1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Virus (cannot use see Task Mgr, Cannot use Sys Restore, cannot view videos)

Discussion in 'Virus & Other Malware Removal' started by shadowbird1, Apr 10, 2015.

Thread Status:
Not open for further replies.
Page 1 of 2
Advertisement
  1. shadowbird1

    shadowbird1 Thread Starter

    Joined:
    Apr 8, 2014
    Messages:
    16
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz, Intel64 Family 6 Model 15 Stepping 6
    Processor Count: 2
    RAM: 4029 Mb
    Graphics Card: NVIDIA GeForce GTX 550 Ti, 1024 Mb
    Hard Drives: C: Total - 953867 MB, Free - 652121 MB; D: Total - 953867 MB, Free - 708386 MB; G: Total - 953835 MB, Free - 393958 MB;
    Motherboard: Dell Inc., 0WG855
    Antivirus: Microsoft Security Essentials, Updated and Enabled


    Virus (cannot use see Task Mgr for some time now, and today could not view many videos and could not upload a photo online to Fotor, so I tried Sys Restore but there are no older restore points anymore, all signs of a virus.

    I use my computer for a work-from-home job, please help! Thank you!
     
    shadowbird1, Apr 10, 2015
    #1
  3. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Welcome :)

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The tool will also produce another log (Addition.txt ). Please attach this to your reply.
     
    JSntgRvr, Apr 10, 2015
    #2
  4. shadowbird1

    shadowbird1 Thread Starter

    Joined:
    Apr 8, 2014
    Messages:
    16
    Thank you!!

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
    Ran by User (administrator) on USER-PC on 10-04-2015 15:21:48
    Running from C:\Users\User\Documents\Downloads
    Loaded Profiles: User & UpdatusUser (Available profiles: User & UpdatusUser & GUESST & Guest)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Remote Monitoring) C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe
    (Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
    (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
    (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
    (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    (Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
    HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE [83232 2009-06-22] (Corel Corporation)
    HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2771832 2012-12-07] (Intuit Inc. All rights reserved.)
    HKLM-x32\...\Run: [{3d15bcb9-4efe-7331-f703-765b082d3056}] => "C:\Users\User\AppData\Local\Microsoft\{3d15bcb9-4efe-7331-f703-765b082d3056}\{3d15bcb9-4efe-7331-f703-765b082d3056}.exe"
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1064144 2015-03-06] (Carbonite, Inc.)
    HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
    HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKLM\...\Policies\Explorer\Run: [{3d15bcb9-4efe-7331-f703-765b082d3056}] => "C:\Users\User\AppData\Local\Microsoft\{3d15bcb9-4efe-7331-f703-765b082d3056}\{3d15bcb9-4efe-7331-f703-765b082d3056}.exe" No File
    HKU\S-1-5-21-746067525-1558049871-804338415-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-03-17] (Spotify Ltd)
    HKU\S-1-5-21-746067525-1558049871-804338415-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
    HKU\S-1-5-21-746067525-1558049871-804338415-1000\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-746067525-1558049871-804338415-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
    AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
    ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
    ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
    ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
    ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
    ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
    ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
    ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
    GroupPolicyUsers\S-1-5-21-746067525-1558049871-804338415-1005\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-746067525-1558049871-804338415-1001\User: Group Policy restriction detected <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-746067525-1558049871-804338415-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKU\S-1-5-21-746067525-1558049871-804338415-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
    SearchScopes: HKU\S-1-5-21-746067525-1558049871-804338415-1000 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-746067525-1558049871-804338415-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-746067525-1558049871-804338415-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.com/search?q={searchTerms}
    BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
    BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
    Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2013-04-08] (pdfforge GmbH)
    Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-03-29] (Belarc, Inc.)
    Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2013-10-23] (Intuit, Inc.)
    Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sa6l437v.default
    FF Keyword.URL:
    FF DefaultSearchEngine: Google
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://www.bing.com/?pc=COSP&ptag=D011515-A510D0E105D5B4CC49CF&form=CONMHP&conlogo=CT3330941
    FF NewTab: hxxp://www.bing.com/?pc=COSP&ptag=D011515-A510D0E105D5B4CC49CF&form=CONMHP&conlogo=CT3330941
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-04-10] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-04-10] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
    FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-04-23] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-04-23] (Foxit Corporation)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
    FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-08-26]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - c:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\FirefoxExtension
    FF Extension: Copy To Wordperfect Lightning - c:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\FirefoxExtension [2013-10-02]

