpakijod\120\manifest.json, Quarantined, [2ddc4c2229618da9682a3220b74e748c], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpnkndcjocnjgdbjdjhimgnjfmighjf\237\lsdb.js, Quarantined, [ad5c72fced9d5ed8425071e10afb1ae6], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpnkndcjocnjgdbjdjhimgnjfmighjf\237\background.html, Quarantined, [ad5c72fced9d5ed8425071e10afb1ae6], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpnkndcjocnjgdbjdjhimgnjfmighjf\237\content.js, Quarantined, [ad5c72fced9d5ed8425071e10afb1ae6], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpnkndcjocnjgdbjdjhimgnjfmighjf\237\manifest.json, Quarantined, [ad5c72fced9d5ed8425071e10afb1ae6], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\infbohjcpbljfmnimjodijobdhjfijnp\245\lsdb.js, Quarantined, [fa0fea848dfd3600dab855fd12f3a060], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\infbohjcpbljfmnimjodijobdhjfijnp\245\background.html, Quarantined, [fa0fea848dfd3600dab855fd12f3a060], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\infbohjcpbljfmnimjodijobdhjfijnp\245\content.js, Quarantined, [fa0fea848dfd3600dab855fd12f3a060], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\infbohjcpbljfmnimjodijobdhjfijnp\245\jTL.js, Quarantined, [fa0fea848dfd3600dab855fd12f3a060], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\infbohjcpbljfmnimjodijobdhjfijnp\245\manifest.json, Quarantined, [fa0fea848dfd3600dab855fd12f3a060], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\infbohjcpbljfmnimjodijobdhjfijnp\245\Yfgl.js, Quarantined, [fa0fea848dfd3600dab855fd12f3a060], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lclbbneapfiaihigbkalcoophalpbapl\168\lsdb.js, Quarantined, [64a5b8b6107a9d990e84ed654db85ea2], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lclbbneapfiaihigbkalcoophalpbapl\168\background.html, Quarantined, [64a5b8b6107a9d990e84ed654db85ea2], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lclbbneapfiaihigbkalcoophalpbapl\168\content.js, Quarantined, [64a5b8b6107a9d990e84ed654db85ea2], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lclbbneapfiaihigbkalcoophalpbapl\168\manifest.json, Quarantined, [64a5b8b6107a9d990e84ed654db85ea2], PUP.Optional.MultiPlug, C:\ProgramData\dipclmbkdjgcbbbpmlilhibggmibdbgj\lsdb.js, Quarantined, [7990b6b8d7b37cbaf6f0381b4db89f61], PUP.Optional.MultiPlug, C:\ProgramData\dipclmbkdjgcbbbpmlilhibggmibdbgj\background.html, Quarantined, [7990b6b8d7b37cbaf6f0381b4db89f61], PUP.Optional.MultiPlug, C:\ProgramData\dipclmbkdjgcbbbpmlilhibggmibdbgj\BoCdOmJxnP.js, Quarantined, [7990b6b8d7b37cbaf6f0381b4db89f61], PUP.Optional.MultiPlug, C:\ProgramData\dipclmbkdjgcbbbpmlilhibggmibdbgj\content.js, Quarantined, [7990b6b8d7b37cbaf6f0381b4db89f61], PUP.Optional.MultiPlug, C:\ProgramData\dipclmbkdjgcbbbpmlilhibggmibdbgj\EDa4owsa.js, Quarantined, [7990b6b8d7b37cbaf6f0381b4db89f61], PUP.Optional.MultiPlug, C:\ProgramData\dipclmbkdjgcbbbpmlilhibggmibdbgj\manifest.json, Quarantined, [7990b6b8d7b37cbaf6f0381b4db89f61], Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted April 18, 2015 ID:956535 Share Posted April 18, 2015 Excellent. Is everything fine, PC is clean now. Link to post Share on other sites More sharing options...
xterling Posted April 18, 2015 Author ID:956536 Share Posted April 18, 2015 THE you're the man!! Thank you for everything. You're doing God's work my brother! Lol... I will most definitely donate to you... Have a great weekend. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted April 18, 2015 ID:956537 Share Posted April 18, 2015 Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself Recommended reading: MUST READ - security tips:Computer Security - a short guide to staying safer online.Simple and easy ways to keep your computer safe and secure on the InternetHow Malware Spreads - How did I get infectedMUST READ - general maintenance:What to do if your Computer is running slowly?The Importance of Software Updating: In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running. Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.How to configure and use Automatic Updates in WindowsHow to update JavaHow to update Adobe ReaderRecommended additional software: CCleaner - to clean unneeded temporary files.Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.McShield - to prevent infections spread by removable media.Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.Adblock - to surf the web without annoying ads! Post-cleanup procedures: Download DelFix by Xplode and save it to your desktop.Run the tool by right click on the icon and Run as administrator option.Make sure that these ones are checked:Remove disinfection toolsPurge system restoreReset system settingsPush Run.The program will run for a few seconds and display a notepad report. You do not need to attach it.The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFixTool deletes old system restore points and create a fresh system restore point after cleaning. My help is free for everybody.If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: Thank you! Stay safe,TwinHeadedEagle Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 21, 2015 Root Admin ID:957084 Share Posted April 21, 2015 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts