Virus (cannot use see Task Mgr, Cannot use Sys Restore, cannot view videos)

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.
S

shadowbird1

Thread Starter
Joined
Apr 8, 2014
Messages
16
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz, Intel64 Family 6 Model 15 Stepping 6
Processor Count: 2
RAM: 4029 Mb
Graphics Card: NVIDIA GeForce GTX 550 Ti, 1024 Mb
Hard Drives: C: Total - 953867 MB, Free - 652121 MB; D: Total - 953867 MB, Free - 708386 MB; G: Total - 953835 MB, Free - 393958 MB;
Motherboard: Dell Inc., 0WG855
Antivirus: Microsoft Security Essentials, Updated and Enabled


Virus (cannot use see Task Mgr for some time now, and today could not view many videos and could not upload a photo online to Fotor, so I tried Sys Restore but there are no older restore points anymore, all signs of a virus.

I use my computer for a work-from-home job, please help! Thank you!
 
JSntgRvr

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Welcome :)

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.
 
S

shadowbird1

Thread Starter
Joined
Apr 8, 2014
Messages
16
Thank you!!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by User (administrator) on USER-PC on 10-04-2015 15:21:48
Running from C:\Users\User\Documents\Downloads
Loaded Profiles: User & UpdatusUser (Available profiles: User & UpdatusUser & GUESST & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Remote Monitoring) C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE [83232 2009-06-22] (Corel Corporation)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2771832 2012-12-07] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [{3d15bcb9-4efe-7331-f703-765b082d3056}] => "C:\Users\User\AppData\Local\Microsoft\{3d15bcb9-4efe-7331-f703-765b082d3056}\{3d15bcb9-4efe-7331-f703-765b082d3056}.exe"
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1064144 2015-03-06] (Carbonite, Inc.)
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [{3d15bcb9-4efe-7331-f703-765b082d3056}] => "C:\Users\User\AppData\Local\Microsoft\{3d15bcb9-4efe-7331-f703-765b082d3056}\{3d15bcb9-4efe-7331-f703-765b082d3056}.exe" No File
HKU\S-1-5-21-746067525-1558049871-804338415-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-03-17] (Spotify Ltd)
HKU\S-1-5-21-746067525-1558049871-804338415-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-746067525-1558049871-804338415-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-746067525-1558049871-804338415-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
GroupPolicyUsers\S-1-5-21-746067525-1558049871-804338415-1005\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-746067525-1558049871-804338415-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-746067525-1558049871-804338415-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-746067525-1558049871-804338415-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
SearchScopes: HKU\S-1-5-21-746067525-1558049871-804338415-1000 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-746067525-1558049871-804338415-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-746067525-1558049871-804338415-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.com/search?q={searchTerms}
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2013-04-08] (pdfforge GmbH)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-03-29] (Belarc, Inc.)
Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2013-10-23] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sa6l437v.default
FF Keyword.URL:
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.bing.com/?pc=COSP&ptag=D011515-A510D0E105D5B4CC49CF&form=CONMHP&conlogo=CT3330941
FF NewTab: hxxp://www.bing.com/?pc=COSP&ptag=D011515-A510D0E105D5B4CC49CF&form=CONMHP&conlogo=CT3330941
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-04-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-04-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-04-23] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-04-23] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-08-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - c:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\FirefoxExtension
FF Extension: Copy To Wordperfect Lightning - c:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\FirefoxExtension [2013-10-02]

Chrome:
=======
CHR HomePage: Default -> https://www.google.com/
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-25]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-25]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-25]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-25]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Better Pop Up Blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic [2013-09-15]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Advanced Monitoring Agent; C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe [8417280 2015-03-09] (Remote Monitoring) [File not signed]
R2 Carbonite-Mirror-Image-Svc; C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe [6728256 2014-09-08] (Carbonite, Inc.)
S4 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2013-04-08] (CrashPlan) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-02-01] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx64.sys [34512 2015-01-22] ()
S1 fipjpwpk; \??\C:\Windows\system32\drivers\fipjpwpk.sys [X]
S1 gsqznytp; \??\C:\Windows\system32\drivers\gsqznytp.sys [X]
S1 ncvtgjod; \??\C:\Windows\system32\drivers\ncvtgjod.sys [X]
S1 rdvdyxbz; \??\C:\Windows\system32\drivers\rdvdyxbz.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-10 15:21 - 2015-04-10 15:21 - 00000000 ____D () C:\FRST
2015-04-09 22:57 - 2015-04-09 22:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BetterJPEG 3
2015-04-09 22:57 - 2015-04-09 22:57 - 00000000 ____D () C:\Program Files (x86)\BetterJPEG 3
2015-04-09 01:23 - 2015-04-09 01:23 - 00000000 ____D () C:\Windows\TempC1BC189A-D115-3887-7B15-1C8146B44631-Signatures
2015-04-09 01:22 - 2015-04-09 01:22 - 00000000 ____D () C:\Windows\TempB915189C-2422-F721-74A4-C64F40B0A9F0-Signatures
2015-04-08 17:57 - 2015-04-08 17:57 - 00002142 _____ () C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2015-04-08 17:57 - 2015-04-08 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
2015-04-05 11:25 - 2015-04-05 11:27 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 11:25 - 2015-04-05 11:25 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 02:06 - 2015-04-05 02:06 - 00000000 ____D () C:\Windows\Temp92668F6F-84FD-8BFD-3CF5-B7A7B003AB5A-Signatures
2015-04-05 02:02 - 2015-04-05 02:02 - 00000000 ____D () C:\Windows\Temp0CCA61D7-8D38-F48D-8E94-62F1187AE275-Signatures
2015-04-04 13:37 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-04-04 13:37 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-04-04 13:37 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-04-04 13:37 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-04-04 13:37 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-04-04 13:37 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-04-04 13:37 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-04-04 13:37 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-04-04 13:37 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-04-04 13:37 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-04-04 13:37 - 2015-01-28 23:23 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-04 13:37 - 2015-01-28 23:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-04 13:37 - 2015-01-28 23:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-04 13:37 - 2015-01-28 23:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-04 13:37 - 2015-01-28 23:05 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-04 13:37 - 2015-01-28 23:05 - 03917752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-04 13:36 - 2015-01-28 23:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-04 13:36 - 2015-01-28 23:19 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-04 13:36 - 2015-01-28 23:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-04 13:36 - 2015-01-28 23:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-04 13:36 - 2015-01-28 22:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-04 13:35 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-04 13:35 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-04 13:35 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-04 13:35 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-04 13:35 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-04 13:35 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-04 13:35 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-04 13:35 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-04 13:35 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-04 13:35 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-04 13:35 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-04 13:35 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-04 13:35 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-04 13:35 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-04 13:35 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-04 13:35 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-04 13:35 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-04 13:35 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-04 13:35 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-04 13:35 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-04 13:35 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-04 13:35 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-04 13:35 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-04 13:35 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-04 13:35 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-04 13:35 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-04 13:35 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-04 13:35 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-04 13:35 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-04 13:35 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-04 13:35 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-04 13:35 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-04-04 13:35 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-04-04 13:35 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-04-04 13:30 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-04-04 13:30 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-04-04 13:30 - 2015-01-30 23:48 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-04-04 13:30 - 2015-01-30 23:05 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-04-04 13:30 - 2015-01-30 23:04 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-04-04 13:30 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-04 13:30 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-04 01:33 - 2015-04-04 01:33 - 00000000 ____D () C:\Windows\TempB2E25CAB-9272-B08F-6265-EE2F5A1AAEF7-Signatures
2015-04-04 01:16 - 2015-04-04 01:16 - 00000000 ____D () C:\Windows\TempEE615185-528A-1BFB-0228-9AD54592B356-Signatures
2015-04-04 01:14 - 2015-04-09 22:35 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-04-04 01:08 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-04 01:08 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-04 01:08 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-04 01:08 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-04 01:08 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-04 01:08 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-04 01:08 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-04 01:07 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-04 01:07 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-04 01:07 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-04 01:07 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-04 01:07 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-04 01:07 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-04 01:07 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-04 01:07 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-04 01:07 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-04 01:07 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-04 01:07 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-04 01:07 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-04 01:07 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-04 01:07 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-04 01:07 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-04 01:07 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-04 01:07 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-04 01:07 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-04 01:07 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-04 01:07 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-04 01:07 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-04 01:07 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-04 01:07 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-04 01:07 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-04 01:07 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-04 01:07 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-04 01:07 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-04 01:07 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-04 01:07 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-04 01:07 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-04 01:07 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-04 01:07 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-04 01:07 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-04 01:07 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-04 01:07 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-04 01:07 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-04 01:07 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-04 01:07 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-04 01:07 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-04 01:07 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-04 01:07 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-04 01:07 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-04 01:07 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-04 01:07 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-04 01:07 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-04 01:07 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-04 01:07 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-04 01:07 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-04 01:07 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-04 01:01 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-04-04 01:01 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-04-01 01:52 - 2015-04-01 01:52 - 00000000 ____D () C:\Windows\TempB82C91F8-065F-9555-132C-168C4D528F5B-Signatures
2015-04-01 01:50 - 2015-04-01 01:51 - 00000000 ____D () C:\Windows\TempEE8B841A-F616-4367-5C5D-B596FB0636A8-Signatures
2015-03-29 04:03 - 2015-03-29 04:03 - 00001610 _____ () C:\Windows\system32\fixvss.bat
2015-03-24 21:40 - 2015-03-24 21:40 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-20 01:34 - 2015-03-20 01:34 - 00000000 ____D () C:\Users\User\AppData\Local\pdfforge
2015-03-20 01:34 - 2015-03-20 01:34 - 00000000 ____D () C:\Users\User\AppData\Local\PDFCreator
2015-03-14 01:50 - 2015-03-14 01:51 - 00000000 ____D () C:\Program Files\PDFCreator
2015-03-14 01:50 - 2015-03-14 01:50 - 00000846 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2015-03-14 01:50 - 2015-03-14 01:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\pdfforge
2015-03-14 01:50 - 2015-03-14 01:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-03-14 01:50 - 2015-01-22 16:14 - 00114872 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2015-03-12 20:02 - 2015-03-12 20:02 - 00000000 ____D () C:\Users\User\AppData\Roaming\TeamViewer

