xterling

Members

View Profile See their activity

Posts
8
Joined
April 15, 2015
Last visited
April 20, 2015

Reputation

0 Neutral

Please help

xterling replied to xterling's topic in Resolved Malware Removal Logs

THE you're the man!! Thank you for everything. You're doing God's work my brother! Lol... I will most definitely donate to you... Have a great weekend.
- April 18, 2015
- 14 replies
Please help

xterling replied to xterling's topic in Resolved Malware Removal Logs

Disabling Kapersky worked! Here is the Malwarebytes scan log: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 4/18/2015Scan Time: 6:12:55 AMLogfile: Scan Log.txtAdministrator: Yes Version: 2.01.4.1018Malware Database: v2015.04.18.01Rootkit Database: v2015.03.31.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Joe Scan Type: Threat ScanResult: CompletedObjects Scanned: 470711Time Elapsed: 6 min, 29 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 5PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [0aff84eaa0eaa195600e341273927789], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [92774628820833032e3f61e517eed22e], PUP.Optional.GenericAddon.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\GenericAddon, Quarantined, [94751c52cac0e74f399a4b95ca3938c8], PUP.Optional.GenericAddon.A, HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\APPDATALOW\SOFTWARE\GenericAddon, Quarantined, [61a83f2f0a8003333d965c84f31004fc], PUP.Optional.VideoPerformer.A, HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\PERFORMERSOFT LLC\Video Performer, Quarantined, [9673333bec9edb5b3db737b363a0c937], Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 13PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnkhknblpbolmcdhmflicaflhefdmbn\1.0_0, Quarantined, [8881ea84741653e3662c430f30d5b848], PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnkhknblpbolmcdhmflicaflhefdmbn, Quarantined, [8881ea84741653e3662c430f30d5b848], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\246, Quarantined, [60a9046a2169181ea7eb331f46bff010], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc, Quarantined, [60a9046a2169181ea7eb331f46bff010], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddehdnnhjimbggeeenghijehnpakijod\120, Quarantined, [2ddc4c2229618da9682a3220b74e748c], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddehdnnhjimbggeeenghijehnpakijod, Quarantined, [2ddc4c2229618da9682a3220b74e748c], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpnkndcjocnjgdbjdjhimgnjfmighjf\237, Quarantined, [ad5c72fced9d5ed8425071e10afb1ae6], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpnkndcjocnjgdbjdjhimgnjfmighjf, Quarantined, [ad5c72fced9d5ed8425071e10afb1ae6], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\infbohjcpbljfmnimjodijobdhjfijnp\245, Quarantined, [fa0fea848dfd3600dab855fd12f3a060], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\infbohjcpbljfmnimjodijobdhjfijnp, Quarantined, [fa0fea848dfd3600dab855fd12f3a060], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lclbbneapfiaihigbkalcoophalpbapl\168, Quarantined, [64a5b8b6107a9d990e84ed654db85ea2], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lclbbneapfiaihigbkalcoophalpbapl, Quarantined, [64a5b8b6107a9d990e84ed654db85ea2], PUP.Optional.MultiPlug, C:\ProgramData\dipclmbkdjgcbbbpmlilhibggmibdbgj, Quarantined, [7990b6b8d7b37cbaf6f0381b4db89f61], Files: 38PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, Quarantined, [9a6f7bf35832ff377cf5d07653b27c84], PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnkhknblpbolmcdhmflicaflhefdmbn\1.0_0\lsdb.js, Quarantined, [8881ea84741653e3662c430f30d5b848], PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnkhknblpbolmcdhmflicaflhefdmbn\1.0_0\background.html, Quarantined, [8881ea84741653e3662c430f30d5b848], PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnkhknblpbolmcdhmflicaflhefdmbn\1.0_0\indexeddb.js, Quarantined, [8881ea84741653e3662c430f30d5b848], PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnkhknblpbolmcdhmflicaflhefdmbn\1.0_0\jquery.js, Quarantined, [8881ea84741653e3662c430f30d5b848], PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnkhknblpbolmcdhmflicaflhefdmbn\1.0_0\manifest.json, Quarantined, [8881ea84741653e3662c430f30d5b848], PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnkhknblpbolmcdhmflicaflhefdmbn\1.0_0\sqlite.js, Quarantined, [8881ea84741653e3662c430f30d5b848], PUP.Optional.MultiPlug.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnkhknblpbolmcdhmflicaflhefdmbn\1.0_0\worker.js, Quarantined, [8881ea84741653e3662c430f30d5b848], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\246\lsdb.js, Quarantined, [60a9046a2169181ea7eb331f46bff010], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\246\b.js, Quarantined, [60a9046a2169181ea7eb331f46bff010], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\246\background.html, Quarantined, [60a9046a2169181ea7eb331f46bff010], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\246\content.js, Quarantined, [60a9046a2169181ea7eb331f46bff010], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\246\DWbQCg7g4w.js, Quarantined, [60a9046a2169181ea7eb331f46bff010], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\246\manifest.json, Quarantined, [60a9046a2169181ea7eb331f46bff010], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddehdnnhjimbggeeenghijehnpakijod\120\lsdb.js, Quarantined, [2ddc4c2229618da9682a3220b74e748c], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddehdnnhjimbggeeenghijehnpakijod\120\background.html, Quarantined, [2ddc4c2229618da9682a3220b74e748c], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddehdnnhjimbggeeenghijehnpakijod\120\content.js, Quarantined, [2ddc4c2229618da9682a3220b74e748c], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddehdnnhjimbggeeenghijehnpakijod\120\manifest.json, Quarantined, [2ddc4c2229618da9682a3220b74e748c], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpnkndcjocnjgdbjdjhimgnjfmighjf\237\lsdb.js, Quarantined, [ad5c72fced9d5ed8425071e10afb1ae6], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpnkndcjocnjgdbjdjhimgnjfmighjf\237\background.html, Quarantined, [ad5c72fced9d5ed8425071e10afb1ae6], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpnkndcjocnjgdbjdjhimgnjfmighjf\237\content.js, Quarantined, [ad5c72fced9d5ed8425071e10afb1ae6], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpnkndcjocnjgdbjdjhimgnjfmighjf\237\manifest.json, Quarantined, [ad5c72fced9d5ed8425071e10afb1ae6], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\infbohjcpbljfmnimjodijobdhjfijnp\245\lsdb.js, Quarantined, [fa0fea848dfd3600dab855fd12f3a060], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\infbohjcpbljfmnimjodijobdhjfijnp\245\background.html, Quarantined, [fa0fea848dfd3600dab855fd12f3a060], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\infbohjcpbljfmnimjodijobdhjfijnp\245\content.js, Quarantined, [fa0fea848dfd3600dab855fd12f3a060], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\infbohjcpbljfmnimjodijobdhjfijnp\245\jTL.js, Quarantined, [fa0fea848dfd3600dab855fd12f3a060], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\infbohjcpbljfmnimjodijobdhjfijnp\245\manifest.json, Quarantined, [fa0fea848dfd3600dab855fd12f3a060], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\infbohjcpbljfmnimjodijobdhjfijnp\245\Yfgl.js, Quarantined, [fa0fea848dfd3600dab855fd12f3a060], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lclbbneapfiaihigbkalcoophalpbapl\168\lsdb.js, Quarantined, [64a5b8b6107a9d990e84ed654db85ea2], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lclbbneapfiaihigbkalcoophalpbapl\168\background.html, Quarantined, [64a5b8b6107a9d990e84ed654db85ea2], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lclbbneapfiaihigbkalcoophalpbapl\168\content.js, Quarantined, [64a5b8b6107a9d990e84ed654db85ea2], PUP.Optional.MultiPlug.A, C:\Users\Studio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lclbbneapfiaihigbkalcoophalpbapl\168\manifest.json, Quarantined, [64a5b8b6107a9d990e84ed654db85ea2], PUP.Optional.MultiPlug, C:\ProgramData\dipclmbkdjgcbbbpmlilhibggmibdbgj\lsdb.js, Quarantined, [7990b6b8d7b37cbaf6f0381b4db89f61], PUP.Optional.MultiPlug, C:\ProgramData\dipclmbkdjgcbbbpmlilhibggmibdbgj\background.html, Quarantined, [7990b6b8d7b37cbaf6f0381b4db89f61], PUP.Optional.MultiPlug, C:\ProgramData\dipclmbkdjgcbbbpmlilhibggmibdbgj\BoCdOmJxnP.js, Quarantined, [7990b6b8d7b37cbaf6f0381b4db89f61], PUP.Optional.MultiPlug, C:\ProgramData\dipclmbkdjgcbbbpmlilhibggmibdbgj\content.js, Quarantined, [7990b6b8d7b37cbaf6f0381b4db89f61], PUP.Optional.MultiPlug, C:\ProgramData\dipclmbkdjgcbbbpmlilhibggmibdbgj\EDa4owsa.js, Quarantined, [7990b6b8d7b37cbaf6f0381b4db89f61], PUP.Optional.MultiPlug, C:\ProgramData\dipclmbkdjgcbbbpmlilhibggmibdbgj\manifest.json, Quarantined, [7990b6b8d7b37cbaf6f0381b4db89f61], Physical Sectors: 0(No malicious items detected) (end)
- April 18, 2015
- 14 replies
Please help

xterling replied to xterling's topic in Resolved Malware Removal Logs

Sorry for the delay, I needed to procure a 'clean machine'... Here's the log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04Ran by SYSTEM on MININT-6NENMLC on 17-04-2015 19:54:52Running from I:\Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Recovery The current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)HKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStartHKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-27] (NVIDIA Corporation)HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557984 2014-08-26] (Adobe Systems Incorporated)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)HKLM-x32\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2711576 2014-10-03] (Sony Corporation)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1679360 2012-02-28] (Wondershare)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)HKU\Joe\...\Run: [spybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeHKU\Joe\...\Run: [Google Update] => C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-03] (Google Inc.)HKU\Joe\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-13] (Valve Corporation)HKU\Joe\...\Run: [GoogleChromeAutoLaunch_D08BC2BD8F1B6BE4ACC60C8748C6E102] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)HKU\Joe\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnkShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)Startup: C:\Users\Studio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.6.lnkShortcutTarget: Intel® Turbo Boost Technology Monitor 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation) ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2015-01-30] (Adobe Systems Incorporated)S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)S2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-27] (NVIDIA Corporation)S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-27] ()S2 MSSQL$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation)S3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-27] (NVIDIA Corporation)S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-27] (NVIDIA Corporation)S2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [485400 2014-10-03] (Sony Corporation)S2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-02-25] (Enigma Software Group USA, LLC.)S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)S2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2014-10-24] (Enigma Software Group USA, LLC.)S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2014-10-24] ()S3 evserial; C:\Windows\System32\DRIVERS\evserial.sys [67072 2008-05-19] (ELTIMA Software)S3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25752 2012-05-16] ()S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)S2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [56008 2015-03-26] (Kaspersky Lab ZAO)S3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [151240 2014-11-28] (Kaspersky Lab ZAO)S1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [245960 2014-10-22] (Kaspersky Lab ZAO)S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [842440 2015-03-26] (Kaspersky Lab ZAO)S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30920 2014-10-10] (Kaspersky Lab ZAO)S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [30920 2014-10-30] (Kaspersky Lab ZAO)S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [57032 2014-10-09] (Kaspersky Lab ZAO)S1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77000 2014-11-22] (Kaspersky Lab ZAO)S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [181960 2014-11-10] (Kaspersky Lab ZAO)S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2013-03-14] (http://libusb-win32.sourceforge.net) S3 MBOXPRO; C:\Windows\System32\DRIVERS\AvidMboxPro.sys [436528 2012-02-23] (Avid)S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-27] (NVIDIA Corporation)S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)S0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)S3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-15] ()S3 VSBC; C:\Windows\System32\DRIVERS\evsbc.sys [32768 2008-05-19] (ELTIMA Software)S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2014-07-31] (Wondershare) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-15 17:39 - 2015-04-15 17:39 - 00002029 _____ () C:\Users\Public\Desktop\H&R Block 2014.lnk2015-04-15 17:39 - 2015-04-15 17:39 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\TaxCut2015-04-15 17:38 - 2015-04-15 17:52 - 00000000 ____D () C:\Users\Joe\Documents\HRBlock2015-04-15 17:38 - 2015-04-15 17:38 - 00000000 ____D () C:\ProgramData\TaxCut2015-04-15 17:38 - 2015-04-15 17:38 - 00000000 ____D () C:\Program Files (x86)\PDF9952015-04-15 17:38 - 2015-04-15 17:38 - 00000000 ____D () C:\Program Files (x86)\HRBlock20142015-04-15 15:17 - 2015-04-15 15:17 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Joe\Desktop\mbam-clean-2.1.1.1001.exe2015-04-15 15:08 - 2015-04-15 15:08 - 00000000 ____D () C:\Users\Joe\Desktop\FRST-OlderVersion2015-04-15 03:19 - 2015-04-01 16:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll2015-04-15 03:19 - 2015-04-01 15:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2015-04-15 03:19 - 2015-03-24 19:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll2015-04-15 03:19 - 2015-03-24 19:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll2015-04-15 03:19 - 2015-03-24 19:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll2015-04-15 03:19 - 2015-03-24 19:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll2015-04-15 03:19 - 2015-03-24 19:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll2015-04-15 03:19 - 2015-03-24 19:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\WinSetupUI.dll2015-04-15 03:19 - 2015-03-24 19:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll2015-04-15 03:19 - 2015-03-24 19:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll2015-04-15 03:19 - 2015-03-24 19:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe2015-04-15 03:19 - 2015-03-24 19:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe2015-04-15 03:19 - 2015-03-24 19:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\wu.upgrade.ps.dll2015-04-15 03:19 - 2015-03-24 19:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2015-04-15 03:19 - 2015-03-24 19:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2015-04-15 03:19 - 2015-03-24 19:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2015-04-15 03:19 - 2015-03-24 19:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2015-04-15 03:19 - 2015-03-24 19:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll2015-04-15 03:19 - 2015-03-22 19:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll2015-04-15 03:19 - 2015-03-22 19:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll2015-04-15 03:19 - 2015-03-22 19:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll2015-04-15 03:19 - 2015-03-22 19:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll2015-04-15 03:19 - 2015-03-22 19:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll2015-04-15 03:19 - 2015-03-22 19:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll2015-04-15 03:19 - 2015-03-22 19:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll2015-04-15 03:19 - 2015-03-22 19:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll2015-04-15 03:19 - 2015-03-16 21:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe2015-04-15 03:19 - 2015-03-16 21:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys2015-04-15 03:19 - 2015-03-16 21:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys2015-04-15 03:19 - 2015-03-16 21:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll2015-04-15 03:19 - 2015-03-16 21:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll2015-04-15 03:19 - 2015-03-16 21:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll2015-04-15 03:19 - 2015-03-16 21:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll2015-04-15 03:19 - 2015-03-16 21:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll2015-04-15 03:19 - 2015-03-16 21:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe2015-04-15 03:19 - 2015-03-16 21:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe2015-04-15 03:19 - 2015-03-16 21:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll2015-04-15 03:19 - 2015-03-16 21:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll2015-04-15 03:19 - 2015-03-16 21:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe2015-04-15 03:19 - 2015-03-16 21:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe2015-04-15 03:19 - 2015-03-16 21:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe2015-04-15 03:19 - 2015-03-16 21:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll2015-04-15 03:19 - 2015-03-16 21:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 21:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2015-04-15 03:19 - 2015-03-16 21:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2015-04-15 03:19 - 2015-03-16 20:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2015-04-15 03:19 - 2015-03-16 20:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2015-04-15 03:19 - 2015-03-16 20:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2015-04-15 03:19 - 2015-03-16 20:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2015-04-15 03:19 - 2015-03-16 20:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2015-04-15 03:19 - 2015-03-16 20:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2015-04-15 03:19 - 2015-03-16 20:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2015-04-15 03:19 - 2015-03-16 20:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2015-04-15 03:19 - 2015-03-16 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2015-04-15 03:19 - 2015-03-16 20:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2015-04-15 03:19 - 2015-03-16 20:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2015-04-15 03:19 - 2015-03-16 20:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2015-04-15 03:19 - 2015-03-16 20:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2015-04-15 03:19 - 2015-03-16 20:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe2015-04-15 03:19 - 2015-03-16 20:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2015-04-15 03:19 - 2015-03-16 20:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2015-04-15 03:19 - 2015-03-16 20:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2015-04-15 03:19 - 2015-03-16 20:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2015-04-15 03:19 - 2015-03-16 20:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 20:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 19:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2015-04-15 03:19 - 2015-03-16 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2015-04-15 03:19 - 2015-03-16 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2015-04-15 03:19 - 2015-03-16 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2015-04-15 03:19 - 2015-03-12 20:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2015-04-15 03:19 - 2015-03-12 20:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll2015-04-15 03:19 - 2015-03-12 20:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll2015-04-15 03:19 - 2015-03-12 20:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll2015-04-15 03:19 - 2015-03-12 20:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\System32\html.iec2015-04-15 03:19 - 2015-03-12 20:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll2015-04-15 03:19 - 2015-03-12 20:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll2015-04-15 03:19 - 2015-03-12 20:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2015-04-15 03:19 - 2015-03-12 19:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll2015-04-15 03:19 - 2015-03-12 19:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll2015-04-15 03:19 - 2015-03-12 19:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2015-04-15 03:19 - 2015-03-12 19:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe2015-04-15 03:19 - 2015-03-12 19:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll2015-04-15 03:19 - 2015-03-12 19:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll2015-04-15 03:19 - 2015-03-12 19:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe2015-04-15 03:19 - 2015-03-12 19:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-04-15 03:19 - 2015-03-12 19:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2015-04-15 03:19 - 2015-03-12 19:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll2015-04-15 03:19 - 2015-03-12 19:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll2015-04-15 03:19 - 2015-03-12 19:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-04-15 03:19 - 2015-03-12 19:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2015-04-15 03:19 - 2015-03-12 19:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2015-04-15 03:19 - 2015-03-12 19:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2015-04-15 03:19 - 2015-03-12 19:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2015-04-15 03:19 - 2015-03-12 19:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2015-04-15 03:19 - 2015-03-12 19:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll2015-04-15 03:19 - 2015-03-12 19:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-04-15 03:19 - 2015-03-12 19:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2015-04-15 03:19 - 2015-03-12 19:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2015-04-15 03:19 - 2015-03-12 19:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2015-04-15 03:19 - 2015-03-12 19:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2015-04-15 03:19 - 2015-03-12 19:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2015-04-15 03:19 - 2015-03-12 19:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2015-04-15 03:19 - 2015-03-12 19:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2015-04-15 03:19 - 2015-03-12 19:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2015-04-15 03:19 - 2015-03-12 19:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2015-04-15 03:19 - 2015-03-12 19:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll2015-04-15 03:19 - 2015-03-12 19:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2015-04-15 03:19 - 2015-03-12 19:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll2015-04-15 03:19 - 2015-03-12 18:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2015-04-15 03:19 - 2015-03-12 18:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2015-04-15 03:19 - 2015-03-12 18:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2015-04-15 03:19 - 2015-03-12 18:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-04-15 03:19 - 2015-03-12 18:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll2015-04-15 03:19 - 2015-03-12 18:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-04-15 03:19 - 2015-03-12 18:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-04-15 03:19 - 2015-03-12 18:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2015-04-15 03:19 - 2015-03-12 18:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-04-15 03:19 - 2015-03-12 18:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll2015-04-15 03:19 - 2015-03-12 18:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll2015-04-15 03:19 - 2015-03-12 18:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-04-15 03:19 - 2015-03-12 18:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-04-15 03:19 - 2015-03-12 18:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2015-04-15 03:19 - 2015-03-09 19:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll2015-04-15 03:19 - 2015-03-09 19:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll2015-04-15 03:19 - 2015-03-09 19:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2015-04-15 03:19 - 2015-03-09 19:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll2015-04-15 03:19 - 2015-03-04 21:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll2015-04-15 03:19 - 2015-03-04 20:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll2015-04-15 03:19 - 2015-02-24 19:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys2015-04-15 03:18 - 2015-03-12 20:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll2015-04-15 03:18 - 2015-03-12 20:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll2015-04-15 03:18 - 2015-03-12 19:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll2015-04-15 03:18 - 2015-03-03 20:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\System32\clfs.sys2015-04-15 03:18 - 2015-03-03 20:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\System32\clfsw32.dll2015-04-15 03:18 - 2015-03-03 20:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll2015-04-14 21:56 - 2015-04-14 21:56 - 21541880 _____ (Malwarebytes Corporation ) C:\Users\Joe\Desktop\MBPro.exe2015-04-14 21:50 - 2015-04-15 15:08 - 02097664 _____ (Farbar) C:\Users\Joe\Desktop\FRST64.exe2015-04-14 21:50 - 2015-04-14 21:50 - 00045135 _____ () C:\Users\Joe\Desktop\FRST.txt2015-04-14 21:50 - 2015-04-14 21:50 - 00041654 _____ () C:\Users\Joe\Desktop\Addition.txt2015-04-14 21:45 - 2015-04-14 21:45 - 00000000 ____D () C:\Users\Joe\AppData\Local\FileMaintenance2015-04-14 21:40 - 2015-04-14 21:40 - 00002615 _____ () C:\Users\Public\Desktop\JuiceCalculator.lnk2015-04-14 21:40 - 2015-04-14 21:40 - 00000000 ____D () C:\Program Files (x86)\EJuiceCalculator2015-04-14 16:39 - 2015-04-14 16:39 - 00000000 ____D () C:\Users\Joe\AppData\Local\openvr2015-04-04 23:00 - 2015-04-04 23:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX2015-04-04 23:00 - 2015-04-04 23:00 - 00000000 ___SD () C:\Windows\System32\GWX2015-03-31 19:21 - 2015-04-17 03:17 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-03-31 19:21 - 2015-04-17 02:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-03-31 19:21 - 2015-04-15 15:12 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-03-31 19:21 - 2015-04-15 15:12 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-03-30 18:51 - 2015-03-13 11:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll2015-03-30 18:51 - 2015-03-13 11:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll2015-03-30 18:51 - 2015-03-13 11:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll2015-03-30 18:51 - 2015-03-13 11:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll2015-03-30 18:51 - 2015-03-13 11:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll2015-03-30 18:51 - 2015-03-13 11:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll2015-03-30 18:51 - 2015-03-13 11:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll2015-03-30 18:51 - 2015-03-13 11:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll2015-03-30 18:51 - 2015-03-13 11:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll2015-03-30 18:51 - 2015-03-13 11:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys2015-03-30 18:51 - 2015-03-13 11:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll2015-03-30 18:51 - 2015-03-13 11:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll2015-03-30 18:51 - 2015-03-13 11:41 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll2015-03-30 18:51 - 2015-03-13 11:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6434788.dll2015-03-30 18:51 - 2015-03-13 11:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6434788.dll2015-03-30 18:51 - 2015-03-13 11:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll2015-03-30 18:51 - 2015-03-13 11:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll2015-03-30 18:51 - 2015-03-13 11:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll2015-03-30 18:51 - 2015-03-13 11:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll2015-03-30 18:51 - 2015-03-13 11:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll2015-03-30 18:51 - 2015-03-13 11:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll2015-03-30 18:51 - 2015-03-13 11:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll2015-03-30 18:51 - 2015-03-13 11:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll2015-03-30 18:51 - 2015-03-13 11:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll2015-03-30 18:51 - 2015-03-13 11:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll2015-03-29 08:16 - 2015-03-29 08:16 - 00001754 _____ () C:\Users\Joe\Desktop\Black Mesa.lnk2015-03-27 17:45 - 2015-04-17 02:37 - 00000000 ____D () C:\Program Files (x86)\Steam2015-03-27 17:45 - 2015-03-27 17:45 - 00000963 _____ () C:\Users\Public\Desktop\Steam.lnk ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-17 19:54 - 2015-02-26 19:00 - 00000000 ____D () C:\FRST2015-04-17 03:31 - 2012-11-04 10:15 - 01171139 _____ () C:\Windows\WindowsUpdate.log2015-04-17 03:27 - 2013-04-24 18:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-04-17 03:19 - 2014-07-03 21:10 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2048471247-995751312-864157879-1000UA.job2015-04-17 03:07 - 2015-03-02 18:19 - 00000000 ____D () C:\ProgramData\Kaspersky Lab2015-04-17 01:52 - 2013-11-15 07:21 - 00648016 _____ () C:\Windows\setupact.log2015-04-16 23:56 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache2015-04-16 23:27 - 2009-07-13 20:45 - 00027568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-04-16 23:27 - 2009-07-13 20:45 - 00027568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-04-16 23:26 - 2009-07-13 21:13 - 00823836 _____ () C:\Windows\System32\PerfStringBackup.INI2015-04-16 23:19 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-04-16 23:18 - 2014-12-11 00:19 - 00000000 ____D () C:\Windows\System32\appraiser2015-04-16 23:18 - 2014-05-06 17:45 - 00000000 ___SD () C:\Windows\System32\CompatTel2015-04-16 23:03 - 2013-04-22 15:08 - 00815958 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI2015-04-16 23:03 - 2012-11-04 11:55 - 00000000 ____D () C:\ProgramData\Microsoft Help2015-04-16 23:02 - 2009-07-13 18:34 - 00000580 _____ () C:\Windows\win.ini2015-04-16 22:00 - 2013-01-09 17:49 - 00000000 ____D () C:\Users\Joe\AppData\Local\Adobe2015-04-16 15:19 - 2014-07-03 21:10 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2048471247-995751312-864157879-1000Core.job2015-04-16 03:07 - 2010-11-20 19:47 - 00878236 _____ () C:\Windows\PFRO.log2015-04-16 03:04 - 2012-11-04 11:27 - 00106944 _____ () C:\Users\Joe\AppData\Local\GDIPFONTCACHEV1.DAT2015-04-15 18:43 - 2009-07-13 20:45 - 05015072 _____ () C:\Windows\System32\FNTCACHE.DAT2015-04-15 17:29 - 2014-11-17 18:13 - 00000000 ____D () C:\Users\Joe\Documents\JuiceCalculator2015-04-15 15:53 - 2015-03-05 18:18 - 00035064 _____ () C:\Windows\System32\Drivers\TrueSight.sys2015-04-15 15:20 - 2012-11-04 11:28 - 00000000 ____D () C:\Users\Joe\AppData\Local\Google2015-04-15 15:14 - 2014-07-03 21:10 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2048471247-995751312-864157879-1000UA2015-04-15 15:14 - 2014-07-03 21:10 - 00003470 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2048471247-995751312-864157879-1000Core2015-04-15 15:05 - 2012-11-04 12:03 - 00000000 ____D () C:\Users\Joe\Documents\Outlook Files2015-04-15 05:27 - 2013-04-24 18:46 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-04-15 05:27 - 2013-04-24 18:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-04-15 05:27 - 2013-04-24 18:46 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-04-14 21:40 - 2014-11-17 18:13 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\JuiceCalculator2015-04-14 21:40 - 2013-05-18 20:31 - 00000000 ____D () C:\Users\Joe\AppData\Local\Downloaded Installations2015-04-12 05:21 - 2014-08-24 05:57 - 00000000 ____D () C:\Users\Joe\Documents\My Labels2015-04-11 16:58 - 2014-07-19 11:36 - 00000000 ____D () C:\Users\Joe\Documents\EJuice Recipes2015-04-05 04:22 - 2015-03-08 03:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2015-04-01 02:06 - 2014-06-01 17:32 - 00000000 ____D () C:\ProgramData\CanonIJPLM2015-03-31 19:22 - 2012-11-04 11:28 - 00000000 ____D () C:\Program Files (x86)\Google2015-03-31 19:16 - 2014-05-11 18:45 - 00000000 ____D () C:\temp2015-03-31 18:13 - 2012-11-04 10:29 - 00000000 ____D () C:\ProgramData\NVIDIA2015-03-30 18:52 - 2012-11-04 10:28 - 00000000 ____D () C:\Program Files\NVIDIA Corporation2015-03-30 18:52 - 2012-11-04 10:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation2015-03-27 19:44 - 2014-06-03 18:30 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll2015-03-27 19:44 - 2013-12-01 09:35 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll2015-03-27 19:43 - 2014-06-03 18:30 - 01756424 _____ (NVIDIA Corporation) C:\Windows\System32\nvspbridge64.dll2015-03-27 19:43 - 2013-12-01 09:35 - 01570672 _____ (NVIDIA Corporation) C:\Windows\System32\nvspcap64.dll2015-03-27 17:31 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF2015-03-26 01:10 - 2015-03-02 18:19 - 00842440 _____ (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klif.sys2015-03-26 01:10 - 2014-08-19 09:31 - 00056008 _____ (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kldisk.sys2015-03-20 17:32 - 2014-06-16 19:13 - 00002785 _____ () C:\Users\Public\Desktop\eJuice Me Up.lnk2015-03-18 14:40 - 2015-03-16 15:56 - 00000000 ____D () C:\ProgramData\AVAST Software Files to move or delete:====================C:\Users\Joe\FRST64.exe Some content of TEMP:====================C:\Users\Joe\AppData\Local\Temp\dllnt_dump.dll ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= Restore point made on: 2015-04-04 23:00:22Restore point made on: 2015-04-10 01:24:45Restore point made on: 2015-04-14 01:09:20Restore point made on: 2015-04-14 21:40:26Restore point made on: 2015-04-15 17:38:45Restore point made on: 2015-04-16 23:00:21 ==================== Memory info =========================== Percentage of memory in use: 7%Total physical RAM: 16358.46 MBAvailable physical RAM: 15131.09 MBTotal Pagefile: 16356.66 MBAvailable Pagefile: 15124.76 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.89 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.02 GB) (Free:719.89 GB) NTFSDrive d: (Data HDD) (Fixed) (Total:1397.26 GB) (Free:843.36 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive e: (SSD) (Fixed) (Total:223.57 GB) (Free:223.44 GB) NTFSDrive i: (MALWAREBYTE) (Removable) (Total:1.86 GB) (Free:1.86 GB) FATDrive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFSDrive y: (SYSTEM) (Fixed) (Total:0.49 GB) (Free:0.24 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7D123E89)Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: B5E47E0B)Partition 1: (Active) - (Size=1397.3 GB) - (Type=07 NTFS) ========================================================Disk: 2 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 36CBC858)Partition 1: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS) ========================================================Disk: 4 (Size: 1.9 GB) (Disk ID: 6F20736B)No partition Table on disk 4.Disk 4 is a removable device. LastRegBack: 2015-04-13 20:18 ==================== End Of Log ============================
- April 18, 2015
- 14 replies
Please help

xterling replied to xterling's topic in Resolved Malware Removal Logs

Re-did those steps again. Still not able to install Malwarebytes. Still getting the same error.
- April 16, 2015
- 14 replies
Please help

xterling replied to xterling's topic in Resolved Malware Removal Logs

Hello THE, I've followed all the instructions up to the installation of malwarebytes. It still won't install. I get a "error 5: access is denied". Here is the fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-04-2015 04Ran by Joe at 2015-04-15 19:08:11 Run:1Running from C:\Users\Joe\DesktopLoaded Profiles: Joe (Available profiles: Joe & Studio)Boot Mode: Normal============================================== Content of fixlist:*****************closeprocesses:emptytemp:AlternateDataStreams: C:\ProgramData\TEMP:373E1720AlternateDataStreams: C:\ProgramData\TEMP:5C321E34AlternateDataStreams: C:\ProgramData\TEMP:DDE29E40AlternateDataStreams: C:\Users\Joe\Local Settings:bx63UobVrw27y9ByfJNeAlternateDataStreams: C:\Users\Joe\Local Settings:L0huz7lzlYaeg6DjvFwQrEcGWJP3AlternateDataStreams: C:\Users\Joe\AppData\Local:bx63UobVrw27y9ByfJNeAlternateDataStreams: C:\Users\Joe\AppData\Local:L0huz7lzlYaeg6DjvFwQrEcGWJP3AlternateDataStreams: C:\Users\Joe\AppData\Local\570Fnw0Fptm:vjUtIC2r8tTgzJfDjebAApnAlternateDataStreams: C:\Users\Joe\AppData\Local\Application Data:bx63UobVrw27y9ByfJNeAlternateDataStreams: C:\Users\Joe\AppData\Local\Application Data:L0huz7lzlYaeg6DjvFwQrEcGWJP3AlternateDataStreams: C:\Users\Joe\AppData\Local\HkhbGYK4n:kVbn1JlDo4aLnrJx4FAlternateDataStreams: C:\Users\Joe\AppData\Local\qWAnz1MXRi:Iq6Hke5HtEBRKutWypzGmRS7AlternateDataStreams: C:\Users\Joe\AppData\Local\Temporary Internet Files:0Nw8avmZRVjUWFMDFYwJBZ0Task: {C04ADDCD-F9EE-47EE-93A5-FC67E1A75BE2} - \Jelbrus Secure Web Task No Task File <==== ATTENTIONShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No FileCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONRemoveProxy:ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.ProxyServer: [.DEFAULT] => http=127.0.0.1:63020;https=127.0.0.1:63020HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 0x68007400740070003A002F002F0067006F002E006D006900630072006F0073006F00660074002E0063006F006D002F00660077006C0069006E006B002F0070002F003F004C0069006E006B00490064003D003200350035003100340031000000HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 0x68007400740070003A002F002F0067006F002E006D006900630072006F0073006F00660074002E0063006F006D002F00660077006C0069006E006B002F003F004C0069006E006B00490064003D00350034003800390036000000HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 0x00HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 0x00HKU\S-1-5-21-2048471247-995751312-864157879-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 0x68007400740070003A002F002F0067006F002E006D006900630072006F0073006F00660074002E0063006F006D002F00660077006C0069006E006B002F0070002F003F004C0069006E006B00490064003D003200350035003100340031000000HKU\S-1-5-21-2048471247-995751312-864157879-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = CHR HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Joe\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [cfiifhkkcanjbocdngcinebbnhabiccf] - C:\ProgramData\SaveAs\cfiifhkkcanjbocdngcinebbnhabiccf.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [cikkkfooompgefbcjlgdjejfdknkheaj] - C:\Program Files (x86)\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]CHR HKLM-x32\...\Chrome\Extension: [gpiifgmgnfdiblgpaepbmfdkcheicgof] - C:\Program Files (x86)\Common Files\Spigot\GC\nta_1.0_0.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [jelaaoalhilpjlbbgcgimkdaeebdjbff] - C:\ProgramData\Bcool\jelaaoalhilpjlbbgcgimkdaeebdjbff.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Joe\AppData\Local\Torch\Plugins\TorchPlugin.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Joe\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [Not Found]S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [X] ***************** Processes closed successfully.C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.C:\ProgramData\TEMP => ":DDE29E40" ADS removed successfully."C:\Users\Joe\Local Settings" => ":bx63UobVrw27y9ByfJNe" ADS not found."C:\Users\Joe\Local Settings" => ":L0huz7lzlYaeg6DjvFwQrEcGWJP3" ADS not found.C:\Users\Joe\AppData\Local => ":bx63UobVrw27y9ByfJNe" ADS removed successfully.C:\Users\Joe\AppData\Local => ":L0huz7lzlYaeg6DjvFwQrEcGWJP3" ADS removed successfully.C:\Users\Joe\AppData\Local\570Fnw0Fptm => ":vjUtIC2r8tTgzJfDjebAApn" ADS removed successfully."C:\Users\Joe\AppData\Local\Application Data" => ":bx63UobVrw27y9ByfJNe" ADS not found."C:\Users\Joe\AppData\Local\Application Data" => ":L0huz7lzlYaeg6DjvFwQrEcGWJP3" ADS not found.C:\Users\Joe\AppData\Local\HkhbGYK4n => ":kVbn1JlDo4aLnrJx4F" ADS removed successfully.C:\Users\Joe\AppData\Local\qWAnz1MXRi => ":Iq6Hke5HtEBRKutWypzGmRS7" ADS removed successfully."C:\Users\Joe\AppData\Local\Temporary Internet Files" => ":0Nw8avmZRVjUWFMDFYwJBZ0" ADS not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C04ADDCD-F9EE-47EE-93A5-FC67E1A75BE2}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C04ADDCD-F9EE-47EE-93A5-FC67E1A75BE2}" => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jelbrus Secure Web Task => Key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. ========= RemoveProxy: ========= HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully. ========= End of RemoveProxy: ========= HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value not found.HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.HKU\S-1-5-21-2048471247-995751312-864157879-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.HKU\S-1-5-21-2048471247-995751312-864157879-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value deleted successfully.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully."HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. "HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. "HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{50CFB8A2-79FC-4820-8DED-40C33706E0D8}" => Key deleted successfully.HKCR\CLSID\{50CFB8A2-79FC-4820-8DED-40C33706E0D8} => Key not found. "HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{522AFA45-0CC5-45E8-BB1E-25CEA66CED17}" => Key deleted successfully.HKCR\CLSID\{522AFA45-0CC5-45E8-BB1E-25CEA66CED17} => Key not found. "HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5EA2073B-62FB-4125-9862-0E2C52673205}" => Key deleted successfully.HKCR\CLSID\{5EA2073B-62FB-4125-9862-0E2C52673205} => Key not found. C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\gce51ng1.default\user.js => Moved successfully."HKLM\SOFTWARE\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully."HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\Google\Chrome\Extensions\oajgghejjpgkmpgbchgjieahoefimdle" => Key deleted successfully."HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cfiifhkkcanjbocdngcinebbnhabiccf" => Key deleted successfully."HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cikkkfooompgefbcjlgdjejfdknkheaj" => Key deleted successfully."HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully."HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gpiifgmgnfdiblgpaepbmfdkcheicgof" => Key deleted successfully."HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jelaaoalhilpjlbbgcgimkdaeebdjbff" => Key deleted successfully."HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof" => Key deleted successfully."HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oajgghejjpgkmpgbchgjieahoefimdle" => Key deleted successfully.SBSDWSCService => Service deleted successfully.EmptyTemp: => Removed 1.9 GB temporary data. The system needed a reboot. ==== End of Fixlog 19:08:24 ====
- April 15, 2015
- 14 replies
Please help

xterling replied to xterling's topic in Resolved Malware Removal Logs

Malwarebytes Pro won't install. A couple of weeks back my proxy settings kept changing. I've used various malware removal software and the proxy issue seems to have gone away, but I'm not sure if I'm still infected or not. Thank you for the quick reply!
- April 15, 2015
- 14 replies
Please help