    Chrome:
    =======
    CHR HomePage: Default -> https://www.google.com/
    CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-25]
    CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-25]
    CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-25]
    CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-25]
    CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-01]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
    CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
    CHR Extension: (Better Pop Up Blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic [2013-09-15]
    CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-25]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Advanced Monitoring Agent; C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe [8417280 2015-03-09] (Remote Monitoring) [File not signed]
    R2 Carbonite-Mirror-Image-Svc; C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe [6728256 2014-09-08] (Carbonite, Inc.)
    S4 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2013-04-08] (CrashPlan) [File not signed]
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)
    R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
    R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
    R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-02-01] (Intuit) [File not signed]
    S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
    R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
    S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
    R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx64.sys [34512 2015-01-22] ()
    S1 fipjpwpk; \??\C:\Windows\system32\drivers\fipjpwpk.sys [X]
    S1 gsqznytp; \??\C:\Windows\system32\drivers\gsqznytp.sys [X]
    S1 ncvtgjod; \??\C:\Windows\system32\drivers\ncvtgjod.sys [X]
    S1 rdvdyxbz; \??\C:\Windows\system32\drivers\rdvdyxbz.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-10 15:21 - 2015-04-10 15:21 - 00000000 ____D () C:\FRST
    2015-04-09 22:57 - 2015-04-09 22:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BetterJPEG 3
    2015-04-09 22:57 - 2015-04-09 22:57 - 00000000 ____D () C:\Program Files (x86)\BetterJPEG 3
    2015-04-09 01:23 - 2015-04-09 01:23 - 00000000 ____D () C:\Windows\TempC1BC189A-D115-3887-7B15-1C8146B44631-Signatures
    2015-04-09 01:22 - 2015-04-09 01:22 - 00000000 ____D () C:\Windows\TempB915189C-2422-F721-74A4-C64F40B0A9F0-Signatures
    2015-04-08 17:57 - 2015-04-08 17:57 - 00002142 _____ () C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
    2015-04-08 17:57 - 2015-04-08 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
    2015-04-05 11:25 - 2015-04-05 11:27 - 00000000 ___SD () C:\Windows\system32\GWX
    2015-04-05 11:25 - 2015-04-05 11:25 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
    2015-04-05 02:06 - 2015-04-05 02:06 - 00000000 ____D () C:\Windows\Temp92668F6F-84FD-8BFD-3CF5-B7A7B003AB5A-Signatures
    2015-04-05 02:02 - 2015-04-05 02:02 - 00000000 ____D () C:\Windows\Temp0CCA61D7-8D38-F48D-8E94-62F1187AE275-Signatures
    2015-04-04 13:37 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2015-04-04 13:37 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2015-04-04 13:37 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-04-04 13:37 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2015-04-04 13:37 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2015-04-04 13:37 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2015-04-04 13:37 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2015-04-04 13:37 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2015-04-04 13:37 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2015-04-04 13:37 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2015-04-04 13:37 - 2015-01-28 23:23 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-04-04 13:37 - 2015-01-28 23:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-04-04 13:37 - 2015-01-28 23:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-04-04 13:37 - 2015-01-28 23:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-04-04 13:37 - 2015-01-28 23:05 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-04-04 13:37 - 2015-01-28 23:05 - 03917752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-04-04 13:36 - 2015-01-28 23:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-04-04 13:36 - 2015-01-28 23:19 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-04-04 13:36 - 2015-01-28 23:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-04-04 13:36 - 2015-01-28 23:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-04-04 13:36 - 2015-01-28 22:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-04-04 13:35 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-04-04 13:35 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-04-04 13:35 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-04-04 13:35 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-04-04 13:35 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-04-04 13:35 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-04-04 13:35 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-04-04 13:35 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-04-04 13:35 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-04-04 13:35 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-04-04 13:35 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-04-04 13:35 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-04-04 13:35 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-04-04 13:35 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-04-04 13:35 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-04-04 13:35 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-04-04 13:35 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-04-04 13:35 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-04-04 13:35 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-04-04 13:35 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-04-04 13:35 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-04-04 13:35 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-04-04 13:35 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-04-04 13:35 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-04-04 13:35 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-04-04 13:35 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-04-04 13:35 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-04-04 13:35 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-04-04 13:35 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-04-04 13:35 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-04-04 13:35 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-04-04 13:35 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
    2015-04-04 13:35 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
    2015-04-04 13:35 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-04-04 13:30 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-04-04 13:30 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-04-04 13:30 - 2015-01-30 23:48 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2015-04-04 13:30 - 2015-01-30 23:05 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2015-04-04 13:30 - 2015-01-30 23:04 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
    2015-04-04 13:30 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2015-04-04 13:30 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2015-04-04 01:33 - 2015-04-04 01:33 - 00000000 ____D () C:\Windows\TempB2E25CAB-9272-B08F-6265-EE2F5A1AAEF7-Signatures
    2015-04-04 01:16 - 2015-04-04 01:16 - 00000000 ____D () C:\Windows\TempEE615185-528A-1BFB-0228-9AD54592B356-Signatures
    2015-04-04 01:14 - 2015-04-09 22:35 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-04-04 01:08 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-04-04 01:08 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-04-04 01:08 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-04-04 01:08 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-04-04 01:08 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-04-04 01:08 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-04-04 01:08 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-04-04 01:07 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-04-04 01:07 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-04-04 01:07 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-04-04 01:07 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-04-04 01:07 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-04-04 01:07 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-04-04 01:07 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-04-04 01:07 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-04-04 01:07 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-04-04 01:07 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-04-04 01:07 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-04-04 01:07 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-04-04 01:07 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-04-04 01:07 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-04-04 01:07 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-04-04 01:07 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-04-04 01:07 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-04-04 01:07 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-04-04 01:07 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-04-04 01:07 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-04-04 01:07 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-04-04 01:07 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-04-04 01:07 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-04-04 01:07 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-04-04 01:07 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-04-04 01:07 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-04-04 01:07 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-04-04 01:07 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-04-04 01:07 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-04-04 01:07 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-04-04 01:07 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-04-04 01:07 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-04-04 01:07 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-04-04 01:07 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-04-04 01:07 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-04-04 01:07 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-04-04 01:07 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-04-04 01:07 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-04-04 01:07 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-04-04 01:07 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-04-04 01:07 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-04-04 01:07 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-04-04 01:07 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-04-04 01:07 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-04-04 01:07 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-04-04 01:07 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-04-04 01:07 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-04-04 01:07 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-04-04 01:07 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-04-04 01:01 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    2015-04-04 01:01 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2015-04-01 01:52 - 2015-04-01 01:52 - 00000000 ____D () C:\Windows\TempB82C91F8-065F-9555-132C-168C4D528F5B-Signatures
    2015-04-01 01:50 - 2015-04-01 01:51 - 00000000 ____D () C:\Windows\TempEE8B841A-F616-4367-5C5D-B596FB0636A8-Signatures
    2015-03-29 04:03 - 2015-03-29 04:03 - 00001610 _____ () C:\Windows\system32\fixvss.bat
    2015-03-24 21:40 - 2015-03-24 21:40 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-03-20 01:34 - 2015-03-20 01:34 - 00000000 ____D () C:\Users\User\AppData\Local\pdfforge
    2015-03-20 01:34 - 2015-03-20 01:34 - 00000000 ____D () C:\Users\User\AppData\Local\PDFCreator
    2015-03-14 01:50 - 2015-03-14 01:51 - 00000000 ____D () C:\Program Files\PDFCreator
    2015-03-14 01:50 - 2015-03-14 01:50 - 00000846 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
    2015-03-14 01:50 - 2015-03-14 01:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\pdfforge
    2015-03-14 01:50 - 2015-03-14 01:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
    2015-03-14 01:50 - 2015-01-22 16:14 - 00114872 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
    2015-03-12 20:02 - 2015-03-12 20:02 - 00000000 ____D () C:\Users\User\AppData\Roaming\TeamViewer