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-10 15:13 - 2013-09-15 13:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-10 14:30 - 2014-05-27 01:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-10 14:23 - 2013-08-21 15:16 - 00000000 ____D () C:\Program Files (x86)\Advanced Monitoring Agent
2015-04-10 14:13 - 2013-09-15 13:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-10 12:56 - 2013-08-19 01:40 - 01521124 _____ () C:\Windows\WindowsUpdate.log
2015-04-10 10:26 - 2009-07-14 01:13 - 00779266 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-10 10:26 - 2009-07-14 00:45 - 00027360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-10 10:26 - 2009-07-14 00:45 - 00027360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-10 10:17 - 2013-08-24 20:27 - 00078293 _____ () C:\Windows\setupact.log
2015-04-10 10:17 - 2013-08-18 23:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-10 10:17 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-10 01:30 - 2014-05-27 01:25 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-10 01:30 - 2014-05-27 01:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-10 01:30 - 2014-05-27 01:25 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-09 22:37 - 2013-10-02 21:43 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Swift Sound
2015-04-09 20:04 - 2013-10-03 00:39 - 00000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2015-04-09 20:04 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-09 18:42 - 2009-07-14 00:45 - 00324160 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-09 10:14 - 2013-08-26 14:15 - 00165666 _____ () C:\Windows\PFRO.log
2015-04-09 01:24 - 2013-08-21 14:43 - 00002113 _____ () C:\Windows\epplauncher.mif
2015-04-08 18:04 - 2013-12-16 11:30 - 00000000 ____D () C:\Program Files\Carbonite
2015-04-08 17:57 - 2013-12-16 11:30 - 00004140 _____ () C:\Windows\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}
2015-04-07 18:03 - 2009-07-14 01:08 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-07 00:06 - 2013-09-24 21:04 - 00000000 ____D () C:\Users\User\Documents\GROUPON
2015-04-05 13:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-04-05 11:28 - 2014-09-14 11:32 - 00078112 _____ () C:\Users\GUESST\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-04 01:33 - 2013-08-18 23:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-04 01:17 - 2013-08-18 23:12 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-03 21:10 - 2013-09-02 18:53 - 00000000 ____D () C:\Users\User\Documents\TRAVEL
2015-04-02 01:35 - 2014-06-21 16:49 - 00000441 _____ () C:\backup.status
2015-04-01 23:47 - 2014-02-25 00:12 - 00000000 ____D () C:\Users\User\Desktop\TAPPING SEMINAR
2015-03-30 01:56 - 2013-10-03 00:39 - 00000000 ____D () C:\Users\User\AppData\Roaming\Corel
2015-03-29 02:38 - 2013-11-17 13:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotify
2015-03-28 22:19 - 2013-11-17 13:18 - 00000000 ____D () C:\Users\User\AppData\Local\Spotify
2015-03-25 12:27 - 2014-07-01 00:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-24 21:40 - 2014-07-01 01:32 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-24 21:40 - 2014-07-01 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-17 06:15 - 2014-07-01 00:29 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-07-01 00:29 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2014-07-01 00:29 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-17 01:22 - 2013-10-13 21:50 - 00078112 _____ () C:\Users\User\AppData\Roaming\GDIPFONTCACHEV1.DAT
2015-03-12 22:15 - 2013-08-21 13:18 - 00078112 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-12 20:02 - 2013-08-21 15:17 - 00000000 ____D () C:\Program Files (x86)\TeamViewer

==================== Files in the root of some directories =======

2013-10-02 21:43 - 2011-03-15 22:40 - 0867400 _____ (NCH Software) C:\Program Files (x86)\essetup[1]_v5.13.exe
2013-10-02 21:33 - 2011-03-15 22:58 - 1487364 _____ (NCH Software) C:\Program Files (x86)\scribe.exe
2014-03-01 02:25 - 2014-03-01 02:37 - 0002272 _____ () C:\Users\User\AppData\Roaming\AutoTagLog.log
2014-03-01 02:20 - 2014-03-01 21:29 - 0000870 _____ () C:\Users\User\AppData\Roaming\RegistrationLog.log
2014-03-01 02:20 - 2014-03-02 22:12 - 0027251 _____ () C:\Users\User\AppData\Roaming\ReplayMusicLog.log
2015-01-22 01:05 - 2015-01-22 01:05 - 0001181 _____ () C:\Users\User\AppData\Roaming\trace_FilterInstaller.txt
2015-01-22 01:05 - 2015-01-22 01:05 - 0000000 _____ () C:\Users\User\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2015-01-11 23:12 - 2015-01-11 23:12 - 0003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-21 13:21 - 2013-10-06 21:46 - 0007626 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2013-09-22 16:28 - 2013-09-22 16:28 - 0000000 _____ () C:\Users\User\AppData\Local\Schedule8.dat
2013-10-03 00:39 - 2015-04-09 20:04 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2013-09-15 22:49 - 2014-09-15 14:03 - 0000770 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\burnsetup.exe
C:\Users\User\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
C:\Users\User\AppData\Local\Temp\SpOrder.dll
C:\Users\User\AppData\Local\Temp\stsetup.exe


Some zero byte size files/folders:
==========================
C:\Windows\System32\jupsf.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 19:40

==================== End Of Log ============================
 

Attachments

JSntgRvr

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
The Event Viewer shows problems with your hard drive. Run CHKDSK in the Recovery Environment.

Enter the System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html


    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:

  • Type in the following and press Enter.
    .
    bcdedit | find "osdevice"​
  • Note the osdevice partition letter, then type.

    CHKDSK X: /R​
  • Where X is the osdevice letter, and press Enter
  • The tool will start to run.

Upon finished, type exit and press Enter. Restart the computer

Let me know the outcome.

Please download the attached file and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
 

Attachments

S

shadowbird1

Thread Starter
Joined
Apr 8, 2014
Messages
16
THANK YOU! When I clicked on the link for Tech Support Guy this time, something like a pop up stopper or something else downloaded real quick to my PC.


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-04-2015
Ran by User at 2015-04-14 01:13:02 Run:2
Running from C:\Users\User\Documents\Downloads
Loaded Profiles: User & UpdatusUser (Available profiles: User & UpdatusUser & GUESST & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [{3d15bcb9-4efe-7331-f703-765b082d3056}] => "C:\Users\User\AppData\Local\Microsoft\{3d15bcb9-4efe-7331-f703-765b082d3056}\{3d15bcb9-4efe-7331-f703-765b082d3056}.exe"
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [{3d15bcb9-4efe-7331-f703-765b082d3056}] => "C:\Users\User\AppData\Local\Microsoft\{3d15bcb9-4efe-7331-f703-765b082d3056}\{3d15bcb9-4efe-7331-f703-765b082d3056}.exe" No File
HKU\S-1-5-21-746067525-1558049871-804338415-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
GroupPolicyUsers\S-1-5-21-746067525-1558049871-804338415-1005\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-746067525-1558049871-804338415-1001\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKU\S-1-5-21-746067525-1558049871-804338415-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S1 fipjpwpk; \??\C:\Windows\system32\drivers\fipjpwpk.sys [X]
S1 gsqznytp; \??\C:\Windows\system32\drivers\gsqznytp.sys [X]
S1 ncvtgjod; \??\C:\Windows\system32\drivers\ncvtgjod.sys [X]
S1 rdvdyxbz; \??\C:\Windows\system32\drivers\rdvdyxbz.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Windows\System32\jupsf.dll
C:\Users\User\AppData\Local\Temp\burnsetup.exe
C:\Users\User\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
C:\Users\User\AppData\Local\Temp\SpOrder.dll
C:\Users\User\AppData\Local\Temp\stsetup.exe
C:\Windows\system32\kqyhvh.dll
Task: {0C059062-6F12-4746-BAF1-034FA6BCC6F3} - System32\Tasks\{D02E6D92-03DF-EE7C-14C7-03B945F20A47} => C:\Windows\system32\kqyhvh.dll/s "C:\Windows\system32\kqyhvh.dll"
Task: {399406A4-C529-46FF-9860-29A29849ED6D} - System32\Tasks\{0B287664-9A85-413B-8A11-FF07EDE3FB9B} => pcalua.exe -a "C:\Users\User\Downloads\Clean Install Tool.exe" -d C:\Users\User\Downloads
Task: {451D340D-74F0-48EE-B443-429751731B78} - System32\Tasks\{2717DD4A-547F-4271-B63F-4DD58D006CAE} => pcalua.exe -a E:\setup.exe -d E:\
Task: {5251B5D8-FD25-4315-A710-BC30EBA5EAC1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
CMD: Type C:\Windows\system32\fixvss.bat
EmptyTemp:







*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\{3d15bcb9-4efe-7331-f703-765b082d3056} => Value not found.
HKLM => Group Policy Restriction on software not found.
HKLM => Group Policy Restriction on software not found.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{3d15bcb9-4efe-7331-f703-765b082d3056} => Value not found.
HKU\S-1-5-21-746067525-1558049871-804338415-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => Value not found.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data not found.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value Data not found.
"C:\Windows\system32\GroupPolicyUsers\S-1-5-21-746067525-1558049871-804338415-1005\User" => File/Directory not found.
"C:\Windows\system32\GroupPolicyUsers\S-1-5-21-746067525-1558049871-804338415-1001\User" => File/Directory not found.
HKU\S-1-5-21-746067525-1558049871-804338415-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
fipjpwpk => Service not found.
gsqznytp => Service not found.
ncvtgjod => Service not found.
rdvdyxbz => Service not found.
VGPU => Service not found.
"C:\Windows\System32\jupsf.dll" => File/Directory not found.
"C:\Users\User\AppData\Local\Temp\burnsetup.exe" => File/Directory not found.
"C:\Users\User\AppData\Local\Temp\Foxit PhantomPDF Updater.exe" => File/Directory not found.
"C:\Users\User\AppData\Local\Temp\SpOrder.dll" => File/Directory not found.
"C:\Users\User\AppData\Local\Temp\stsetup.exe" => File/Directory not found.
"C:\Windows\system32\kqyhvh.dll" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C059062-6F12-4746-BAF1-034FA6BCC6F3} => Key not found.
C:\Windows\System32\Tasks\{D02E6D92-03DF-EE7C-14C7-03B945F20A47} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D02E6D92-03DF-EE7C-14C7-03B945F20A47} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{399406A4-C529-46FF-9860-29A29849ED6D} => Key not found.
C:\Windows\System32\Tasks\{0B287664-9A85-413B-8A11-FF07EDE3FB9B} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0B287664-9A85-413B-8A11-FF07EDE3FB9B} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{451D340D-74F0-48EE-B443-429751731B78} => Key not found.
C:\Windows\System32\Tasks\{2717DD4A-547F-4271-B63F-4DD58D006CAE} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2717DD4A-547F-4271-B63F-4DD58D006CAE} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5251B5D8-FD25-4315-A710-BC30EBA5EAC1} => Key not found.
C:\Windows\System32\Tasks\CCleanerSkipUAC not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => Key not found.

========= Type C:\Windows\system32\fixvss.bat =========

@echo off
setlocal
set SYS32=%SYSTEMROOT%\System32
set REGSVR=%SYS32%\regsvr32
set SVCCTL=%SYS32%\sc.exe
set VSSVC=%SYS32%\Vssvc.exe

@echo Shutting down services being configured.
%SVCCTL% stop vss 2>>1 >>fixvss.log
%SVCCTL% stop swprv 2>>1 >>fixvss.log

@echo Restoring relevant shadow services to original startup configs.
%SVCCTL% config vss start= demand 2>>1 >>fixvss.log
%SVCCTL% config swprv start= demand 2>>1 >>fixvss.log
%SVCCTL% config termservice start= auto 2>>1 >>fixvss.log
%SVCCTL% config EventSystem start= auto 2>>1 >>fixvss.log

if "%PROCESSOR_ARCHITECTURE%" != "x86" goto X64
%SVCCTL% config RpcSs start= auto 2>>1 >>fixvss.log
pushd %SYS32%
echo Registering critical x86 VSS services
%REGSVR% /s %SYS32%\ole32.dll 2>>1 >>fixvss.log
%REGSVR% /s %SYS32%\oleaut32.dll 2>>1 >>fixvss.log
%REGSVR% /s %SYS32%\vss_ps.dll 2>>1 >>fixvss.log
%VSSVC% /Register 2>>1 >>fixvss.log
%REGSVR% /s /i %SYS32%\swprv.dll 2>>1 >>fixvss.log
%REGSVR% /s /i %SYS32%\eventcls.dll 2>>1 >>fixvss.log
%REGSVR% /s %SYS32%\es.dll 2>>1 >>fixvss.log
%REGSVR% /s %SYS32%\stdprov.dll 2>>1 >>fixvss.log
%REGSVR% /s %SYS32%\msxml.dll 2>>1 >>fixvss.log
%REGSVR% /s %SYS32%\msxml3.dll 2>>1 >>fixvss.log
%REGSVR% /s %SYS32%\msxml4.dll 2>>1 >>fixvss.log
%SYS32%\msdtc.exe -resetlog 2>>1 >>fixvss.log
popd
goto END
:X64
echo No X64 services to affect 2>>1 >>fixvss.log
:END
endlocal

========= End of CMD: =========

EmptyTemp: => Removed 6.4 GB temporary data.


The system needed a reboot.

==== End of Fixlog 01:13:44 ====
 
JSntgRvr

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Did CHKDSK find problems?

Please re-scan with FRST and post the resulting FRST.txt and Addition.txt.

How is the computer doing?
 
S

shadowbird1

Thread Starter
Joined
Apr 8, 2014
Messages
16
It's the same. When I reboot, quite often it says I need to do a system restore, then it says it can't. When I try to do a restore separately, there are no dates to restore, and there should be several dates. I also still cannot play some videos. I will rescan and post it.
 