xterling posted a topic in Resolved Malware Removal Logs

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2015Ran by Joe (administrator) on OFFICE on 15-04-2015 01:50:21Running from C:\Users\Joe\DesktopLoaded Profiles: Joe (Available profiles: Joe & Studio)Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: CHR HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Joe\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [cfiifhkkcanjbocdngcinebbnhabiccf] - C:\ProgramData\SaveAs\cfiifhkkcanjbocdngcinebbnhabiccf.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [cikkkfooompgefbcjlgdjejfdknkheaj] - C:\Program Files (x86)\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]CHR HKLM-x32\...\Chrome\Extension: [gpiifgmgnfdiblgpaepbmfdkcheicgof] - C:\Program Files (x86)\Common Files\Spigot\GC\nta_1.0_0.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [jelaaoalhilpjlbbgcgimkdaeebdjbff] - C:\ProgramData\Bcool\jelaaoalhilpjlbbgcgimkdaeebdjbff.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Joe\AppData\Local\Torch\Plugins\TorchPlugin.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Joe\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx [2013-08-24] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2015-01-30] (Adobe Systems Incorporated)R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-27] (NVIDIA Corporation)R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-27] ()R2 MSSQL$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]S3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-27] (NVIDIA Corporation)R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-27] (NVIDIA Corporation)R2 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2938880 2012-05-18] (PACE Anti-Piracy, Inc.) [File not signed]R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [485400 2014-10-03] (Sony Corporation)R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-02-25] (Enigma Software Group USA, LLC.)S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2014-10-24] (Enigma Software Group USA, LLC.)S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2014-10-24] ()S3 evserial; C:\Windows\System32\DRIVERS\evserial.sys [67072 2008-05-19] (ELTIMA Software)R3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25752 2012-05-16] ()R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [56008 2015-03-26] (Kaspersky Lab ZAO)R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [151240 2014-11-28] (Kaspersky Lab ZAO)R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [245960 2014-10-22] (Kaspersky Lab ZAO)R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [842440 2015-03-26] (Kaspersky Lab ZAO)R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30920 2014-10-10] (Kaspersky Lab ZAO)R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [30920 2014-10-30] (Kaspersky Lab ZAO)R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [57032 2014-10-09] (Kaspersky Lab ZAO)R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77000 2014-11-22] (Kaspersky Lab ZAO)R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [181960 2014-11-10] (Kaspersky Lab ZAO)S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2013-03-14] (http://libusb-win32.sourceforge.net) R3 MBOXPRO; C:\Windows\System32\DRIVERS\AvidMboxPro.sys [436528 2012-02-23] (Avid)S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-27] (NVIDIA Corporation)R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-04] ()R3 VSBC; C:\Windows\System32\DRIVERS\evsbc.sys [32768 2008-05-19] (ELTIMA Software)S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2014-07-31] (Wondershare) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-15 01:50 - 2015-04-15 01:50 - 02096640 _____ (Farbar) C:\Users\Joe\Desktop\FRST64.exe2015-04-15 01:50 - 2015-04-15 01:50 - 00030851 _____ () C:\Users\Joe\Desktop\FRST.txt2015-04-15 01:47 - 2015-04-15 01:47 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Joe\Desktop\mbam-setup-2.1.4.1018.exe2015-04-15 01:45 - 2015-04-15 01:45 - 00000000 ____D () C:\Users\Joe\AppData\Local\FileMaintenance2015-04-15 01:40 - 2015-04-15 01:40 - 00002615 _____ () C:\Users\Public\Desktop\JuiceCalculator.lnk2015-04-15 01:40 - 2015-04-15 01:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JuiceCalculator2015-04-15 01:40 - 2015-04-15 01:40 - 00000000 ____D () C:\Program Files (x86)\EJuiceCalculator2015-04-14 20:39 - 2015-04-14 20:39 - 00000000 ____D () C:\Users\Joe\AppData\Local\openvr2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX2015-03-31 23:21 - 2015-04-15 01:26 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-03-31 23:21 - 2015-04-14 23:26 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-03-31 23:21 - 2015-03-31 23:21 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-03-31 23:21 - 2015-03-31 23:21 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-03-30 22:51 - 2015-03-13 15:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll2015-03-30 22:51 - 2015-03-13 15:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll2015-03-30 22:51 - 2015-03-13 15:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll2015-03-30 22:51 - 2015-03-13 15:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll2015-03-30 22:51 - 2015-03-13 15:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll2015-03-30 22:51 - 2015-03-13 15:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll2015-03-30 22:51 - 2015-03-13 15:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll2015-03-30 22:51 - 2015-03-13 15:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll2015-03-30 22:51 - 2015-03-13 15:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll2015-03-30 22:51 - 2015-03-13 15:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys2015-03-30 22:51 - 2015-03-13 15:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll2015-03-30 22:51 - 2015-03-13 15:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll2015-03-30 22:51 - 2015-03-13 15:41 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll2015-03-30 22:51 - 2015-03-13 15:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll2015-03-30 22:51 - 2015-03-13 15:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll2015-03-30 22:51 - 2015-03-13 15:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll2015-03-30 22:51 - 2015-03-13 15:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll2015-03-30 22:51 - 2015-03-13 15:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll2015-03-30 22:51 - 2015-03-13 15:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll2015-03-30 22:51 - 2015-03-13 15:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll2015-03-30 22:51 - 2015-03-13 15:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll2015-03-30 22:51 - 2015-03-13 15:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll2015-03-30 22:51 - 2015-03-13 15:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll2015-03-30 22:51 - 2015-03-13 15:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll2015-03-30 22:51 - 2015-03-13 15:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll2015-03-29 12:16 - 2015-03-29 12:16 - 00001754 _____ () C:\Users\Joe\Desktop\Black Mesa.lnk2015-03-27 21:45 - 2015-04-14 20:39 - 00000000 ____D () C:\Program Files (x86)\Steam2015-03-27 21:45 - 2015-03-27 21:45 - 00000963 _____ () C:\Users\Public\Desktop\Steam.lnk2015-03-27 21:45 - 2015-03-27 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam2015-03-24 16:33 - 2015-03-11 00:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2015-03-24 16:33 - 2015-03-11 00:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll2015-03-24 16:33 - 2015-03-11 00:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2015-03-24 16:33 - 2015-03-11 00:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2015-03-24 16:33 - 2015-03-11 00:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2015-03-24 16:33 - 2015-03-11 00:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll2015-03-24 16:33 - 2015-03-11 00:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll2015-03-24 16:33 - 2015-03-11 00:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2015-03-16 20:04 - 2015-03-16 20:03 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2015-03-16 19:56 - 2015-03-18 18:40 - 00000000 ____D () C:\ProgramData\AVAST Software ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-15 01:50 - 2015-02-26 23:00 - 00000000 ____D () C:\FRST2015-04-15 01:40 - 2014-11-17 22:13 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\JuiceCalculator2015-04-15 01:40 - 2013-05-19 00:31 - 00000000 ____D () C:\Users\Joe\AppData\Local\Downloaded Installations2015-04-15 01:27 - 2013-04-24 22:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-04-15 01:21 - 2013-11-15 11:21 - 00639168 _____ () C:\Windows\setupact.log2015-04-15 01:15 - 2014-07-04 01:10 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2048471247-995751312-864157879-1000UA.job2015-04-15 01:15 - 2014-07-04 01:10 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2048471247-995751312-864157879-1000Core.job2015-04-15 01:05 - 2015-03-02 22:19 - 00000000 ____D () C:\ProgramData\Kaspersky Lab2015-04-15 00:31 - 2009-07-14 00:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-04-15 00:31 - 2009-07-14 00:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-04-14 21:35 - 2014-11-17 22:13 - 00000000 ____D () C:\Users\Joe\Documents\JuiceCalculator2015-04-14 20:50 - 2012-11-04 14:15 - 01700493 _____ () C:\Windows\WindowsUpdate.log2015-04-14 20:39 - 2013-01-09 21:49 - 00000000 ____D () C:\Users\Joe\AppData\Local\Adobe2015-04-13 21:12 - 2009-07-14 01:13 - 00823836 _____ () C:\Windows\system32\PerfStringBackup.INI2015-04-13 21:07 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-04-13 21:05 - 2012-11-04 16:03 - 00000000 ____D () C:\Users\Joe\Documents\Outlook Files2015-04-12 09:21 - 2014-08-24 09:57 - 00000000 ____D () C:\Users\Joe\Documents\My Labels2015-04-11 20:58 - 2014-07-19 15:36 - 00000000 ____D () C:\Users\Joe\Documents\EJuice Recipes2015-04-05 08:22 - 2015-03-08 07:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2015-04-04 11:23 - 2015-03-05 22:18 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys2015-04-01 06:06 - 2014-06-01 21:32 - 00000000 ____D () C:\ProgramData\CanonIJPLM2015-04-01 05:39 - 2010-11-20 23:47 - 00833328 _____ () C:\Windows\PFRO.log2015-03-31 23:22 - 2012-11-04 15:28 - 00000000 ____D () C:\Users\Joe\AppData\Local\Google2015-03-31 23:22 - 2012-11-04 15:28 - 00000000 ____D () C:\Program Files (x86)\Google2015-03-31 23:16 - 2014-05-11 22:45 - 00000000 ____D () C:\temp2015-03-31 22:13 - 2012-11-04 14:29 - 00000000 ____D () C:\ProgramData\NVIDIA2015-03-30 22:52 - 2012-11-04 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation2015-03-30 22:52 - 2012-11-04 14:28 - 00000000 ____D () C:\Program Files\NVIDIA Corporation2015-03-30 22:52 - 2012-11-04 14:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation2015-03-27 23:44 - 2014-06-03 22:30 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll2015-03-27 23:44 - 2013-12-01 13:35 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll2015-03-27 23:43 - 2014-06-03 22:30 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll2015-03-27 23:43 - 2013-12-01 13:35 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll2015-03-27 21:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF2015-03-26 05:10 - 2015-03-02 22:19 - 00842440 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys2015-03-26 05:10 - 2014-08-19 13:31 - 00056008 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kldisk.sys2015-03-25 20:18 - 2014-12-11 04:19 - 00000000 ____D () C:\Windows\system32\appraiser2015-03-25 20:18 - 2014-05-06 21:45 - 00000000 ___SD () C:\Windows\system32\CompatTel2015-03-20 21:32 - 2014-06-16 23:13 - 00002785 _____ () C:\Users\Public\Desktop\eJuice Me Up.lnk2015-03-16 23:23 - 2014-05-25 21:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2015-03-16 20:03 - 2014-10-19 09:34 - 00191400 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2015-03-16 20:03 - 2014-10-19 09:34 - 00190888 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2015-03-16 20:03 - 2014-10-19 09:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2015-03-16 20:03 - 2013-05-01 23:14 - 00000000 ____D () C:\Program Files (x86)\Java2015-03-16 20:02 - 2013-04-24 22:46 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-03-16 20:02 - 2013-04-24 22:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-03-16 20:02 - 2013-04-24 22:46 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-03-16 19:30 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD ==================== Files in the root of some directories ======= 2015-02-12 22:54 - 2015-02-12 22:54 - 0000000 _____ () C:\Users\Joe\AppData\Roaming\1E2.tmp2013-04-13 15:25 - 2014-06-01 23:00 - 0000132 _____ () C:\Users\Joe\AppData\Roaming\Adobe BMP Format CS6 Prefs2014-10-28 00:06 - 2014-11-08 08:05 - 0000004 _____ () C:\Users\Joe\AppData\Roaming\appdataFr2.bin2013-05-27 11:23 - 2013-05-27 11:23 - 0000000 _____ () C:\Users\Joe\AppData\Roaming\bitlord_log.txt2014-09-24 07:44 - 2014-09-24 07:44 - 0002258 _____ () C:\Users\Joe\AppData\Local\0E573315C9FE4442A821BB71EE4B9688.Havana Mist Co. 2.lbx2014-08-03 10:16 - 2014-08-03 10:16 - 0001971 _____ () C:\Users\Joe\AppData\Local\63D9F3CACFD242ddBB80203A91870287.Layout2.lbx2014-08-16 03:21 - 2014-08-16 03:21 - 0001962 _____ () C:\Users\Joe\AppData\Local\6C598F6581C64858BEE9D05BCAA5A999.Layout2.lbx2014-08-17 14:48 - 2014-08-17 14:48 - 0001858 _____ () C:\Users\Joe\AppData\Local\7691DFF693A94f8cACC23A02BC50C5BF.Layout1.lbx2013-12-11 00:46 - 2013-12-11 00:46 - 144752885 _____ () C:\Users\Joe\AppData\Local\ACCCx2_2_1_260.zip.aamdownload2013-12-11 00:46 - 2013-12-11 00:46 - 0001817 _____ () C:\Users\Joe\AppData\Local\ACCCx2_2_1_260.zip.aamdownload.aamd2012-11-04 15:53 - 2012-11-04 15:53 - 0004608 _____ () C:\Users\Joe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-08-09 13:32 - 2014-08-09 13:32 - 0001867 _____ () C:\Users\Joe\AppData\Local\E5A3B4C20C0749b28C5529AA8D7201FA.Layout2.lbx2014-05-10 23:25 - 2014-05-10 23:25 - 0000091 _____ () C:\Users\Joe\AppData\Local\fusioncache.dat2013-05-27 11:25 - 2013-05-27 11:25 - 0000218 _____ () C:\Users\Joe\AppData\Local\recently-used.xbel2013-03-03 18:05 - 2014-03-12 20:45 - 0000795 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc2015-02-15 12:46 - 2015-02-15 13:06 - 0010938 _____ () C:\ProgramData\StreamingMediaTechnologyLog.txt Files to move or delete:====================C:\Users\Joe\FRST64.exe Some content of TEMP:====================C:\Users\Joe\AppData\Local\Temp\dllnt_dump.dllC:\Users\Joe\AppData\Local\Temp\Nv3DVisionIePlugin.dllC:\Users\Joe\AppData\Local\Temp\Nv3DVStreaming.dllC:\Users\Joe\AppData\Local\Temp\Nv3DVStreaming64.dllC:\Users\Joe\AppData\Local\Temp\Nv3DVStreamingIePlugin.dllC:\Users\Joe\AppData\Local\Temp\nvSCPAPI.dllC:\Users\Joe\AppData\Local\Temp\nvSCPAPISvr.exeC:\Users\Joe\AppData\Local\Temp\nvStInst.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-14 00:18 ==================== End Of Log ============================ Addition.txt FRST.txt
- April 15, 2015
- 14 replies
I think I'm infected