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-10 15:13 - 2013-09-15 13:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-04-10 14:30 - 2014-05-27 01:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-04-10 14:23 - 2013-08-21 15:16 - 00000000 ____D () C:\Program Files (x86)\Advanced Monitoring Agent
    2015-04-10 14:13 - 2013-09-15 13:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-04-10 12:56 - 2013-08-19 01:40 - 01521124 _____ () C:\Windows\WindowsUpdate.log
    2015-04-10 10:26 - 2009-07-14 01:13 - 00779266 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-04-10 10:26 - 2009-07-14 00:45 - 00027360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-04-10 10:26 - 2009-07-14 00:45 - 00027360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-04-10 10:17 - 2013-08-24 20:27 - 00078293 _____ () C:\Windows\setupact.log
    2015-04-10 10:17 - 2013-08-18 23:03 - 00000000 ____D () C:\ProgramData\NVIDIA
    2015-04-10 10:17 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-04-10 01:30 - 2014-05-27 01:25 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-04-10 01:30 - 2014-05-27 01:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-04-10 01:30 - 2014-05-27 01:25 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-04-09 22:37 - 2013-10-02 21:43 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Swift Sound
    2015-04-09 20:04 - 2013-10-03 00:39 - 00000952 ___SH () C:\ProgramData\KGyGaAvL.sys
    2015-04-09 20:04 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
    2015-04-09 18:42 - 2009-07-14 00:45 - 00324160 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-04-09 10:14 - 2013-08-26 14:15 - 00165666 _____ () C:\Windows\PFRO.log
    2015-04-09 01:24 - 2013-08-21 14:43 - 00002113 _____ () C:\Windows\epplauncher.mif
    2015-04-08 18:04 - 2013-12-16 11:30 - 00000000 ____D () C:\Program Files\Carbonite
    2015-04-08 17:57 - 2013-12-16 11:30 - 00004140 _____ () C:\Windows\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}
    2015-04-07 18:03 - 2009-07-14 01:08 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-04-07 00:06 - 2013-09-24 21:04 - 00000000 ____D () C:\Users\User\Documents\GROUPON
    2015-04-05 13:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
    2015-04-05 11:28 - 2014-09-14 11:32 - 00078112 _____ () C:\Users\GUESST\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-04-04 01:33 - 2013-08-18 23:12 - 00000000 ____D () C:\Windows\system32\MRT
    2015-04-04 01:17 - 2013-08-18 23:12 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-04-03 21:10 - 2013-09-02 18:53 - 00000000 ____D () C:\Users\User\Documents\TRAVEL
    2015-04-02 01:35 - 2014-06-21 16:49 - 00000441 _____ () C:\backup.status
    2015-04-01 23:47 - 2014-02-25 00:12 - 00000000 ____D () C:\Users\User\Desktop\TAPPING SEMINAR
    2015-03-30 01:56 - 2013-10-03 00:39 - 00000000 ____D () C:\Users\User\AppData\Roaming\Corel
    2015-03-29 02:38 - 2013-11-17 13:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotify
    2015-03-28 22:19 - 2013-11-17 13:18 - 00000000 ____D () C:\Users\User\AppData\Local\Spotify
    2015-03-25 12:27 - 2014-07-01 00:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-03-24 21:40 - 2014-07-01 01:32 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-03-24 21:40 - 2014-07-01 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-03-17 06:15 - 2014-07-01 00:29 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-03-17 06:15 - 2014-07-01 00:29 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-03-17 06:15 - 2014-07-01 00:29 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-03-17 01:22 - 2013-10-13 21:50 - 00078112 _____ () C:\Users\User\AppData\Roaming\GDIPFONTCACHEV1.DAT
    2015-03-12 22:15 - 2013-08-21 13:18 - 00078112 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-03-12 20:02 - 2013-08-21 15:17 - 00000000 ____D () C:\Program Files (x86)\TeamViewer

    ==================== Files in the root of some directories =======

    2013-10-02 21:43 - 2011-03-15 22:40 - 0867400 _____ (NCH Software) C:\Program Files (x86)\essetup[1]_v5.13.exe
    2013-10-02 21:33 - 2011-03-15 22:58 - 1487364 _____ (NCH Software) C:\Program Files (x86)\scribe.exe
    2014-03-01 02:25 - 2014-03-01 02:37 - 0002272 _____ () C:\Users\User\AppData\Roaming\AutoTagLog.log
    2014-03-01 02:20 - 2014-03-01 21:29 - 0000870 _____ () C:\Users\User\AppData\Roaming\RegistrationLog.log
    2014-03-01 02:20 - 2014-03-02 22:12 - 0027251 _____ () C:\Users\User\AppData\Roaming\ReplayMusicLog.log
    2015-01-22 01:05 - 2015-01-22 01:05 - 0001181 _____ () C:\Users\User\AppData\Roaming\trace_FilterInstaller.txt
    2015-01-22 01:05 - 2015-01-22 01:05 - 0000000 _____ () C:\Users\User\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
    2015-01-11 23:12 - 2015-01-11 23:12 - 0003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-08-21 13:21 - 2013-10-06 21:46 - 0007626 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
    2013-09-22 16:28 - 2013-09-22 16:28 - 0000000 _____ () C:\Users\User\AppData\Local\Schedule8.dat
    2013-10-03 00:39 - 2015-04-09 20:04 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
    2013-09-15 22:49 - 2014-09-15 14:03 - 0000770 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