JSntgRvr

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Did you run CHKDSK on the Recovery Environment as requested? If so, any errors found?
 
S

shadowbird1

Thread Starter
Joined
Apr 8, 2014
Messages
16
I ran CHKDSK according to your instructions. I thought the report was supposed to show the errors. Is there a CHKDSK log somewhere that I should look at?
 
JSntgRvr

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Not in the Recovery Environment.

Please re-run FRST and post its reports.
 
S

shadowbird1

Thread Starter
Joined
Apr 8, 2014
Messages
16
THANK YOU!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04
Ran by User (administrator) on USER-PC on 16-04-2015 01:50:26
Running from C:\Users\User\Documents\Downloads
Loaded Profiles: User & UpdatusUser (Available profiles: User & UpdatusUser & GUESST & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Remote Monitoring) C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE [83232 2009-06-22] (Corel Corporation)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2771832 2012-12-07] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1064144 2015-03-06] (Carbonite, Inc.)
HKU\S-1-5-21-746067525-1558049871-804338415-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-03-17] (Spotify Ltd)
HKU\S-1-5-21-746067525-1558049871-804338415-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-746067525-1558049871-804338415-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-746067525-1558049871-804338415-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
SearchScopes: HKU\S-1-5-21-746067525-1558049871-804338415-1000 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-746067525-1558049871-804338415-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.com/search?q={searchTerms}
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2013-04-08] (pdfforge GmbH)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-03-29] (Belarc, Inc.)
Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2013-10-23] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sa6l437v.default
FF Keyword.URL:
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.bing.com/?pc=COSP&ptag=D011515-A510D0E105D5B4CC49CF&form=CONMHP&conlogo=CT3330941
FF NewTab: hxxp://www.bing.com/?pc=COSP&ptag=D011515-A510D0E105D5B4CC49CF&form=CONMHP&conlogo=CT3330941
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-04-23] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-04-23] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-08-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - c:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\FirefoxExtension
FF Extension: Copy To Wordperfect Lightning - c:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\FirefoxExtension [2013-10-02]