xterling posted a topic in Malwarebytes for Windows Support Forum

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2015Ran by Joe (administrator) on OFFICE on 15-04-2015 01:50:21Running from C:\Users\Joe\DesktopLoaded Profiles: Joe (Available profiles: Joe & Studio)Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: CHR HKU\S-1-5-21-2048471247-995751312-864157879-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Joe\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [cfiifhkkcanjbocdngcinebbnhabiccf] - C:\ProgramData\SaveAs\cfiifhkkcanjbocdngcinebbnhabiccf.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [cikkkfooompgefbcjlgdjejfdknkheaj] - C:\Program Files (x86)\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]CHR HKLM-x32\...\Chrome\Extension: [gpiifgmgnfdiblgpaepbmfdkcheicgof] - C:\Program Files (x86)\Common Files\Spigot\GC\nta_1.0_0.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [jelaaoalhilpjlbbgcgimkdaeebdjbff] - C:\ProgramData\Bcool\jelaaoalhilpjlbbgcgimkdaeebdjbff.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Joe\AppData\Local\Torch\Plugins\TorchPlugin.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Joe\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx [2013-08-24] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2015-01-30] (Adobe Systems Incorporated)R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-27] (NVIDIA Corporation)R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-27] ()R2 MSSQL$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]S3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-27] (NVIDIA Corporation)R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-27] (NVIDIA Corporation)R2 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2938880 2012-05-18] (PACE Anti-Piracy, Inc.) [File not signed]R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [485400 2014-10-03] (Sony Corporation)R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-02-25] (Enigma Software Group USA, LLC.)S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2014-10-24] (Enigma Software Group USA, LLC.)S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2014-10-24] ()S3 evserial; C:\Windows\System32\DRIVERS\evserial.sys [67072 2008-05-19] (ELTIMA Software)R3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25752 2012-05-16] ()R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [56008 2015-03-26] (Kaspersky Lab ZAO)R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [151240 2014-11-28] (Kaspersky Lab ZAO)R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [245960 2014-10-22] (Kaspersky Lab ZAO)R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [842440 2015-03-26] (Kaspersky Lab ZAO)R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30920 2014-10-10] (Kaspersky Lab ZAO)R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [30920 2014-10-30] (Kaspersky Lab ZAO)R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [57032 2014-10-09] (Kaspersky Lab ZAO)R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77000 2014-11-22] (Kaspersky Lab ZAO)R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [181960 2014-11-10] (Kaspersky Lab ZAO)S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2013-03-14] (http://libusb-win32.sourceforge.net) R3 MBOXPRO; C:\Windows\System32\DRIVERS\AvidMboxPro.sys [436528 2012-02-23] (Avid)S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-27] (NVIDIA Corporation)R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-04] ()R3 VSBC; C:\Windows\System32\DRIVERS\evsbc.sys [32768 2008-05-19] (ELTIMA Software)S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2014-07-31] (Wondershare) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-15 01:50 - 2015-04-15 01:50 - 02096640 _____ (Farbar) C:\Users\Joe\Desktop\FRST64.exe2015-04-15 01:50 - 2015-04-15 01:50 - 00030851 _____ () C:\Users\Joe\Desktop\FRST.txt2015-04-15 01:47 - 2015-04-15 01:47 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Joe\Desktop\mbam-setup-2.1.4.1018.exe2015-04-15 01:45 - 2015-04-15 01:45 - 00000000 ____D () C:\Users\Joe\AppData\Local\FileMaintenance2015-04-15 01:40 - 2015-04-15 01:40 - 00002615 _____ () C:\Users\Public\Desktop\JuiceCalculator.lnk2015-04-15 01:40 - 2015-04-15 01:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JuiceCalculator2015-04-15 01:40 - 2015-04-15 01:40 - 00000000 ____D () C:\Program Files (x86)\EJuiceCalculator2015-04-14 20:39 - 2015-04-14 20:39 - 00000000 ____D () C:\Users\Joe\AppData\Local\openvr2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX2015-03-31 23:21 - 2015-04-15 01:26 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-03-31 23:21 - 2015-04-14 23:26 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-03-31 23:21 - 2015-03-31 23:21 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-03-31 23:21 - 2015-03-31 23:21 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-03-30 22:51 - 2015-03-13 15:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll2015-03-30 22:51 - 2015-03-13 15:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll2015-03-30 22:51 - 2015-03-13 15:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll2015-03-30 22:51 - 2015-03-13 15:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll2015-03-30 22:51 - 2015-03-13 15:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll2015-03-30 22:51 - 2015-03-13 15:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll2015-03-30 22:51 - 2015-03-13 15:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll2015-03-30 22:51 - 2015-03-13 15:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll2015-03-30 22:51 - 2015-03-13 15:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll2015-03-30 22:51 - 2015-03-13 15:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys2015-03-30 22:51 - 2015-03-13 15:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll2015-03-30 22:51 - 2015-03-13 15:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll2015-03-30 22:51 - 2015-03-13 15:41 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll2015-03-30 22:51 - 2015-03-13 15:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll2015-03-30 22:51 - 2015-03-13 15:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll2015-03-30 22:51 - 2015-03-13 15:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll2015-03-30 22:51 - 2015-03-13 15:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll2015-03-30 22:51 - 2015-03-13 15:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll2015-03-30 22:51 - 2015-03-13 15:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll2015-03-30 22:51 - 2015-03-13 15:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll2015-03-30 22:51 - 2015-03-13 15:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll2015-03-30 22:51 - 2015-03-13 15:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll2015-03-30 22:51 - 2015-03-13 15:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll2015-03-30 22:51 - 2015-03-13 15:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll2015-03-30 22:51 - 2015-03-13 15:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll2015-03-29 12:16 - 2015-03-29 12:16 - 00001754 _____ () C:\Users\Joe\Desktop\Black Mesa.lnk2015-03-27 21:45 - 2015-04-14 20:39 - 00000000 ____D () C:\Program Files (x86)\Steam2015-03-27 21:45 - 2015-03-27 21:45 - 00000963 _____ () C:\Users\Public\Desktop\Steam.lnk2015-03-27 21:45 - 2015-03-27 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam2015-03-24 16:33 - 2015-03-11 00:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2015-03-24 16:33 - 2015-03-11 00:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll2015-03-24 16:33 - 2015-03-11 00:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2015-03-24 16:33 - 2015-03-11 00:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2015-03-24 16:33 - 2015-03-11 00:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2015-03-24 16:33 - 2015-03-11 00:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll2015-03-24 16:33 - 2015-03-11 00:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll2015-03-24 16:33 - 2015-03-11 00:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2015-03-16 20:04 - 2015-03-16 20:03 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2015-03-16 19:56 - 2015-03-18 18:40 - 00000000 ____D () C:\ProgramData\AVAST Software ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-15 01:50 - 2015-02-26 23:00 - 00000000 ____D () C:\FRST2015-04-15 01:40 - 2014-11-17 22:13 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\JuiceCalculator2015-04-15 01:40 - 2013-05-19 00:31 - 00000000 ____D () C:\Users\Joe\AppData\Local\Downloaded Installations2015-04-15 01:27 - 2013-04-24 22:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-04-15 01:21 - 2013-11-15 11:21 - 00639168 _____ () C:\Windows\setupact.log2015-04-15 01:15 - 2014-07-04 01:10 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2048471247-995751312-864157879-1000UA.job2015-04-15 01:15 - 2014-07-04 01:10 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2048471247-995751312-864157879-1000Core.job2015-04-15 01:05 - 2015-03-02 22:19 - 00000000 ____D () C:\ProgramData\Kaspersky Lab2015-04-15 00:31 - 2009-07-14 00:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-04-15 00:31 - 2009-07-14 00:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-04-14 21:35 - 2014-11-17 22:13 - 00000000 ____D () C:\Users\Joe\Documents\JuiceCalculator2015-04-14 20:50 - 2012-11-04 14:15 - 01700493 _____ () C:\Windows\WindowsUpdate.log2015-04-14 20:39 - 2013-01-09 21:49 - 00000000 ____D () C:\Users\Joe\AppData\Local\Adobe2015-04-13 21:12 - 2009-07-14 01:13 - 00823836 _____ () C:\Windows\system32\PerfStringBackup.INI2015-04-13 21:07 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-04-13 21:05 - 2012-11-04 16:03 - 00000000 ____D () C:\Users\Joe\Documents\Outlook Files2015-04-12 09:21 - 2014-08-24 09:57 - 00000000 ____D () C:\Users\Joe\Documents\My Labels2015-04-11 20:58 - 2014-07-19 15:36 - 00000000 ____D () C:\Users\Joe\Documents\EJuice Recipes2015-04-05 08:22 - 2015-03-08 07:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2015-04-04 11:23 - 2015-03-05 22:18 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys2015-04-01 06:06 - 2014-06-01 21:32 - 00000000 ____D () C:\ProgramData\CanonIJPLM2015-04-01 05:39 - 2010-11-20 23:47 - 00833328 _____ () C:\Windows\PFRO.log2015-03-31 23:22 - 2012-11-04 15:28 - 00000000 ____D () C:\Users\Joe\AppData\Local\Google2015-03-31 23:22 - 2012-11-04 15:28 - 00000000 ____D () C:\Program Files (x86)\Google2015-03-31 23:16 - 2014-05-11 22:45 - 00000000 ____D () C:\temp2015-03-31 22:13 - 2012-11-04 14:29 - 00000000 ____D () C:\ProgramData\NVIDIA2015-03-30 22:52 - 2012-11-04 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation2015-03-30 22:52 - 2012-11-04 14:28 - 00000000 ____D () C:\Program Files\NVIDIA Corporation2015-03-30 22:52 - 2012-11-04 14:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation2015-03-27 23:44 - 2014-06-03 22:30 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll2015-03-27 23:44 - 2013-12-01 13:35 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll2015-03-27 23:43 - 2014-06-03 22:30 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll2015-03-27 23:43 - 2013-12-01 13:35 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll2015-03-27 21:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF2015-03-26 05:10 - 2015-03-02 22:19 - 00842440 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys2015-03-26 05:10 - 2014-08-19 13:31 - 00056008 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kldisk.sys2015-03-25 20:18 - 2014-12-11 04:19 - 00000000 ____D () C:\Windows\system32\appraiser2015-03-25 20:18 - 2014-05-06 21:45 - 00000000 ___SD () C:\Windows\system32\CompatTel2015-03-20 21:32 - 2014-06-16 