    Some content of TEMP:
    ====================
    C:\Users\User\AppData\Local\Temp\burnsetup.exe
    C:\Users\User\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
    C:\Users\User\AppData\Local\Temp\SpOrder.dll
    C:\Users\User\AppData\Local\Temp\stsetup.exe


    Some zero byte size files/folders:
    ==========================
    C:\Windows\System32\jupsf.dll

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-04-04 19:40

    ==================== End Of Log ============================
     

    Attached Files:

    shadowbird1, Apr 10, 2015
    #3
  5. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    The Event Viewer shows problems with your hard drive. Run CHKDSK in the Recovery Environment.

    Enter the System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
      To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html


      To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    • On the System Recovery Options menu you will get the following options:
    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt
    • Select Command Prompt

      Once in the Command Prompt:

    • Type in the following and press Enter.
      .
      bcdedit | find "osdevice"​

    • Note the osdevice partition letter, then type.

      CHKDSK X: /R​

    • Where X is the osdevice letter, and press Enter
    • The tool will start to run.

    Upon finished, type exit and press Enter. Restart the computer

    Let me know the outcome.

    Please download the attached file and save it in the same directory as FRST.
    • Start FRST with Administrator privileges.
    • Press the Fix button.
    • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
      Please copy and paste its contents in your next reply.
     

    Attached Files:

    JSntgRvr, Apr 10, 2015
    #4
  6. shadowbird1

    shadowbird1 Thread Starter

    Joined:
    Apr 8, 2014
    Messages:
    16
    THANK YOU! When I clicked on the link for Tech Support Guy this time, something like a pop up stopper or something else downloaded real quick to my PC.


    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-04-2015
    Ran by User at 2015-04-14 01:13:02 Run:2
    Running from C:\Users\User\Documents\Downloads
    Loaded Profiles: User & UpdatusUser (Available profiles: User & UpdatusUser & GUESST & Guest)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKLM-x32\...\Run: [{3d15bcb9-4efe-7331-f703-765b082d3056}] => "C:\Users\User\AppData\Local\Microsoft\{3d15bcb9-4efe-7331-f703-765b082d3056}\{3d15bcb9-4efe-7331-f703-765b082d3056}.exe"
    HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
    HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKLM\...\Policies\Explorer\Run: [{3d15bcb9-4efe-7331-f703-765b082d3056}] => "C:\Users\User\AppData\Local\Microsoft\{3d15bcb9-4efe-7331-f703-765b082d3056}\{3d15bcb9-4efe-7331-f703-765b082d3056}.exe" No File
    HKU\S-1-5-21-746067525-1558049871-804338415-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
    AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
    GroupPolicyUsers\S-1-5-21-746067525-1558049871-804338415-1005\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-746067525-1558049871-804338415-1001\User: Group Policy restriction detected <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-746067525-1558049871-804338415-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    S1 fipjpwpk; \??\C:\Windows\system32\drivers\fipjpwpk.sys [X]
    S1 gsqznytp; \??\C:\Windows\system32\drivers\gsqznytp.sys [X]
    S1 ncvtgjod; \??\C:\Windows\system32\drivers\ncvtgjod.sys [X]
    S1 rdvdyxbz; \??\C:\Windows\system32\drivers\rdvdyxbz.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    C:\Windows\System32\jupsf.dll
    C:\Users\User\AppData\Local\Temp\burnsetup.exe
    C:\Users\User\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
    C:\Users\User\AppData\Local\Temp\SpOrder.dll
    C:\Users\User\AppData\Local\Temp\stsetup.exe
    C:\Windows\system32\kqyhvh.dll
    Task: {0C059062-6F12-4746-BAF1-034FA6BCC6F3} - System32\Tasks\{D02E6D92-03DF-EE7C-14C7-03B945F20A47} => C:\Windows\system32\kqyhvh.dll/s "C:\Windows\system32\kqyhvh.dll"
    Task: {399406A4-C529-46FF-9860-29A29849ED6D} - System32\Tasks\{0B287664-9A85-413B-8A11-FF07EDE3FB9B} => pcalua.exe -a "C:\Users\User\Downloads\Clean Install Tool.exe" -d C:\Users\User\Downloads
    Task: {451D340D-74F0-48EE-B443-429751731B78} - System32\Tasks\{2717DD4A-547F-4271-B63F-4DD58D006CAE} => pcalua.exe -a E:\setup.exe -d E:\
    Task: {5251B5D8-FD25-4315-A710-BC30EBA5EAC1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
    CMD: Type C:\Windows\system32\fixvss.bat
    EmptyTemp:







    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\{3d15bcb9-4efe-7331-f703-765b082d3056} => Value not found.
    HKLM => Group Policy Restriction on software not found.
    HKLM => Group Policy Restriction on software not found.
    HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => Key not found.
    HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{3d15bcb9-4efe-7331-f703-765b082d3056} => Value not found.
    HKU\S-1-5-21-746067525-1558049871-804338415-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => Value not found.
    "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data not found.
    "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value Data not found.
    "C:\Windows\system32\GroupPolicyUsers\S-1-5-21-746067525-1558049871-804338415-1005\User" => File/Directory not found.
    "C:\Windows\system32\GroupPolicyUsers\S-1-5-21-746067525-1558049871-804338415-1001\User" => File/Directory not found.
    HKU\S-1-5-21-746067525-1558049871-804338415-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    fipjpwpk => Service not found.
    gsqznytp => Service not found.
    ncvtgjod => Service not found.
    rdvdyxbz => Service not found.
    VGPU => Service not found.
    "C:\Windows\System32\jupsf.dll" => File/Directory not found.
    "C:\Users\User\AppData\Local\Temp\burnsetup.exe" => File/Directory not found.
    "C:\Users\User\AppData\Local\Temp\Foxit PhantomPDF Updater.exe" => File/Directory not found.
    "C:\Users\User\AppData\Local\Temp\SpOrder.dll" => File/Directory not found.
    "C:\Users\User\AppData\Local\Temp\stsetup.exe" => File/Directory not found.
    "C:\Windows\system32\kqyhvh.dll" => File/Directory not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C059062-6F12-4746-BAF1-034FA6BCC6F3} => Key not found.
    C:\Windows\System32\Tasks\{D02E6D92-03DF-EE7C-14C7-03B945F20A47} not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D02E6D92-03DF-EE7C-14C7-03B945F20A47} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{399406A4-C529-46FF-9860-29A29849ED6D} => Key not found.
    C:\Windows\System32\Tasks\{0B287664-9A85-413B-8A11-FF07EDE3FB9B} not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0B287664-9A85-413B-8A11-FF07EDE3FB9B} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{451D340D-74F0-48EE-B443-429751731B78} => Key not found.
    C:\Windows\System32\Tasks\{2717DD4A-547F-4271-B63F-4DD58D006CAE} not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2717DD4A-547F-4271-B63F-4DD58D006CAE} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5251B5D8-FD25-4315-A710-BC30EBA5EAC1} => Key not found.
    C:\Windows\System32\Tasks\CCleanerSkipUAC not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => Key not found.

    ========= Type C:\Windows\system32\fixvss.bat =========

    @echo off
    setlocal
    set SYS32=%SYSTEMROOT%\System32
    set REGSVR=%SYS32%\regsvr32
    set SVCCTL=%SYS32%\sc.exe
    set VSSVC=%SYS32%\Vssvc.exe

    @echo Shutting down services being configured.
    %SVCCTL% stop vss 2>>1 >>fixvss.log
    %SVCCTL% stop swprv 2>>1 >>fixvss.log

    @echo Restoring relevant shadow services to original startup configs.
    %SVCCTL% config vss start= demand 2>>1 >>fixvss.log
    %SVCCTL% config swprv start= demand 2>>1 >>fixvss.log
    %SVCCTL% config termservice start= auto 2>>1 >>fixvss.log
    %SVCCTL% config EventSystem start= auto 2>>1 >>fixvss.log

    if "%PROCESSOR_ARCHITECTURE%" != "x86" goto X64
    %SVCCTL% config RpcSs start= auto 2>>1 >>fixvss.log
    pushd %SYS32%
    echo Registering critical x86 VSS services
    %REGSVR% /s %SYS32%\ole32.dll 2>>1 >>fixvss.log
    %REGSVR% /s %SYS32%\oleaut32.dll 2>>1 >>fixvss.log
    %REGSVR% /s %SYS32%\vss_ps.dll 2>>1 >>fixvss.log
    %VSSVC% /Register 2>>1 >>fixvss.log
    %REGSVR% /s /i %SYS32%\swprv.dll 2>>1 >>fixvss.log
    %REGSVR% /s /i %SYS32%\eventcls.dll 2>>1 >>fixvss.log
    %REGSVR% /s %SYS32%\es.dll 2>>1 >>fixvss.log
    %REGSVR% /s %SYS32%\stdprov.dll 2>>1 >>fixvss.log
    %REGSVR% /s %SYS32%\msxml.dll 2>>1 >>fixvss.log
    %REGSVR% /s %SYS32%\msxml3.dll 2>>1 >>fixvss.log
    %REGSVR% /s %SYS32%\msxml4.dll 2>>1 >>fixvss.log
    %SYS32%\msdtc.exe -resetlog 2>>1 >>fixvss.log
    popd
    goto END
    :X64
    echo No X64 services to affect 2>>1 >>fixvss.log
    :END
    endlocal

    ========= End of CMD: =========

    EmptyTemp: => Removed 6.4 GB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 01:13:44 ====
     
    shadowbird1, Apr 14, 2015
    #5
  7. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Did CHKDSK find problems?

    Please re-scan with FRST and post the resulting FRST.txt and Addition.txt.

    How is the computer doing?
     
    JSntgRvr, Apr 14, 2015
    #6
  8. shadowbird1

    shadowbird1 Thread Starter

    Joined:
    Apr 8, 2014
    Messages:
    16
    It's the same. When I reboot, quite often it says I need to do a system restore, then it says it can't. When I try to do a restore separately, there are no dates to restore, and there should be several dates. I also still cannot play some videos. I will rescan and post it.
     
    shadowbird1, Apr 14, 2015
    #7
  9. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Did you run CHKDSK on the Recovery Environment as requested? If so, any errors found?
     
    JSntgRvr, Apr 14, 2015
    #8
  10. shadowbird1

    shadowbird1 Thread Starter

    Joined:
    Apr 8, 2014
    Messages:
    16
    I ran CHKDSK according to your instructions. I thought the report was supposed to show the errors. Is there a CHKDSK log somewhere that I should look at?
     
    shadowbird1, Apr 14, 2015
    #9
  11. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Not in the Recovery Environment.

    Please re-run FRST and post its reports.
     