Chrome:
=======
CHR HomePage: Default -> https://www.google.com/
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-25]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-25]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-25]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-25]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Better Pop Up Blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic [2013-09-15]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Advanced Monitoring Agent; C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe [8417280 2015-03-09] (Remote Monitoring) [File not signed]
R2 Carbonite-Mirror-Image-Svc; C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe [6728256 2014-09-08] (Carbonite, Inc.)
S4 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2013-04-08] (CrashPlan) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-02-01] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx64.sys [34512 2015-01-22] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 00:59 - 2015-04-15 01:02 - 00000000 ____D () C:\Users\User\Desktop\JENNIFER
2015-04-10 15:21 - 2015-04-16 01:50 - 00000000 ____D () C:\FRST
2015-04-09 22:57 - 2015-04-09 22:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BetterJPEG 3
2015-04-09 22:57 - 2015-04-09 22:57 - 00000000 ____D () C:\Program Files (x86)\BetterJPEG 3
2015-04-09 01:23 - 2015-04-09 01:23 - 00000000 ____D () C:\Windows\TempC1BC189A-D115-3887-7B15-1C8146B44631-Signatures
2015-04-09 01:22 - 2015-04-09 01:22 - 00000000 ____D () C:\Windows\TempB915189C-2422-F721-74A4-C64F40B0A9F0-Signatures
2015-04-08 17:57 - 2015-04-08 17:57 - 00002142 _____ () C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2015-04-08 17:57 - 2015-04-08 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
2015-04-05 11:25 - 2015-04-05 11:27 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 11:25 - 2015-04-05 11:25 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 02:06 - 2015-04-05 02:06 - 00000000 ____D () C:\Windows\Temp92668F6F-84FD-8BFD-3CF5-B7A7B003AB5A-Signatures
2015-04-05 02:02 - 2015-04-05 02:02 - 00000000 ____D () C:\Windows\Temp0CCA61D7-8D38-F48D-8E94-62F1187AE275-Signatures
2015-04-04 13:37 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-04-04 13:37 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-04-04 13:37 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-04-04 13:37 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-04-04 13:37 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-04-04 13:37 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-04-04 13:37 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-04-04 13:37 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-04-04 13:37 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-04-04 13:37 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-04-04 13:37 - 2015-01-28 23:23 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-04 13:37 - 2015-01-28 23:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-04 13:37 - 2015-01-28 23:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-04 13:37 - 2015-01-28 23:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-04 13:37 - 2015-01-28 23:05 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-04 13:37 - 2015-01-28 23:05 - 03917752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-04 13:36 - 2015-01-28 23:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-04 13:36 - 2015-01-28 23:19 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-04 13:36 - 2015-01-28 23:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-04 13:36 - 2015-01-28 23:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-04 13:36 - 2015-01-28 22:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-04 13:35 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-04 13:35 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-04 13:35 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-04 13:35 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-04 13:35 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-04 13:35 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-04 13:35 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-04 13:35 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-04 13:35 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-04 13:35 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-04 13:35 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-04 13:35 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-04 13:35 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-04 13:35 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-04 13:35 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-04 13:35 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-04 13:35 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-04 13:35 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-04 13:35 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-04 13:35 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-04 13:35 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-04 13:35 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-04 13:35 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-04 13:35 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-04 13:35 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-04 13:35 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-04 13:35 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-04 13:35 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-04 13:35 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-04 13:35 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-04 13:35 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-04 13:35 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-04-04 13:35 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-04-04 13:35 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-04-04 13:30 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-04-04 13:30 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-04-04 13:30 - 2015-01-30 23:48 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-04-04 13:30 - 2015-01-30 23:05 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-04-04 13:30 - 2015-01-30 23:04 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-04-04 13:30 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-04 13:30 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-04 01:33 - 2015-04-04 01:33 - 00000000 ____D () C:\Windows\TempB2E25CAB-9272-B08F-6265-EE2F5A1AAEF7-Signatures
2015-04-04 01:16 - 2015-04-04 01:16 - 00000000 ____D () C:\Windows\TempEE615185-528A-1BFB-0228-9AD54592B356-Signatures
2015-04-04 01:14 - 2015-04-09 22:35 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-04-04 01:08 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-04 01:08 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-04 01:08 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-04 01:08 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-04 01:08 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-04 01:08 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-04 01:08 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-04 01:07 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-04 01:07 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-04 01:07 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-04 01:07 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-04 01:07 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-04 01:07 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-04 01:07 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-04 01:07 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-04 01:07 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-04 01:07 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-04 01:07 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-04 01:07 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-04 01:07 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-04 01:07 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-04 01:07 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-04 01:07 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-04 01:07 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-04 01:07 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-04 01:07 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-04 01:07 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-04 01:07 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-04 01:07 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-04 01:07 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-04 01:07 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-04 01:07 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-04 01:07 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-04 01:07 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-04 01:07 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-04 01:07 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-04 01:07 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-04 01:07 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-04 01:07 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-04 01:07 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-04 01:07 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-04 01:07 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-04 01:07 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-04 01:07 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-04 01:07 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-04 01:07 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-04 01:07 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-04 01:07 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-04 01:07 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-04 01:07 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-04 01:07 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-04 01:07 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-04 01:07 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-04 01:07 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-04 01:07 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-04 01:07 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-04 01:01 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-04-04 01:01 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-04-01 01:52 - 2015-04-01 01:52 - 00000000 ____D () C:\Windows\TempB82C91F8-065F-9555-132C-168C4D528F5B-Signatures
2015-04-01 01:50 - 2015-04-01 01:51 - 00000000 ____D () C:\Windows\TempEE8B841A-F616-4367-5C5D-B596FB0636A8-Signatures
2015-03-29 04:03 - 2015-03-29 04:03 - 00001610 _____ () C:\Windows\system32\fixvss.bat
2015-03-24 21:40 - 2015-03-24 21:40 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-20 01:34 - 2015-03-20 01:34 - 00000000 ____D () C:\Users\User\AppData\Local\pdfforge
2015-03-20 01:34 - 2015-03-20 01:34 - 00000000 ____D () C:\Users\User\AppData\Local\PDFCreator