23:13 - 00002785 _____ () C:\Users\Public\Desktop\eJuice Me Up.lnk2015-03-16 23:23 - 2014-05-25 21:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2015-03-16 20:03 - 2014-10-19 09:34 - 00191400 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2015-03-16 20:03 - 2014-10-19 09:34 - 00190888 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2015-03-16 20:03 - 2014-10-19 09:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2015-03-16 20:03 - 2013-05-01 23:14 - 00000000 ____D () C:\Program Files (x86)\Java2015-03-16 20:02 - 2013-04-24 22:46 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-03-16 20:02 - 2013-04-24 22:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-03-16 20:02 - 2013-04-24 22:46 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-03-16 19:30 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD ==================== Files in the root of some directories ======= 2015-02-12 22:54 - 2015-02-12 22:54 - 0000000 _____ () C:\Users\Joe\AppData\Roaming\1E2.tmp2013-04-13 15:25 - 2014-06-01 23:00 - 0000132 _____ () C:\Users\Joe\AppData\Roaming\Adobe BMP Format CS6 Prefs2014-10-28 00:06 - 2014-11-08 08:05 - 0000004 _____ () C:\Users\Joe\AppData\Roaming\appdataFr2.bin2013-05-27 11:23 - 2013-05-27 11:23 - 0000000 _____ () C:\Users\Joe\AppData\Roaming\bitlord_log.txt2014-09-24 07:44 - 2014-09-24 07:44 - 0002258 _____ () C:\Users\Joe\AppData\Local\0E573315C9FE4442A821BB71EE4B9688.Havana Mist Co. 2.lbx2014-08-03 10:16 - 2014-08-03 10:16 - 0001971 _____ () C:\Users\Joe\AppData\Local\63D9F3CACFD242ddBB80203A91870287.Layout2.lbx2014-08-16 03:21 - 2014-08-16 03:21 - 0001962 _____ () C:\Users\Joe\AppData\Local\6C598F6581C64858BEE9D05BCAA5A999.Layout2.lbx2014-08-17 14:48 - 2014-08-17 14:48 - 0001858 _____ () C:\Users\Joe\AppData\Local\7691DFF693A94f8cACC23A02BC50C5BF.Layout1.lbx2013-12-11 00:46 - 2013-12-11 00:46 - 144752885 _____ () C:\Users\Joe\AppData\Local\ACCCx2_2_1_260.zip.aamdownload2013-12-11 00:46 - 2013-12-11 00:46 - 0001817 _____ () C:\Users\Joe\AppData\Local\ACCCx2_2_1_260.zip.aamdownload.aamd2012-11-04 15:53 - 2012-11-04 15:53 - 0004608 _____ () C:\Users\Joe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-08-09 13:32 - 2014-08-09 13:32 - 0001867 _____ () C:\Users\Joe\AppData\Local\E5A3B4C20C0749b28C5529AA8D7201FA.Layout2.lbx2014-05-10 23:25 - 2014-05-10 23:25 - 0000091 _____ () C:\Users\Joe\AppData\Local\fusioncache.dat2013-05-27 11:25 - 2013-05-27 11:25 - 0000218 _____ () C:\Users\Joe\AppData\Local\recently-used.xbel2013-03-03 18:05 - 2014-03-12 20:45 - 0000795 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc2015-02-15 12:46 - 2015-02-15 13:06 - 0010938 _____ () C:\ProgramData\StreamingMediaTechnologyLog.txt Files to move or delete:====================C:\Users\Joe\FRST64.exe Some content of TEMP:====================C:\Users\Joe\AppData\Local\Temp\dllnt_dump.dllC:\Users\Joe\AppData\Local\Temp\Nv3DVisionIePlugin.dllC:\Users\Joe\AppData\Local\Temp\Nv3DVStreaming.dllC:\Users\Joe\AppData\Local\Temp\Nv3DVStreaming64.dllC:\Users\Joe\AppData\Local\Temp\Nv3DVStreamingIePlugin.dllC:\Users\Joe\AppData\Local\Temp\nvSCPAPI.dllC:\Users\Joe\AppData\Local\Temp\nvSCPAPISvr.exeC:\Users\Joe\AppData\Local\Temp\nvStInst.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-14 00:18 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2015Ran by Joe at 2015-04-15 01:50:38Running from C:\Users\Joe\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ACID Effects Rack (HKLM-x32\...\ACID Effects Rack_is1) (Version: 1.00 - iZotope, Inc.)ACID Pro 7.0 (HKLM-x32\...\{F7FD5E5E-3F0C-4931-AA1B-EAB838BC02DB}) (Version: 7.0.713 - Sony)Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)Adobe Photoshop Elements 13 (HKLM-x32\...\{609818B9-23EB-4196-B466-EFE05E92A32F}) (Version: 13.1 - Adobe Systems Incorporated)Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)Amazon Music (HKU\S-1-5-21-2048471247-995751312-864157879-1000\...\Amazon Amazon Music) (Version: 3.0.0.564 - Amazon Services LLC)Angry Birds Star Wars (HKLM-x32\...\{4D29F39B-A38F-4BD5-AACF-A09890708069}) (Version: 1.3.0 - Rovio Entertainment Ltd.)Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Avid Effects (HKLM-x32\...\{A86F1158-A7F7-4E8C-98E3-88F4996E85EB}) (Version: 10.3.2 - Avid Technology, Inc.)Avid HD Driver (x64) (HKLM\...\{658E112A-8776-4430-A275-D9248732DFB9}) (Version: 10.3.2 - Avid Technology, Inc.)Avid Mbox 1.0.22 (x64) (HKLM\...\{4C2E4E9E-17BA-4F05-B4BE-026193CCF47A}) (Version: 1.0.22 - Avid)Avid Mbox Pro 1.0.19 (x64) (HKLM\...\{D4950A38-AD5E-4986-9AA0-997640C536AC}) (Version: 1.0.19 - Avid)Avid Pro Tools (HKLM-x32\...\{8E60BB71-7EF3-42ED-9F10-AA041F25841A}) (Version: 10.3.2 - Avid Technology, Inc.)Avid Reverb One (HKLM-x32\...\{DDB7C063-216A-486E-AD0D-4C9C9A6A6D2A}) (Version: 10.2.0 - Avid Technology, Inc.)Avid Tel-Ray Variable Delay (HKLM-x32\...\{89028C3F-FBB3-4FA7-8C79-30FEA06DDA86}) (Version: 10.2.1 - Avid Technology, Inc.)Avid Virtual Instruments (HKLM-x32\...\{9239E44D-E688-4FF4-A1CA-3F1706B3B10B}) (Version: 10.0.0 - Avid Technology, Inc.)Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version: - Rocksteady Studios)Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version: - Rocksteady Studios)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)Brother P-touch Editor 5.1 (HKLM-x32\...\{39270390-A851-4E4B-94A9-D5C468216ED3}) (Version: 5.1.0300 - Brother Industries, Ltd.)Brother P-touch Software User's Guide (HKLM-x32\...\InstallShield_{FD525A47-5E7A-4970-A896-C520E270B079}) (Version: 1.00.0000 - Brother Industries, Ltd.)Brother P-touch Software User's Guide (x32 Version: 1.00.0000 - Brother Industries, Ltd.) HiddenBrother P-touch Update Software (HKLM-x32\...\{71B8773E-6B93-409A-84DF-49E387978F4A}) (Version: 1.0.0080 - Brother Industries, Ltd.)Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)Canon MG6400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6400_series) (Version: 1.01 - Canon Inc.)Canon MG6400 series On-screen Manual (HKLM-x32\...\Canon MG6400 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)Canon MG6400 series User Registration (HKLM-x32\...\Canon MG6400 series User Registration) (Version: - ‭Canon Inc.)Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)ChromecastApp (HKU\S-1-5-21-2048471247-995751312-864157879-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.316.0 - Google Inc.)Crysis® 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.0.0.0 - Electronic Arts)CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)Dropbox (HKU\S-1-5-21-2048471247-995751312-864157879-1000\...\Dropbox) (Version: 3.0.4 - Dropbox, Inc.)eJuice Me Up (HKLM-x32\...\{399E77D0-5CEC-41CE-AC95-179E2A0B1893}) (Version: 15.2 - Breaktru Software)eJuice Me Up (HKLM-x32\...\{7C162270-CA72-441F-8349-B0773B97586C}) (Version: 14.5 - Breaktru Software)EJuiceCalculator (HKLM-x32\...\{41908903-989F-4639-A5F0-AD9CDEBDB1EC}) (Version: 5.00.00007 - RodBrown)EVGA Precision X 4.0.0 (HKLM-x32\...\PrecisionX) (Version: 4.0.0 - EVGA Corporation)Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)Garritan ARIA for ACID Pro (HKLM\...\Garritan ARIA for ACID Pro_is1) (Version: v1.000 - Garritan)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddenHalf-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version: - Valve)Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version: - Valve)Half-Life 2: Update (HKLM-x32\...\Steam App 290930) (Version: - Filip Victor)Harmony Browser Plug-in (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech)iLok Client Helper (HKLM-x32\...\InstallShield_{DEA491FB-48BC-4B6B-8902-FCD4BAB069BE}) (Version: 5.9.1 - PACE Anti-Piracy, Inc.)iLok Client Helper (x32 Version: 5.9.1 - PACE Anti-Piracy, Inc.) HiddenIntel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.50.1172 - Intel Corporation)Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)Java 7 Update 76 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217076FF}) (Version: 7.0.760 - Oracle)Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenKaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)Kaspersky Anti-Virus (x32 Version: 15.0.2.361 - Kaspersky Lab) HiddenK-Lite Codec Pack 9.9.5 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.9.5 - )License Support (HKLM-x32\...\InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)License Support (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.) HiddenMacrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.)Macrium Reflect Free Edition (Version: 5.3.7256 - Paramount Software (UK) Ltd.) HiddenMergeModule_x64 (Version: 9.0.02 - Sony Corporation) HiddenMergeModule_x86 (x32 Version: 9.0.02 - Sony Corporation) HiddenMicrosoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)Microsoft OneDrive (HKU\S-1-5-21-2048471247-995751312-864157879-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) (HKLM-x32\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.761 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenMozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)MyHarmony (HKU\S-1-5-21-2048471247-995751312-864157879-1000\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)Native Instruments Guitar Combos (HKLM-x32\...\Native Instruments Guitar Combos) (Version: - )Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - )NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)NVIDIA Graphics Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)PlayMemories Home (HKLM-x32\...\{93AA5B49-0994-4EF6-80F3-868C9CEA88ED}) (Version: 4.0.02.10030 - Sony Corporation)PMB_ModeEditor (x32 Version: 9.0.02 - Sony Corporation) HiddenPMB_ServiceUploader (x32 Version: 9.0.02 - Sony Corporation) HiddenQuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) HiddenSAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.9.0 - SAMSUNG Electronics Co., Ltd.)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) HiddenSHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) HiddenSOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) HiddenSony Sound Forge 8.0d (HKLM-x32\...\{5636E517-8100-4E2A-B69E-2B16AFFA2360}) (Version: 8.0.128 - Sony)Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)TheMatrix Screen Saver version 1.14 (HKLM-x32\...\{23FBECC1-FA31-472A-83FB-27520B81EC3A}_is1) (Version: 1.14 - Meticulous Software)TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) HiddenVegas Pro 11.0 (HKLM-x32\...\{6AEFCA01-8DF1-11E1-A17B-F04DA23A5C58}) (Version: 11.0.682 - Sony)Visual C++ 64-bit Redistributables (HKLM-x32\...\InstallShield_{FB03650C-B373-4B20-ACA5-B7BA1A8EEE33}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)Visual C++ Redistributables (HKLM-x32\...\InstallShield_{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2048471247-995751312-864157879-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2048471247-995751312-864157879-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Joe\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2048471247-995751312-864157879-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Joe\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2048471247-995751312-864157879-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Joe\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2048471247-995751312-864157879-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Joe\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2048471247-995751312-864157879-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Joe\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2048471247-995751312-864157879-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Joe\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2048471247-995751312-864157879-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Joe\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2048471247-995751312-864157879-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2048471247-995751312-864157879-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2048471247-995751312-864157879-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2048471247-995751312-864157879-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2048471247-995751312-864157879-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2048471247-995751312-864157879-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2048471247-995751312-864157879-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2048471247-995751312-864157879-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 31-03-2015 03:07:36 Windows Update03-04-2015 05:24:35 Windows Update05-04-2015 03:00:10 Windows Update10-04-2015 05:24:34 Windows Update14-04-2015 05:09:16 Windows Update15-04-2015 01:40:15 Installed EJuiceCalculator. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2015-03-30 09:04 - 00000747 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0560F355-BBA8-4100-987F-A24943FC6045} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)Task: {1644EDD6-E1DD-476B-81F6-170F4ED352C0} - System32\Tasks\{36E542C7-BE65-43DA-BC12-D145B325EA44} => C:\Program Files (x86)\Steam\Steam.exe [2015-04-13] (Valve Corporation)Task: {1F43E004-C923-4FE7-BA2C-632455A42A66} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2048471247-995751312-864157879-1000Core => C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-04] (Google Inc.)Task: {1F5399DE-F219-4F10-AF1C-CD556A7C2DA9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-16] (Adobe Systems Incorporated)Task: {2FC735FF-9919-446D-B306-4D6FC6ABD4CA} - System32\Tasks\{67E62116-41FE-44E6-BF6A-3C2A267BDC0D} => pcalua.exe -a "F:\Users\Joe\Downloads\Crysis 2\EASetup.exe" -d "F:\Users\Joe\Downloads\Crysis 2"Task: {3D6A5C38-D2EF-4316-B2BC-6B54C5CF7244} - System32\Tasks\{99059033-240F-49B6-B78C-AC2C98375EB6} => pcalua.exe -a C:\Users\Joe\Desktop\HijackThis.exe -d C:\Users\Joe\DesktopTask: {46635102-CB01-40EF-83B7-0591C61493F1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-31] (Google Inc.)Task: {51911B63-069A-4865-BB9A-354F6CF70C40} - System32\Tasks\{3EF6FF81-B2CB-46B0-AE3A-3E833D880D36} => pcalua.exe -a C:\Users\Joe\Downloads\wace269i.exe -d C:\Users\Joe\DownloadsTask: {6BE00458-BFA0-46C0-B727-1C90644D297F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2048471247-995751312-864157879-1000UA => C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-04] (Google Inc.)Task: {71495BE9-502B-472C-BBA7-8A9C40D3252F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {72939CA5-9CC9-47A3-82AE-76DA2C4312DE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-31] (Google Inc.)Task: {76E235F6-B8D4-45AF-8956-58D8BD308E7F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)Task: {7C158E12-0301-4979-A733-4216ADFBD4F7} - System32\Tasks\SpyHunter4 => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2015-02-25] (Enigma Software Group USA, LLC.)Task: {9AA715E9-E7DB-4614-B675-FD3CE793C3EF} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)Task: {A6FE6FD7-B507-4A27-82B4-026700EFEF16} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)Task: {A8B29C3E-995B-4B20-B26C-2ABD72FB53CC} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)Task: {AAB5590C-E93C-429C-9F89-E8139CBAFE26} - System32\Tasks\{FEA98E9F-6077-4F85-AE6A-BE27594B7112} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/1313Task: {C04ADDCD-F9EE-47EE-93A5-FC67E1A75BE2} - \Jelbrus Secure Web Task No Task File <==== ATTENTIONTask: {CDAA9401-59F5-47FD-8348-B4234DCDAC18} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)Task: {DAC9707C-5567-4537-8605-82111CCD0F7E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {E3534B4A-ECD7-47A5-94E5-F507EA9DB4B8} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-02-25] (Enigma Software Group USA, LLC.)Task: {EB90724A-9B3C-430A-ADF5-58DA8353FFCB} - System32\Tasks\AdobeAAMUpdater-1.0-Office-Joe => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-08-27] (Adobe Systems Incorporated)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2048471247-995751312-864157879-1000Core.job => C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2048471247-995751312-864157879-1000UA.job => C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\SpyHunter4.job => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe ==================== Loaded Modules (whitelisted) ============== 2012-11-04 14:28 - 2015-03-13 12:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2013-04-04 21:04 - 2012-10-04 19:49 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2014-06-01 21:38 - 2012-03-27 23:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE2012-11-04 14:17 - 2011-12-14 18:53 - 00303360 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe2014-01-10 01:26 - 2014-01-10 01:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:373E1720AlternateDataStreams: C:\ProgramData\TEMP:5C321E34AlternateDataStreams: C:\ProgramData\TEMP:DDE29E40AlternateDataStreams: C:\Users\Joe\Local Settings:bx63UobVrw27y9ByfJNeAlternateDataStreams: C:\Users\Joe\Local Settings:L0huz7lzlYaeg6DjvFwQrEcGWJP3AlternateDataStreams: C:\Users\Joe\AppData\Local:bx63UobVrw27y9ByfJNeAlternateDataStreams: C:\Users\Joe\AppData\Local:L0huz7lzlYaeg6DjvFwQrEcGWJP3AlternateDataStreams: C:\Users\Joe\AppData\Local\570Fnw0Fptm:vjUtIC2r8tTgzJfDjebAApnAlternateDataStreams: C:\Users\Joe\AppData\Local\Application Data:bx63UobVrw27y9ByfJNeAlternateDataStreams: C:\Users\Joe\AppData\Local\Application Data:L0huz7lzlYaeg6DjvFwQrEcGWJP3AlternateDataStreams: C:\Users\Joe\AppData\Local\HkhbGYK4n:kVbn1JlDo4aLnrJx4FAlternateDataStreams: C:\Users\Joe\AppData\Local\qWAnz1MXRi:Iq6Hke5HtEBRKutWypzGmRS7AlternateDataStreams: C:\Users\Joe\AppData\Local\Temporary Internet Files:0Nw8avmZRVjUWFMDFYwJBZ0 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2048471247-995751312-864157879-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: 75.75.75.75 - 75.75.76.76 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= 4DB5C22ACFE44CC28C5F (S-1-5-21-2048471247-995751312-864157879-1002 - Limited - Enabled)Administrator (S-1-5-21-2048471247-995751312-864157879-500 - Administrator - Disabled)ASPNET (S-1-5-21-2048471247-995751312-864157879-1004 - Limited - Enabled)Guest (S-1-5-21-2048471247-995751312-864157879-501 - Limited - Disabled)Joe (S-1-5-21-2048471247-995751312-864157879-1000 - Administrator - Enabled) => C:\Users\JoeStudio (S-1-5-21-2048471247-995751312-864157879-1005 - Administrator - Enabled) => C:\Users\Studio ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (04/13/2015 09:07:18 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/01/2015 06:53:01 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/01/2015 05:39:56 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/31/2015 11:17:13 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/30/2015 08:47:25 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/30/2015 08:40:11 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/29/2015 09:21:20 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/28/2015 09:13:11 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/28/2015 00:10:48 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/27/2015 09:56:33 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors:=============Error: (04/14/2015 08:39:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Steam Client Service service failed to start due to the following error: %%1053 Error: (04/14/2015 08:39:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Error: (04/13/2015 09:07:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The SBSD Security Center Service service failed to start due to the following error: %%2 Error: (04/10/2015 07:06:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Steam Client Service service failed to start due to the following error: %%1053 Error: (04/10/2015 07:06:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Error: (04/04/2015 11:23:09 AM) (Source: Application Popup) (EventID: 1060) (User: )Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (04/01/2015 06:53:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The SBSD Security Center Service service failed to start due to the following error: %%2 Error: (04/01/2015 05:39:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The SBSD Security Center Service service failed to start due to the following error: %%2 Error: (03/31/2015 11:17:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The SBSD Security Center Service service failed to start due to the following error: %%2 Error: (03/30/2015 08:47:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The SBSD Security Center Service service failed to start due to the following error: %%2 Microsoft Office Sessions:=========================Error: (04/13/2015 09:07:18 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/01/2015 06:53:01 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/01/2015 05:39:56 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/31/2015 11:17:13 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/30/2015 08:47:25 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/30/2015 08:40:11 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/29/2015 09:21:20 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/28/2015 09:13:11 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/28/2015 00:10:48 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/27/2015 09:56:33 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors:=================================== Date: 2014-01-21 23:29:37.191 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system. Date: 2014-01-21 23:29:37.162 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system. Date: 2014-01-21 21:03:59.749 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system. Date: 2014-01-21 21:03:59.724 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system. Date: 2014-01-21 20:42:38.745 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system. Date: 2014-01-21 20:42:38.720 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system. Date: 2014-01-21 20:38:08.243 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system. Date: 2014-01-21 20:38:08.218 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system. Date: 2014-01-21 20:29:29.259 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system. Date: 2014-01-21 20:29:29.233 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MBWrp64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i7-2600K CPU @ 3.40GHzPercentage of memory in use: 21%Total physical RAM: 16358.46 MBAvailable physical RAM: 12809.8 MBTotal Pagefile: 32715.1 MBAvailable Pagefile: 29024.85 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.02 GB) (Free:718.58 GB) NTFSDrive d: (SYSTEM) (Fixed) (Total:0.49 GB) (Free:0.24 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive f: (Data HDD) (Fixed) (Total:1397.26 GB) (Free:843.41 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive h: (SSD) (Fixed) (Total:223.57 GB) (Free:223.44 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7D123E89)Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: B5E47E0B)Partition 1: (Active) - (Size=1397.3 GB) - (Type=07 NTFS) ========================================================Disk: 2 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 36CBC858)Partition 1: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS) ==================== End Of Log ============================
- April 15, 2015
- 1 reply

Sign In

xterling

Posts

Joined

Last visited

Reputation

Please help

Please help

Please help

Please help

Please help

Please help

Please help

I think I'm infected

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information