    JSntgRvr, Apr 15, 2015
    #10
  12. shadowbird1

    shadowbird1 Thread Starter

    Joined:
    Apr 8, 2014
    Messages:
    16
    THANK YOU!

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04
    Ran by User (administrator) on USER-PC on 16-04-2015 01:50:26
    Running from C:\Users\User\Documents\Downloads
    Loaded Profiles: User & UpdatusUser (Available profiles: User & UpdatusUser & GUESST & Guest)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Remote Monitoring) C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe
    (Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
    (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
    (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
    (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    (Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
    (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)
    HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE [83232 2009-06-22] (Corel Corporation)
    HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2771832 2012-12-07] (Intuit Inc. All rights reserved.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1064144 2015-03-06] (Carbonite, Inc.)
    HKU\S-1-5-21-746067525-1558049871-804338415-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-03-17] (Spotify Ltd)
    HKU\S-1-5-21-746067525-1558049871-804338415-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
    ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
    ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
    ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
    ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
    ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
    ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
    ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-746067525-1558049871-804338415-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKU\S-1-5-21-746067525-1558049871-804338415-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
    SearchScopes: HKU\S-1-5-21-746067525-1558049871-804338415-1000 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-746067525-1558049871-804338415-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.com/search?q={searchTerms}
    BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
    BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
    Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2013-04-08] (pdfforge GmbH)
    Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-03-29] (Belarc, Inc.)
    Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2013-10-23] (Intuit, Inc.)
    Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sa6l437v.default
    FF Keyword.URL:
    FF DefaultSearchEngine: Google
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://www.bing.com/?pc=COSP&ptag=D011515-A510D0E105D5B4CC49CF&form=CONMHP&conlogo=CT3330941
    FF NewTab: hxxp://www.bing.com/?pc=COSP&ptag=D011515-A510D0E105D5B4CC49CF&form=CONMHP&conlogo=CT3330941
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
    FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-04-23] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-04-23] (Foxit Corporation)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
    FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-08-26]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - c:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\FirefoxExtension
    FF Extension: Copy To Wordperfect Lightning - c:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\FirefoxExtension [2013-10-02]

    Chrome:
    =======
    CHR HomePage: Default -> https://www.google.com/
    CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-25]
    CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-25]
    CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-25]
    CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-25]
    CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-01]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
    CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
    CHR Extension: (Better Pop Up Blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic [2013-09-15]
    CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-25]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Advanced Monitoring Agent; C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe [8417280 2015-03-09] (Remote Monitoring) [File not signed]
    R2 Carbonite-Mirror-Image-Svc; C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe [6728256 2014-09-08] (Carbonite, Inc.)
    S4 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2013-04-08] (CrashPlan) [File not signed]
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)
    R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
    R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
    R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-02-01] (Intuit) [File not signed]
    S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
    R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
    S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
    R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx64.sys [34512 2015-01-22] ()