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-16 01:49 - 2013-10-02 21:43 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Swift Sound
2015-04-16 01:30 - 2014-05-27 01:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-16 01:28 - 2013-08-21 15:16 - 00000000 ____D () C:\Program Files (x86)\Advanced Monitoring Agent
2015-04-16 00:14 - 2013-09-15 13:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-15 22:36 - 2013-09-15 13:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-15 21:30 - 2014-05-27 01:25 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 21:30 - 2014-05-27 01:25 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 21:30 - 2014-05-27 01:25 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 18:24 - 2009-07-14 01:13 - 00779266 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-15 18:23 - 2009-07-14 00:45 - 00027360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-15 18:23 - 2009-07-14 00:45 - 00027360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-15 18:19 - 2013-08-19 01:40 - 01912170 _____ () C:\Windows\WindowsUpdate.log
2015-04-15 18:16 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-15 18:15 - 2013-08-24 20:27 - 00078965 _____ () C:\Windows\setupact.log
2015-04-15 18:15 - 2013-08-18 23:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-15 09:50 - 2013-10-03 00:39 - 00000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2015-04-15 09:50 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-14 01:24 - 2013-08-26 14:15 - 00166740 _____ () C:\Windows\PFRO.log
2015-04-13 21:05 - 2013-10-07 10:44 - 00000008 __RSH () C:\Users\User\ntuser.pol
2015-04-13 21:01 - 2014-09-07 16:57 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-04-13 20:18 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-04-09 18:42 - 2009-07-14 00:45 - 00324160 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-09 01:24 - 2013-08-21 14:43 - 00002113 _____ () C:\Windows\epplauncher.mif
2015-04-08 18:04 - 2013-12-16 11:30 - 00000000 ____D () C:\Program Files\Carbonite
2015-04-08 17:57 - 2013-12-16 11:30 - 00004140 _____ () C:\Windows\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}
2015-04-07 18:03 - 2009-07-14 01:08 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-07 00:06 - 2013-09-24 21:04 - 00000000 ____D () C:\Users\User\Documents\GROUPON
2015-04-05 13:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-04-05 11:28 - 2014-09-14 11:32 - 00078112 _____ () C:\Users\GUESST\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-04 01:33 - 2013-08-18 23:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-04 01:17 - 2013-08-18 23:12 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-03 21:10 - 2013-09-02 18:53 - 00000000 ____D () C:\Users\User\Documents\TRAVEL
2015-04-02 01:35 - 2014-06-21 16:49 - 00000441 _____ () C:\backup.status
2015-04-01 23:47 - 2014-02-25 00:12 - 00000000 ____D () C:\Users\User\Desktop\TAPPING SEMINAR
2015-03-30 01:56 - 2013-10-03 00:39 - 00000000 ____D () C:\Users\User\AppData\Roaming\Corel
2015-03-29 02:38 - 2013-11-17 13:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotify
2015-03-28 22:19 - 2013-11-17 13:18 - 00000000 ____D () C:\Users\User\AppData\Local\Spotify
2015-03-25 12:27 - 2014-07-01 00:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-24 21:40 - 2014-07-01 01:32 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-24 21:40 - 2014-07-01 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-17 06:15 - 2014-07-01 00:29 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-07-01 00:29 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2014-07-01 00:29 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-17 01:22 - 2013-10-13 21:50 - 00078112 _____ () C:\Users\User\AppData\Roaming\GDIPFONTCACHEV1.DAT

==================== Files in the root of some directories =======

2013-10-02 21:43 - 2011-03-15 22:40 - 0867400 _____ (NCH Software) C:\Program Files (x86)\essetup[1]_v5.13.exe
2013-10-02 21:33 - 2011-03-15 22:58 - 1487364 _____ (NCH Software) C:\Program Files (x86)\scribe.exe
2014-03-01 02:25 - 2014-03-01 02:37 - 0002272 _____ () C:\Users\User\AppData\Roaming\AutoTagLog.log
2014-03-01 02:20 - 2014-03-01 21:29 - 0000870 _____ () C:\Users\User\AppData\Roaming\RegistrationLog.log
2014-03-01 02:20 - 2014-03-02 22:12 - 0027251 _____ () C:\Users\User\AppData\Roaming\ReplayMusicLog.log
2015-01-22 01:05 - 2015-01-22 01:05 - 0001181 _____ () C:\Users\User\AppData\Roaming\trace_FilterInstaller.txt
2015-01-22 01:05 - 2015-01-22 01:05 - 0000000 _____ () C:\Users\User\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2015-01-11 23:12 - 2015-01-11 23:12 - 0003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-21 13:21 - 2013-10-06 21:46 - 0007626 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2013-09-22 16:28 - 2013-09-22 16:28 - 0000000 _____ () C:\Users\User\AppData\Local\Schedule8.dat
2013-10-03 00:39 - 2015-04-15 09:50 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2013-09-15 22:49 - 2014-09-15 14:03 - 0000770 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-15 01:20

==================== End Of Log ============================
 

Attachments

JSntgRvr

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
System errors:
=============
Error: (04/16/2015 01:54:31 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/16/2015 01:54:28 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (04/16/2015 01:54:15 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.

Error: (04/16/2015 01:54:15 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.

Error: (04/16/2015 01:54:15 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.

Error: (04/16/2015 01:54:15 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume New Volume.

Error: (04/16/2015 01:54:15 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume New Volume.

Error: (04/16/2015 01:54:15 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.

Error: (04/16/2015 01:54:15 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.

Error: (04/16/2015 01:54:15 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume New Volume.
Click to expand...
I believe your main problems are due to a bad hard drive. That bad block contain corrupted information and the system can't read and write to it.

You need to replace your hard drive. Soon you will not be able to boot at all.
 
S

shadowbird1

Thread Starter
Joined
Apr 8, 2014
Messages
16
Which hard drive? I have C and D. I think I'm booting from C? D was from my old PC that the motherboard crashed, so a friend gave me another PC and put D in it so that I could access my files.
 
JSntgRvr

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
I believe it is C: as it is identified as disk 0.

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0A0E870F)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
Click to expand...
 
S

shadowbird1

Thread Starter
Joined
Apr 8, 2014
Messages
16
I'm trying to see in the reports where those are, but I only see it in your post. Which report contained the errors? I have to show it to the person who's going to help me, as he gave me the drive that's not working.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Total: 354 (members: 5, guests: 349)
Top