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-15 00:59 - 2015-04-15 01:02 - 00000000 ____D () C:\Users\User\Desktop\JENNIFER
    2015-04-10 15:21 - 2015-04-16 01:50 - 00000000 ____D () C:\FRST
    2015-04-09 22:57 - 2015-04-09 22:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BetterJPEG 3
    2015-04-09 22:57 - 2015-04-09 22:57 - 00000000 ____D () C:\Program Files (x86)\BetterJPEG 3
    2015-04-09 01:23 - 2015-04-09 01:23 - 00000000 ____D () C:\Windows\TempC1BC189A-D115-3887-7B15-1C8146B44631-Signatures
    2015-04-09 01:22 - 2015-04-09 01:22 - 00000000 ____D () C:\Windows\TempB915189C-2422-F721-74A4-C64F40B0A9F0-Signatures
    2015-04-08 17:57 - 2015-04-08 17:57 - 00002142 _____ () C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
    2015-04-08 17:57 - 2015-04-08 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
    2015-04-05 11:25 - 2015-04-05 11:27 - 00000000 ___SD () C:\Windows\system32\GWX
    2015-04-05 11:25 - 2015-04-05 11:25 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
    2015-04-05 02:06 - 2015-04-05 02:06 - 00000000 ____D () C:\Windows\Temp92668F6F-84FD-8BFD-3CF5-B7A7B003AB5A-Signatures
    2015-04-05 02:02 - 2015-04-05 02:02 - 00000000 ____D () C:\Windows\Temp0CCA61D7-8D38-F48D-8E94-62F1187AE275-Signatures
    2015-04-04 13:37 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2015-04-04 13:37 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2015-04-04 13:37 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-04-04 13:37 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2015-04-04 13:37 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2015-04-04 13:37 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2015-04-04 13:37 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2015-04-04 13:37 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2015-04-04 13:37 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2015-04-04 13:37 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2015-04-04 13:37 - 2015-01-28 23:23 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-04-04 13:37 - 2015-01-28 23:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-04-04 13:37 - 2015-01-28 23:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-04-04 13:37 - 2015-01-28 23:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-04-04 13:37 - 2015-01-28 23:05 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-04-04 13:37 - 2015-01-28 23:05 - 03917752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-04-04 13:36 - 2015-01-28 23:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-04-04 13:36 - 2015-01-28 23:19 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-04-04 13:36 - 2015-01-28 23:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-04-04 13:36 - 2015-01-28 23:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-04-04 13:36 - 2015-01-28 22:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-04-04 13:35 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-04-04 13:35 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-04-04 13:35 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-04-04 13:35 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-04-04 13:35 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-04-04 13:35 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-04-04 13:35 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-04-04 13:35 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-04-04 13:35 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-04-04 13:35 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-04-04 13:35 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-04-04 13:35 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-04-04 13:35 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-04-04 13:35 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-04-04 13:35 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-04-04 13:35 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-04-04 13:35 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-04-04 13:35 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-04-04 13:35 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-04-04 13:35 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-04-04 13:35 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-04-04 13:35 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-04-04 13:35 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-04-04 13:35 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-04-04 13:35 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-04-04 13:35 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-04-04 13:35 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-04-04 13:35 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-04-04 13:35 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-04-04 13:35 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-04-04 13:35 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-04-04 13:35 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
    2015-04-04 13:35 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
    2015-04-04 13:35 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-04-04 13:30 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-04-04 13:30 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-04-04 13:30 - 2015-01-30 23:48 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2015-04-04 13:30 - 2015-01-30 23:05 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2015-04-04 13:30 - 2015-01-30 23:04 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
    2015-04-04 13:30 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2015-04-04 13:30 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2015-04-04 01:33 - 2015-04-04 01:33 - 00000000 ____D () C:\Windows\TempB2E25CAB-9272-B08F-6265-EE2F5A1AAEF7-Signatures
    2015-04-04 01:16 - 2015-04-04 01:16 - 00000000 ____D () C:\Windows\TempEE615185-528A-1BFB-0228-9AD54592B356-Signatures
    2015-04-04 01:14 - 2015-04-09 22:35 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-04-04 01:08 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-04-04 01:08 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-04-04 01:08 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-04-04 01:08 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-04-04 01:08 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-04-04 01:08 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-04-04 01:08 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-04-04 01:07 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-04-04 01:07 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-04-04 01:07 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-04-04 01:07 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-04-04 01:07 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-04-04 01:07 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-04-04 01:07 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-04-04 01:07 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-04-04 01:07 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-04-04 01:07 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-04-04 01:07 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-04-04 01:07 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-04-04 01:07 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-04-04 01:07 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-04-04 01:07 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-04-04 01:07 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-04-04 01:07 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-04-04 01:07 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-04-04 01:07 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-04-04 01:07 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-04-04 01:07 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-04-04 01:07 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-04-04 01:07 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-04-04 01:07 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-04-04 01:07 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-04-04 01:07 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-04-04 01:07 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-04-04 01:07 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-04-04 01:07 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-04-04 01:07 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-04-04 01:07 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-04-04 01:07 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-04-04 01:07 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-04-04 01:07 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-04-04 01:07 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-04-04 01:07 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-04-04 01:07 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-04-04 01:07 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-04-04 01:07 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-04-04 01:07 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-04-04 01:07 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-04-04 01:07 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-04-04 01:07 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-04-04 01:07 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-04-04 01:07 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-04-04 01:07 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-04-04 01:07 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-04-04 01:07 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-04-04 01:07 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-04-04 01:01 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    2015-04-04 01:01 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2015-04-01 01:52 - 2015-04-01 01:52 - 00000000 ____D () C:\Windows\TempB82C91F8-065F-9555-132C-168C4D528F5B-Signatures
    2015-04-01 01:50 - 2015-04-01 01:51 - 00000000 ____D () C:\Windows\TempEE8B841A-F616-4367-5C5D-B596FB0636A8-Signatures
    2015-03-29 04:03 - 2015-03-29 04:03 - 00001610 _____ () C:\Windows\system32\fixvss.bat
    2015-03-24 21:40 - 2015-03-24 21:40 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-03-20 01:34 - 2015-03-20 01:34 - 00000000 ____D () C:\Users\User\AppData\Local\pdfforge
    2015-03-20 01:34 - 2015-03-20 01:34 - 00000000 ____D () C:\Users\User\AppData\Local\PDFCreator

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-16 01:49 - 2013-10-02 21:43 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Swift Sound
    2015-04-16 01:30 - 2014-05-27 01:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-04-16 01:28 - 2013-08-21 15:16 - 00000000 ____D () C:\Program Files (x86)\Advanced Monitoring Agent
    2015-04-16 00:14 - 2013-09-15 13:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-04-15 22:36 - 2013-09-15 13:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-04-15 21:30 - 2014-05-27 01:25 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-04-15 21:30 - 2014-05-27 01:25 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-04-15 21:30 - 2014-05-27 01:25 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-04-15 18:24 - 2009-07-14 01:13 - 00779266 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-04-15 18:23 - 2009-07-14 00:45 - 00027360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-04-15 18:23 - 2009-07-14 00:45 - 00027360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-04-15 18:19 - 2013-08-19 01:40 - 01912170 _____ () C:\Windows\WindowsUpdate.log
    2015-04-15 18:16 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-04-15 18:15 - 2013-08-24 20:27 - 00078965 _____ () C:\Windows\setupact.log
    2015-04-15 18:15 - 2013-08-18 23:03 - 00000000 ____D () C:\ProgramData\NVIDIA
    2015-04-15 09:50 - 2013-10-03 00:39 - 00000952 ___SH () C:\ProgramData\KGyGaAvL.sys
    2015-04-15 09:50 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
    2015-04-14 01:24 - 2013-08-26 14:15 - 00166740 _____ () C:\Windows\PFRO.log
    2015-04-13 21:05 - 2013-10-07 10:44 - 00000008 __RSH () C:\Users\User\ntuser.pol
    2015-04-13 21:01 - 2014-09-07 16:57 - 00000008 __RSH () C:\ProgramData\ntuser.pol
    2015-04-13 20:18 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
    2015-04-09 18:42 - 2009-07-14 00:45 - 00324160 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-04-09 01:24 - 2013-08-21 14:43 - 00002113 _____ () C:\Windows\epplauncher.mif
    2015-04-08 18:04 - 2013-12-16 11:30 - 00000000 ____D () C:\Program Files\Carbonite
    2015-04-08 17:57 - 2013-12-16 11:30 - 00004140 _____ () C:\Windows\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}
    2015-04-07 18:03 - 2009-07-14 01:08 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-04-07 00:06 - 2013-09-24 21:04 - 00000000 ____D () C:\Users\User\Documents\GROUPON
    2015-04-05 13:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
    2015-04-05 11:28 - 2014-09-14 11:32 - 00078112 _____ () C:\Users\GUESST\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-04-04 01:33 - 2013-08-18 23:12 - 00000000 ____D () C:\Windows\system32\MRT
    2015-04-04 01:17 - 2013-08-18 23:12 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-04-03 21:10 - 2013-09-02 18:53 - 00000000 ____D () C:\Users\User\Documents\TRAVEL
    2015-04-02 01:35 - 2014-06-21 16:49 - 00000441 _____ () C:\backup.status
    2015-04-01 23:47 - 2014-02-25 00:12 - 00000000 ____D () C:\Users\User\Desktop\TAPPING SEMINAR
    2015-03-30 01:56 - 2013-10-03 00:39 - 00000000 ____D () C:\Users\User\AppData\Roaming\Corel
    2015-03-29 02:38 - 2013-11-17 13:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotify
    2015-03-28 22:19 - 2013-11-17 13:18 - 00000000 ____D () C:\Users\User\AppData\Local\Spotify
    2015-03-25 12:27 - 2014-07-01 00:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-03-24 21:40 - 2014-07-01 01:32 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-03-24 21:40 - 2014-07-01 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-03-17 06:15 - 2014-07-01 00:29 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-03-17 06:15 - 2014-07-01 00:29 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-03-17 06:15 - 2014-07-01 00:29 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-03-17 01:22 - 2013-10-13 21:50 - 00078112 _____ () C:\Users\User\AppData\Roaming\GDIPFONTCACHEV1.DAT

    ==================== Files in the root of some directories =======

    2013-10-02 21:43 - 2011-03-15 22:40 - 0867400 _____ (NCH Software) C:\Program Files (x86)\essetup[1]_v5.13.exe
    2013-10-02 21:33 - 2011-03-15 22:58 - 1487364 _____ (NCH Software) C:\Program Files (x86)\scribe.exe
    2014-03-01 02:25 - 2014-03-01 02:37 - 0002272 _____ () C:\Users\User\AppData\Roaming\AutoTagLog.log
    2014-03-01 02:20 - 2014-03-01 21:29 - 0000870 _____ () C:\Users\User\AppData\Roaming\RegistrationLog.log
    2014-03-01 02:20 - 2014-03-02 22:12 - 0027251 _____ () C:\Users\User\AppData\Roaming\ReplayMusicLog.log
    2015-01-22 01:05 - 2015-01-22 01:05 - 0001181 _____ () C:\Users\User\AppData\Roaming\trace_FilterInstaller.txt
    2015-01-22 01:05 - 2015-01-22 01:05 - 0000000 _____ () C:\Users\User\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
    2015-01-11 23:12 - 2015-01-11 23:12 - 0003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-08-21 13:21 - 2013-10-06 21:46 - 0007626 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
    2013-09-22 16:28 - 2013-09-22 16:28 - 0000000 _____ () C:\Users\User\AppData\Local\Schedule8.dat
    2013-10-03 00:39 - 2015-04-15 09:50 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
    2013-09-15 22:49 - 2014-09-15 14:03 - 0000770 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-04-15 01:20

    ==================== End Of Log ============================
     

    Attached Files:

    shadowbird1, Apr 16, 2015
    #11
  13. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    I believe your main problems are due to a bad hard drive. That bad block contain corrupted information and the system can't read and write to it.

    You need to replace your hard drive. Soon you will not be able to boot at all.
     
    JSntgRvr, Apr 16, 2015
    #12
  14. shadowbird1

    shadowbird1 Thread Starter

    Joined:
    Apr 8, 2014
    Messages:
    16
    Which hard drive? I have C and D. I think I'm booting from C? D was from my old PC that the motherboard crashed, so a friend gave me another PC and put D in it so that I could access my files.
     
    shadowbird1, Apr 23, 2015
    #13
  15. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    I believe it is C: as it is identified as disk 0.

     
    JSntgRvr, Apr 23, 2015
    #14
  16. shadowbird1

    shadowbird1 Thread Starter

    Joined:
    Apr 8, 2014
    Messages:
    16
    I'm trying to see in the reports where those are, but I only see it in your post. Which report contained the errors? I have to show it to the person who's going to help me, as he gave me the drive that's not working.
     
    shadowbird1, Apr 23, 2015
    #15

  17. Sponsor

Page 1 of 2
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Virus (cannot Task
  1. SaqibKhan

    New nppp virus

    SaqibKhan, Feb 23, 2020 at 8:40 AM, in forum: Virus & Other Malware Removal
    Replies:
    0
    Views:
    100
    SaqibKhan
    Feb 23, 2020 at 8:40 AM
  2. aslan777

    In Progress Remove Segurazo Antivirus

    aslan777, Feb 17, 2020, in forum: Virus & Other Malware Removal
    Replies:
    7
    Views:
    529
    DR.M
    Feb 23, 2020 at 4:50 AM
  3. christab88

    In Progress Anti-Virus Program

    christab88, Feb 8, 2020, in forum: Virus & Other Malware Removal
    Replies:
    1
    Views:
    302
    iMacg3
    Feb 8, 2020
  4. Pinkesh

    In Progress Segurazo antivirus uninstall

    Pinkesh, Feb 5, 2020, in forum: Virus & Other Malware Removal
    Replies:
    1
    Views:
    392
    iMacg3
    Feb 5, 2020
  5. jon100

    In Progress Search pulse.net virus

    jon100, Jan 1, 2020, in forum: Virus & Other Malware Removal
    Replies:
    4
    Views:
    664
    iMacg3
    Jan 7, 2020
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1146343

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice