Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My computer is infected

malware adware

  • This topic is locked This topic is locked

#1
Fiveroadies

Fiveroadies

    Member

  • Member
  • PipPip
  • 47 posts

My computer is infected.  I cleaned it up as much as I could manually.  I also ran spyhunter.  Thank you.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Kelly (administrator) on KELLY on 29-06-2015 21:27:28
Running from C:\Users\Kelly\Desktop
Loaded Profiles: Kelly (Available Profiles: Kelly & Guest)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-22] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [ospd_us_12] => [X]
HKU\S-1-5-21-3273066582-2917483218-166678392-1002\...\MountPoints2: {65dcf0c4-8bc0-11e4-bed8-001aa0aa3518} - "I:\DPFMate.exe" 
HKU\S-1-5-21-3273066582-2917483218-166678392-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [217088 2014-10-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-30] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-3273066582-2917483218-166678392-1002] => 127.0.0.1:8118
HKU\S-1-5-21-3273066582-2917483218-166678392-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://gosearch.me/...inst=1434328993
HKU\S-1-5-21-3273066582-2917483218-166678392-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...=1567164199&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...=1567164199&ir=
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/...inst=1434328993
SearchScopes: HKLM-x32 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/...inst=1434328993
SearchScopes: HKU\S-1-5-21-3273066582-2917483218-166678392-1002 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/...inst=1434328993
SearchScopes: HKU\S-1-5-21-3273066582-2917483218-166678392-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3273066582-2917483218-166678392-1002 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/...inst=1434328993
SearchScopes: HKU\S-1-5-21-3273066582-2917483218-166678392-1002 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = 
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-07] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 173.44.120.32 173.44.120.33
Tcpip\..\Interfaces\{506BF4D3-C4D7-456D-8831-8007431A92C9}: [DhcpNameServer] 173.44.120.32 173.44.120.33
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\ktxves6o.default
FF NetworkProxy: "type", 5
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3273066582-2917483218-166678392-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kelly\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-08] (Unity Technologies ApS)
FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\9c3edf8021c26304bfc00bdf685c8777 [2015-06-26]
 
Chrome: 
=======
CHR Profile: C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-13]
CHR Extension: (YouTube) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-13]
CHR Extension: (Google Search) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-07]
CHR Extension: (Google Wallet) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-13]
CHR Extension: (Gmail) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-13]
CHR HKLM\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-3273066582-2917483218-166678392-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-3273066582-2917483218-166678392-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.goo...ice/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-30] (Avast Software s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-22] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-22] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-22] (NVIDIA Corporation)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026944 2015-06-25] (Enigma Software Group USA, LLC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
S2 PrivoxyService; "C:\Program Files (x86)\IT Viewer\privoxy.exe" --service [X] <==== ATTENTION
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-30] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-30] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-30] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-30] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-30] ()
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-06-25] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-06-25] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-22] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 yeddef64; \SystemRoot\System32\Drivers\yeddef64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-28 21:17 - 2015-06-28 21:18 - 00024186 _____ C:\Users\Kelly\Desktop\Addition.txt
2015-06-28 21:16 - 2015-06-29 21:27 - 00014565 _____ C:\Users\Kelly\Desktop\FRST.txt
2015-06-28 21:14 - 2015-06-29 21:27 - 00000000 ____D C:\FRST
2015-06-28 21:14 - 2015-06-28 21:14 - 02112512 _____ (Farbar) C:\Users\Kelly\Desktop\FRST64.exe
2015-06-26 16:44 - 2015-06-29 17:41 - 00357027 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-25 16:35 - 2015-06-25 16:35 - 00001573 _____ C:\Users\Kelly\Documents\Reccommended programs!.txt
2015-06-25 16:08 - 2015-06-25 16:08 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Enigma Software Group
2015-06-25 16:07 - 2015-06-25 16:08 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-06-25 16:07 - 2015-06-25 16:07 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-06-25 16:07 - 2015-06-25 16:07 - 00003320 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2015-06-25 16:07 - 2015-06-25 16:07 - 00001063 _____ C:\Users\Kelly\Desktop\SpyHunter.lnk
2015-06-25 16:07 - 2015-06-25 16:07 - 00000000 ____D C:\sh4ldr
2015-06-25 16:07 - 2015-06-25 16:07 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-06-25 16:06 - 2015-06-25 16:06 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Kelly\Downloads\SpyHunter-Installer.exe
2015-06-25 16:05 - 2015-06-26 14:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-25 16:05 - 2015-06-25 16:05 - 00001171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-25 16:05 - 2015-06-25 16:05 - 00001159 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-25 16:05 - 2015-06-25 16:05 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Mozilla
2015-06-25 16:05 - 2015-06-25 16:05 - 00000000 ____D C:\Users\Kelly\AppData\Local\Mozilla
2015-06-25 16:05 - 2015-06-25 16:05 - 00000000 ____D C:\ProgramData\Mozilla
2015-06-25 16:05 - 2015-06-25 16:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-25 15:39 - 2015-06-25 15:39 - 00001459 _____ C:\Users\Kelly\Documents\Vineswig's quest storyline.txt
2015-06-22 16:11 - 2015-06-22 16:11 - 00006603 _____ C:\Users\Kelly\Documents\Vineswig's Quest- Trailer.wlmp
2015-06-21 15:27 - 2015-06-21 15:27 - 00000000 _____ C:\Users\Kelly\AppData\Roaming\FE9B.tmp
2015-06-19 13:12 - 2015-06-19 13:12 - 00003656 _____ C:\WINDOWS\System32\Tasks\Personal Computer Defender Viewer
2015-06-16 06:48 - 2015-06-25 20:43 - 00070144 _____ C:\WINDOWS\SysWOW64\tasks.dll
2015-06-15 18:29 - 2015-06-15 18:29 - 00000222 _____ C:\Users\Kelly\Desktop\RPG Maker VX Ace.url
2015-06-14 20:43 - 2015-06-27 14:15 - 00003252 _____ C:\WINDOWS\System32\Tasks\IT Viewer Viewer
2015-06-14 20:43 - 2015-06-26 14:28 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Updater
2015-06-14 20:43 - 2015-06-14 20:43 - 00003264 _____ C:\WINDOWS\System32\Tasks\Security Software
2015-06-11 19:42 - 2015-06-11 19:42 - 00000440 _____ C:\Users\Kelly\Documents\toxins startoff dialouge.txt
2015-06-11 18:48 - 2015-06-11 18:48 - 00000000 ____D C:\Users\Kelly\Downloads\OFF Translation v. 2.0
2015-06-07 13:55 - 2015-06-07 14:30 - 00000000 ____D C:\Users\Kelly\Downloads\$$$
2015-06-06 17:19 - 2015-06-06 17:19 - 00000000 ____D C:\Users\Kelly\Downloads\WolfysDewAdventure
2015-06-05 19:55 - 2015-06-06 15:11 - 00000000 ____D C:\Users\Kelly\Downloads\BBQ
2015-06-04 07:33 - 2015-06-04 07:33 - 00002149 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-06-04 07:33 - 2015-05-27 23:52 - 00571024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-06-04 07:30 - 2015-05-28 03:04 - 42719888 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-06-04 07:30 - 2015-05-28 03:04 - 37741712 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-06-04 07:30 - 2015-05-28 03:04 - 30480528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-06-04 07:30 - 2015-05-28 03:04 - 22946960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-06-04 07:30 - 2015-05-28 03:04 - 16185352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-06-04 07:30 - 2015-05-28 03:04 - 15864064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-06-04 07:30 - 2015-05-28 03:04 - 14987528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-06-04 07:30 - 2015-05-28 03:04 - 14495448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-06-04 07:30 - 2015-05-28 03:04 - 13304280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-06-04 07:30 - 2015-05-28 03:04 - 11830512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-06-04 07:30 - 2015-05-28 03:04 - 10995528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-06-04 07:30 - 2015-05-28 03:04 - 02986392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-06-04 07:30 - 2015-05-28 03:04 - 02932368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-06-04 07:30 - 2015-05-28 03:04 - 02599056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-06-04 07:30 - 2015-05-28 03:04 - 01898312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435306.dll
2015-06-04 07:30 - 2015-05-28 03:04 - 01557832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435306.dll
2015-06-04 07:30 - 2015-05-28 03:04 - 01099808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-06-04 07:30 - 2015-05-28 03:04 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-06-04 07:30 - 2015-05-28 03:04 - 01050440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-06-04 07:30 - 2015-05-28 03:04 - 00982856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-06-04 07:30 - 2015-05-28 03:04 - 00974480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-06-04 07:30 - 2015-05-28 03:04 - 00939080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-06-04 07:30 - 2015-05-28 03:04 - 00878816 _____ C:\WINDOWS\system32\nvmcumd.dll
2015-06-04 07:30 - 2015-05-28 03:04 - 00175880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-06-04 07:30 - 2015-05-28 03:04 - 00154256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-06-04 07:30 - 2015-05-28 03:04 - 00150648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-06-04 07:30 - 2015-05-28 03:04 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-06-04 07:11 - 2015-06-04 07:11 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-04 07:11 - 2015-04-03 09:21 - 00048784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-06-04 07:11 - 2015-04-03 09:21 - 00038032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-05-30 11:37 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2015-05-30 11:37 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2015-05-30 11:37 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2015-05-30 11:37 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2015-05-30 11:37 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2015-05-30 11:37 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2015-05-30 11:37 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2015-05-30 11:37 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2015-05-30 11:37 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2015-05-30 11:37 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2015-05-30 11:37 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2015-05-30 11:37 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2015-05-30 11:37 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2015-05-30 11:37 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2015-05-30 11:37 - 2008-07-30 06:20 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2015-05-30 11:37 - 2008-07-30 06:20 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2015-05-30 11:37 - 2008-07-30 06:20 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2015-05-30 11:37 - 2008-07-30 06:20 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2015-05-30 11:37 - 2008-07-30 06:20 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2015-05-30 11:37 - 2008-07-30 06:20 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2015-05-30 11:37 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2015-05-30 11:37 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2015-05-30 11:37 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2015-05-30 11:37 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2015-05-30 11:37 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2015-05-30 11:37 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2015-05-30 11:37 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2015-05-30 11:37 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2015-05-30 11:37 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2015-05-30 11:37 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2015-05-30 11:37 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2015-05-30 11:37 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2015-05-30 11:37 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2015-05-30 11:37 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2015-05-30 11:37 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2015-05-30 11:37 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2015-05-30 11:37 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2015-05-30 11:37 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2015-05-30 11:37 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2015-05-30 11:37 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2015-05-30 11:37 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2015-05-30 11:37 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2015-05-30 11:37 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2015-05-30 11:37 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2015-05-30 11:37 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2015-05-30 11:37 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2015-05-30 11:37 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2015-05-30 11:37 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2015-05-30 11:37 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2015-05-30 11:37 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2015-05-30 11:37 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2015-05-30 11:37 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2015-05-30 11:37 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2015-05-30 11:37 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2015-05-30 11:37 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2015-05-30 11:37 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2015-05-30 11:37 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2015-05-30 11:37 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2015-05-30 11:37 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2015-05-30 11:37 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2015-05-30 11:37 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2015-05-30 11:37 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2015-05-30 11:37 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2015-05-30 11:37 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2015-05-30 11:37 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2015-05-30 11:37 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2015-05-30 11:37 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2015-05-30 11:37 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2015-05-30 11:37 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2015-05-30 11:37 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2015-05-30 11:37 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2015-05-30 11:37 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2015-05-30 11:37 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2015-05-30 11:37 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2015-05-30 11:37 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2015-05-30 11:37 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2015-05-30 11:37 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2015-05-30 11:37 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2015-05-30 11:37 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2015-05-30 11:37 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2015-05-30 11:37 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2015-05-30 11:37 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2015-05-30 11:37 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2015-05-30 11:37 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2015-05-30 11:37 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2015-05-30 11:37 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2015-05-30 11:37 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2015-05-30 11:37 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2015-05-30 11:37 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2015-05-30 11:37 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2015-05-30 11:37 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2015-05-30 11:37 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2015-05-30 11:37 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2015-05-30 11:37 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2015-05-30 11:37 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2015-05-30 11:37 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2015-05-30 11:37 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2015-05-30 11:37 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2015-05-30 11:37 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2015-05-30 11:37 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2015-05-30 11:37 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2015-05-30 11:37 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2015-05-30 11:37 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2015-05-30 11:37 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2015-05-30 11:37 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2015-05-30 11:37 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2015-05-30 11:37 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2015-05-30 11:37 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2015-05-30 11:37 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2015-05-30 11:37 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2015-05-30 11:37 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2015-05-30 11:37 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2015-05-30 11:37 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2015-05-30 11:37 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2015-05-30 11:37 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2015-05-30 11:37 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2015-05-30 11:37 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2015-05-30 11:37 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2015-05-30 11:37 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2015-05-30 11:37 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2015-05-30 11:37 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2015-05-30 11:37 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2015-05-30 11:37 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2015-05-30 11:37 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2015-05-30 11:37 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2015-05-30 11:37 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-29 21:26 - 2014-08-22 12:47 - 00000000 __RDO C:\Users\Kelly\SkyDrive
2015-06-29 21:26 - 2013-12-12 22:53 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-29 17:18 - 2014-08-22 20:18 - 00000304 _____ C:\WINDOWS\Tasks\Groovorio Updater.job
2015-06-29 17:05 - 2013-12-31 19:31 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\.minecraft
2015-06-29 16:59 - 2013-12-13 12:31 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3273066582-2917483218-166678392-1002
2015-06-28 21:26 - 2013-12-13 12:25 - 00000000 ____D C:\Users\Kelly
2015-06-28 20:54 - 2014-06-10 14:21 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-28 20:54 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-27 20:49 - 2013-12-12 22:53 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-27 14:02 - 2013-12-12 22:50 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-06-26 14:30 - 2014-12-14 16:46 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-26 11:15 - 2014-11-23 16:42 - 00000000 ____D C:\Users\Kelly\Desktop\mario
2015-06-26 11:04 - 2013-12-12 22:50 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-06-25 15:55 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-25 12:02 - 2013-11-14 03:29 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-25 11:18 - 2014-08-23 10:18 - 00000163 _____ C:\Users\Kelly\AppData\Roaming\WB.CFG
2015-06-22 15:35 - 2014-11-01 20:11 - 00000000 ____D C:\Users\Kelly\Documents\Bandicam
2015-06-22 10:04 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-06-21 17:23 - 2014-08-22 10:48 - 00000224 _____ C:\Users\Kelly\BullseyeCoverageError.txt
2015-06-20 15:46 - 2015-04-24 18:57 - 00000000 ____D C:\Users\Kelly\Documents\RPGVXAce
2015-06-15 18:47 - 2013-12-12 22:53 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-15 18:29 - 2014-12-14 17:00 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-06-04 07:33 - 2014-02-02 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-06-04 07:33 - 2014-02-02 11:31 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-04 07:33 - 2009-01-23 23:06 - 00000000 ____D C:\temp
2015-06-04 07:11 - 2015-04-13 17:28 - 00000000 ____D C:\WINDOWS\LastGood
2015-05-30 12:13 - 2014-09-18 20:04 - 00000000 ____D C:\Users\Kelly\Desktop\SnipImages
2015-05-30 11:41 - 2015-04-24 18:55 - 00000000 ____D C:\Program Files (x86)\Enterbrain
 
==================== Files in the root of some directories =======
 
2015-06-21 15:27 - 2015-06-21 15:27 - 0000000 _____ () C:\Users\Kelly\AppData\Roaming\FE9B.tmp
2014-08-23 10:18 - 2015-06-25 11:18 - 0000163 _____ () C:\Users\Kelly\AppData\Roaming\WB.CFG
2014-04-09 16:29 - 2015-04-18 15:08 - 0032768 _____ () C:\Users\Kelly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-02 21:18 - 2014-12-18 20:18 - 0000010 _____ () C:\Users\Kelly\AppData\Local\DSI.DAT
2015-01-19 18:01 - 2015-01-19 18:01 - 0002130 _____ () C:\Users\Kelly\AppData\Local\recently-used.xbel
2014-12-25 11:18 - 2014-12-25 11:18 - 0464896 _____ () C:\Users\Kelly\AppData\Local\upd69916734.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-26 19:59
 
==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Kelly at 2015-06-28 21:17:55
Running from C:\Users\Kelly\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3273066582-2917483218-166678392-500 - Administrator - Disabled)
Guest (S-1-5-21-3273066582-2917483218-166678392-501 - Limited - Disabled) => C:\Users\Guest
Kelly (S-1-5-21-3273066582-2917483218-166678392-1002 - Administrator - Enabled) => C:\Users\Kelly
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 bit Windows Card Reader Driver (HKLM-x32\...\{58192647-B4DD-45E1-9C3C-1614B4A03897}) (Version: 1.1.0.0 - TEAC)
Any Video Converter 5.7.7 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.0.708 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
D-Fend Reloaded 1.4.2 (deinstall) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.4.2 - Alexander Herzog)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Fighter Factory Ultimate (HKLM-x32\...\VirtuallTek Fighter Factory Ultimate_is1) (Version: 2.6.0.2010 - VirtuallTek Systems)
Free MIDI to MP3 Converter 1.0 (HKLM-x32\...\{181E1175-1FF8-4EA5-BC08-A7CA39B85502}_is1) (Version:  - PolySoft Solutions)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version:  - )
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version:  - )
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenGL Extensions Viewer 4.1 (HKLM-x32\...\GLVIEW3) (Version: 412 - )
PeaZip 5.4.1 (HKLM-x32\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
PeaZip UNACE plugin 1 (HKLM-x32\...\{472526EF-F49F-45DA-8EB9-D0858C59601B}_is1) (Version:  - Giorgio Tani)
RPG Maker 2003 v1.08 (HKLM-x32\...\RPG Maker 2003_is1) (Version:  - Enterbrain, Inc.)
RPG Maker VX Ace (HKLM-x32\...\RPGVXAce_E_is1) (Version: 1.02 - Enterbrain)
RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version:  - KADOKAWA)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.28 - NVIDIA Corporation) Hidden
Source Filmmaker (HKLM-x32\...\Steam App 1840) (Version:  - Valve)
Speakonia (HKLM-x32\...\Speakonia_is1) (Version: 1.0.3.5 - CFS-Technologies)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.20.9.4533 - Enigma Software Group, LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Unity Web Player (HKU\S-1-5-21-3273066582-2917483218-166678392-1002\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version:  - DOSBox Team)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2014-04-30 00:04 - 00000878 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {2182B2A8-9B74-45E4-9AAA-4A274A915683} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {385F0A33-6197-46A9-B356-3890B9EEE1B9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {432F2736-AB0C-4BBA-A24A-F474DC3167C9} - System32\Tasks\GPU Temp\Startup => C:\Program Files (x86)\GPU Temp\GPUTemp.exe
Task: {437733AD-F0F6-4EF9-8BC0-3EEEA8B3E4E2} - System32\Tasks\IT Viewer Viewer => C:\Program Files (x86)\IT Viewer\astask.exe
Task: {4F8AAD93-676F-4DEF-9F3B-4114531C64A7} - System32\Tasks\Security Software => C:\Users\Kelly\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
Task: {9D20AE49-3517-418F-82FD-648E6B2D9E18} - System32\Tasks\RunSpeccy => C:\Program Files\Speccy\Speccy64.exe
Task: {A4D977AE-9266-4AB2-94A9-9E1D066FEC46} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {A63B4601-7219-4355-B799-43157E64AF80} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {AD0BD6B4-3B51-4891-A51D-73C53ADDB7C9} - System32\Tasks\Groovorio Updater => C:\Users\Kelly\AppData\Roaming\GROOVO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {BD7FBDFC-3CC8-4F36-BD33-652FE5A787F6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.)
Task: {DA961CE2-928D-4CF1-9465-388021B05EB5} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-06-25] (Enigma Software Group USA, LLC.)
Task: {DEC31280-A310-4043-8080-6D9014477EE6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DF7534D1-0488-471B-9979-2E8A0203FC9E} - System32\Tasks\Personal Computer Defender Viewer => C:\Program Files (x86)\Personal Computer Defender\Personal ComputerDefender.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Groovorio Updater.job => C:\Users\Kelly\AppData\Roaming\GROOVO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-06-10 14:21 - 2015-05-28 00:15 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-30 19:53 - 2015-04-30 19:53 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-30 19:53 - 2015-04-30 19:53 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-28 20:55 - 2015-06-28 20:55 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15062801\algo.dll
2015-04-03 19:51 - 2015-05-22 21:48 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-03-07 12:51 - 2015-03-07 12:51 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-06-09 16:50 - 2015-06-05 14:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-09 16:50 - 2015-06-05 14:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Kelly\SkyDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3273066582-2917483218-166678392-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Kelly\Downloads\Wallpapers\videogames\35337.jpg
DNS Servers: 173.44.120.32 - 173.44.120.33
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "ApnTBMon"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{AD7126DD-8485-4D84-B601-5301EFC88A0B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{16BD6F4D-EABF-4C2F-B2D5-A4A8E058A520}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E34A210A-EC22-4B43-A10D-B5B54D7BA76A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{9A23F2FD-D067-49C5-BBCF-D4721E58D018}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{65E1C046-4C5B-482C-8B3D-ADC7C2CCE947}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DAE6788B-EB86-4315-8CEF-DA92D1AB62D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1753D615-AFC8-478A-B82D-F6684A6DAB57}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B95674A9-2CBD-462B-804B-4E8D216949C0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{746ED3D2-CFC3-4F5A-B5C8-28ABED276893}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E2E15599-3470-4BC0-845E-CFB97DE81FA7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D1CB5CFB-459A-41EF-B0DE-F7FED3027D31}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{ED7787ED-5F21-4328-8FFB-318E440308B3}] => (Allow) LPort=2869
FirewallRules: [{77A5AFBC-2856-45C7-9633-3ED44F241E80}] => (Allow) LPort=1900
FirewallRules: [{F3532F37-6929-4EF7-9E0B-9752CBB61B8B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{632AE6B0-085E-45B5-8FB5-0D3286A1BBB3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FB389CE1-26E2-41C2-924C-0EC3ED52A2C3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{92C049DB-6111-4630-ABA3-718B8DB3597E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AE902182-C367-48CF-95B3-0AB062677BFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{120A5655-760C-4095-AE3F-D52C84CE21DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{4E9390DB-3E3F-428B-9F27-896196A8DF7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{E92820E7-F4ED-456D-AB3F-59E121A6F85C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{5C01D9FF-6F97-4B94-9AB9-B43CB90E4F89}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F0361F42-F041-4726-93B0-0990792E2D94}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{87B8F7DA-EA69-4D97-9C40-0CE1BA21642F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RPGVXAce\RPGVXAce.exe
FirewallRules: [{6115D47B-CEDB-4DC7-B035-8DE97D7E5FB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RPGVXAce\RPGVXAce.exe
FirewallRules: [{C047342C-D457-4D38-9B92-DEBB70CB4B26}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7DE0CB5F-0766-4C8C-AD87-AF06ED9854AF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/28/2015 09:18:20 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (1492) SRUJet: An attempt to open the file "C:\WINDOWS\system32\SRU\SRUDB.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (06/28/2015 09:18:10 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (1492) SRUJet: An attempt to open the file "C:\WINDOWS\system32\SRU\SRUDB.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (06/28/2015 09:17:30 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (1492) SRUJet: An attempt to open the file "C:\WINDOWS\system32\SRU\SRUDB.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (06/28/2015 09:17:20 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (1492) SRUJet: An attempt to open the file "C:\WINDOWS\system32\SRU\SRUDB.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (06/28/2015 09:17:10 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (1492) SRUJet: An attempt to open the file "C:\WINDOWS\system32\SRU\SRUDB.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (06/28/2015 09:16:30 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (1492) SRUJet: An attempt to open the file "C:\WINDOWS\system32\SRU\SRUDB.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (06/28/2015 09:16:20 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (1492) SRUJet: An attempt to open the file "C:\WINDOWS\system32\SRU\SRUDB.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (06/28/2015 09:16:10 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (1492) SRUJet: An attempt to open the file "C:\WINDOWS\system32\SRU\SRUDB.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (06/28/2015 09:15:30 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (1492) SRUJet: An attempt to open the file "C:\WINDOWS\system32\SRU\SRUDB.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (06/28/2015 09:15:20 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (1492) SRUJet: An attempt to open the file "C:\WINDOWS\system32\SRU\SRUDB.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
 
System errors:
=============
 
Microsoft Office:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2015-04-04 13:00:23.524
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-20 06:43:51.273
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-07 12:50:56.188
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-07 11:56:30.035
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-04-04 19:30:38.365
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Definition Updates\{0FD06DCA-2D2E-4FD2-AE22-55FF4BA2291A}\mpengine.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® D CPU 3.73GHz
Percentage of memory in use: 42%
Total physical RAM: 4029.61 MB
Available physical RAM: 2313.69 MB
Total Pagefile: 4733.61 MB
Available Pagefile: 2528.51 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:148.95 GB) (Free:49.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Active) - (Size=148.9 GB) - (Type=07 NTFS)
 
==================== End of log ============================

 


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,797 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Be with you in a few moments with instructions

Hello,

Please remove the following program from you Programs an Features list
SpyHunter 4

Next
A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.


start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [ospd_us_12] => [X]
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File
ProxyServer: [S-1-5-21-3273066582-2917483218-166678392-1002] => 127.0.0.1:8118
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...=1567164199&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...=1567164199&ir=
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = 
searchScopes: HKLM-x32 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/...inst=1434328993
SearchScopes: HKU\S-1-5-21-3273066582-2917483218-166678392-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3273066582-2917483218-166678392-1002 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = 
FF NetworkProxy: "type", 5
S2 PrivoxyService; "C:\Program Files (x86)\IT Viewer\privoxy.exe" --service [X] <==== ATTENTION
C:\Program Files (x86)\IT Viewer
S3 yeddef64; \SystemRoot\System32\Drivers\yeddef64.sys [X]
2015-06-21 15:27 - 2015-06-21 15:27 - 00000000 _____ C:\Users\Kelly\AppData\Roaming\FE9B.tmp
2015-06-14 20:43 - 2015-06-27 14:15 - 00003252 _____ C:\WINDOWS\System32\Tasks\IT Viewer Viewer
2015-06-14 20:43 - 2015-06-26 14:28 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Updater
2015-06-04 07:11 - 2015-06-04 07:11 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-21 15:27 - 2015-06-21 15:27 - 0000000 _____ () C:\Users\Kelly\AppData\Roaming\FE9B.tmp
Task: {437733AD-F0F6-4EF9-8BC0-3EEEA8B3E4E2} - System32\Tasks\IT Viewer Viewer => C:\Program Files (x86)\IT Viewer\astask.exe
Task: {4F8AAD93-676F-4DEF-9F3B-4114531C64A7} - System32\Tasks\Security Software => C:\Users\Kelly\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
C:\Users\Kelly\AppData\Roaming\Updater
Task: {A63B4601-7219-4355-B799-43157E64AF80} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
C:\Program Files (x86)\MyPC Backup
Task: {AD0BD6B4-3B51-4891-A51D-73C53ADDB7C9} - System32\Tasks\Groovorio Updater => C:\Users\Kelly\AppData\Roaming\GROOVO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\Kelly\AppData\Roaming\GROOVO~1
AlternateDataStreams: C:\Users\Kelly\SkyDrive:ms-properties
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
CMD: net start srservice
RemoveProxy:
hosts:
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Thanks
Joe
  • 1

#3
Fiveroadies

Fiveroadies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Sorry that took so long.  Unfortunately this is my 11 year old's computer.  I told her to remove the spyhunter program in programs and features, she couldn't so she just removed it from the program files folder instead.  Once I figured out what she did we lost our internet connection.  It has been removed in programs and features (i'm not sure if she did any damage though-you said if things didn't work to tell you)  I still ran the fixlist.  Below is the fixlog.  I'm sorry if this caused any other problems, I will be doing everything else myself from this point forward.  thank you again for your help.


 

Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Kelly at 2015-07-01 20:23:57 Run:1
Running from C:\Users\Kelly\Desktop
Loaded Profiles: Kelly (Available Profiles: Kelly & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [ospd_us_12] => [X]
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File
ProxyServer: [S-1-5-21-3273066582-2917483218-166678392-1002] => 127.0.0.1:8118
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...=1567164199&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...=1567164199&ir=
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = 
searchScopes: HKLM-x32 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/...inst=1434328993
SearchScopes: HKU\S-1-5-21-3273066582-2917483218-166678392-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3273066582-2917483218-166678392-1002 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = 
FF NetworkProxy: "type", 5
S2 PrivoxyService; "C:\Program Files (x86)\IT Viewer\privoxy.exe" --service [X] <==== ATTENTION
C:\Program Files (x86)\IT Viewer
S3 yeddef64; \SystemRoot\System32\Drivers\yeddef64.sys [X]
2015-06-21 15:27 - 2015-06-21 15:27 - 00000000 _____ C:\Users\Kelly\AppData\Roaming\FE9B.tmp
2015-06-14 20:43 - 2015-06-27 14:15 - 00003252 _____ C:\WINDOWS\System32\Tasks\IT Viewer Viewer
2015-06-14 20:43 - 2015-06-26 14:28 - 00000000 ____D C:\Users\Kelly\AppData\Roaming\Updater
2015-06-04 07:11 - 2015-06-04 07:11 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-21 15:27 - 2015-06-21 15:27 - 0000000 _____ () C:\Users\Kelly\AppData\Roaming\FE9B.tmp
Task: {437733AD-F0F6-4EF9-8BC0-3EEEA8B3E4E2} - System32\Tasks\IT Viewer Viewer => C:\Program Files (x86)\IT Viewer\astask.exe
Task: {4F8AAD93-676F-4DEF-9F3B-4114531C64A7} - System32\Tasks\Security Software => C:\Users\Kelly\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
C:\Users\Kelly\AppData\Roaming\Updater
Task: {A63B4601-7219-4355-B799-43157E64AF80} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
C:\Program Files (x86)\MyPC Backup
Task: {AD0BD6B4-3B51-4891-A51D-73C53ADDB7C9} - System32\Tasks\Groovorio Updater => C:\Users\Kelly\AppData\Roaming\GROOVO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\Kelly\AppData\Roaming\GROOVO~1
AlternateDataStreams: C:\Users\Kelly\SkyDrive:ms-properties
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
CMD: net start srservice
RemoveProxy:
hosts:
Emptytemp:
*****************
 
Processes closed successfully.
Error: (0) Failed to create a restore point.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ospd_us_12 => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => key removed successfully
HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => key removed successfully
HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => key removed successfully
HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => key removed successfully
HKCR\Wow6432Node\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => key removed successfully
HKCR\Wow6432Node\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => key removed successfully
HKCR\Wow6432Node\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found. 
HKU\S-1-5-21-3273066582-2917483218-166678392-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}" => key removed successfully
HKCR\CLSID\{CC865B26-C31D-4D23-B17B-96548EEF03F6} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\searchScopes: HKLM-x32 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/...inst=1434328993=> value not found.
"HKU\S-1-5-21-3273066582-2917483218-166678392-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKU\S-1-5-21-3273066582-2917483218-166678392-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}" => key removed successfully
HKCR\CLSID\{CC865B26-C31D-4D23-B17B-96548EEF03F6} => key not found. 
Firefox Proxy settings were reset.
PrivoxyService => Service removed successfully
"C:\Program Files (x86)\IT Viewer" => File/Folder not found.
yeddef64 => Service removed successfully
C:\Users\Kelly\AppData\Roaming\FE9B.tmp => moved successfully.
C:\WINDOWS\System32\Tasks\IT Viewer Viewer => moved successfully.
C:\Users\Kelly\AppData\Roaming\Updater => moved successfully.
C:\ProgramData\boost_interprocess => moved successfully.
"C:\Users\Kelly\AppData\Roaming\FE9B.tmp" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{437733AD-F0F6-4EF9-8BC0-3EEEA8B3E4E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{437733AD-F0F6-4EF9-8BC0-3EEEA8B3E4E2}" => key removed successfully
C:\Windows\System32\Tasks\IT Viewer Viewer not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IT Viewer Viewer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F8AAD93-676F-4DEF-9F3B-4114531C64A7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F8AAD93-676F-4DEF-9F3B-4114531C64A7}" => key removed successfully
C:\Windows\System32\Tasks\Security Software => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Software" => key removed successfully
"C:\Users\Kelly\AppData\Roaming\Updater" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A63B4601-7219-4355-B799-43157E64AF80}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A63B4601-7219-4355-B799-43157E64AF80}" => key removed successfully
C:\Windows\System32\Tasks\LaunchSignup => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => key removed successfully
"C:\Program Files (x86)\MyPC Backup" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD0BD6B4-3B51-4891-A51D-73C53ADDB7C9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD0BD6B4-3B51-4891-A51D-73C53ADDB7C9}" => key removed successfully
C:\Windows\System32\Tasks\Groovorio Updater => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Groovorio Updater" => key removed successfully
"C:\Users\Kelly\AppData\Roaming\GROOVO~1" => File/Folder not found.
"C:\Users\Kelly\SkyDrive" => ":ms-properties" ADS not found.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {E0B982B4-7ADF-46B2-AAF8-DB22A61B0352}.
Unable to cancel {265691B1-62B5-4005-B71A-403BF68FD6BD}.
Unable to cancel {46750CDF-64CF-4B6F-AEFB-9E166CCC2EF7}.
Unable to cancel {BA3A4E69-611B-4DE3-9069-D53F2BE3E32B}.
Unable to cancel {645F9CF2-F3B0-4086-A9BC-6BD0499CA479}.
Unable to cancel {DACE5832-1B72-46EC-8F2D-C7250BD7E47B}.
Unable to cancel {1025BB31-ECB0-41B8-ACD9-3B6AA60E5FAC}.
Unable to cancel {90715508-6FC8-4B86-9A3E-BD30AFD090C2}.
Unable to cancel {EB0CD97F-0352-46E2-884C-4DFCE8CFED5A}.
Unable to cancel {943050B2-0B93-4363-A06B-6775DC2D1ABE}.
Unable to cancel {5F44406E-0D63-4B9C-B006-73F83B028FD4}.
Unable to cancel {A3615589-C44D-4ED5-925F-CB52C9FBF9F3}.
Unable to cancel {D672B43B-1420-4893-8B6E-586CF3E36C47}.
Unable to cancel {EC8F0CE5-AF6B-4A27-AAE5-6E388192A81C}.
Unable to cancel {C162D403-619F-4E42-8468-05D96489041E}.
Unable to cancel {36BAD7C1-6103-4851-AD40-307D32C2943E}.
Unable to cancel {4FAFCF0D-D288-4FCD-A30A-D77C3E029C24}.
Unable to cancel {B7D6FE3E-E5A2-42BB-8928-35333C70C50A}.
Unable to cancel {0C567F4C-F732-46CC-801E-F31C2840645D}.
Unable to cancel {F52EE935-B862-4976-934D-3C670A72415C}.
Unable to cancel {28FC86A5-8214-450D-9204-4B9E0B0A0A28}.
Unable to cancel {6397220F-D4FC-40A8-9482-E32F63DF4B76}.
Unable to cancel {8D3D2AFE-E5E8-492D-8466-9828B6D265FD}.
Unable to cancel {C230FD39-C770-4CC4-88F3-9D0C57527D21}.
Unable to cancel {F2EC1DB7-9014-42F3-93BC-3ECBC5D46499}.
Unable to cancel {4E6B5F73-834F-4EEB-916A-0201B8D9F465}.
Unable to cancel {294C102C-9E89-4FC4-8AA2-B35A694D266E}.
Unable to cancel {A9971681-9FB1-4C8C-AE3F-8E4F17801095}.
Unable to cancel {BEA0E438-AB0D-43A2-8E65-DEA99BEADAD6}.
Unable to cancel {17016E53-82D0-492A-9EA7-3053BA7525CF}.
Unable to cancel {E69B9B77-5400-4E65-AAFB-9AA4CECE6C08}.
Unable to cancel {A319B90F-BBF7-48E5-B807-072A556BDA41}.
Unable to cancel {0F11B376-F640-448E-B902-4F99B0D30B9F}.
Unable to cancel {2BAA7B23-7EA9-421A-A103-7F0ACB19EDDC}.
Unable to cancel {1B8118B0-9D74-4C67-8E77-52AF62EC5EC4}.
Unable to cancel {7B9FD2E0-FD3F-4716-95CB-650EFC277ACB}.
Unable to cancel {28082245-CAF0-41AC-B86A-5D4CC65C13CA}.
Unable to cancel {D9129552-18DB-47CC-AE38-DEC092C085A2}.
Unable to cancel {7F7E2168-4A92-4E1A-9E83-8FDC1CFC85AC}.
Unable to cancel {BBC68FD3-8455-423E-A5F1-98CB5BD8EA5C}.
Unable to cancel {8B343F76-C308-4FDC-8D95-30FCDBC7D37F}.
Unable to cancel {F9742DBD-A490-432D-B137-72352D260996}.
Unable to cancel {3AD90E2F-102A-42FE-A961-B8F125996694}.
Unable to cancel {AC8A4CCE-BCB1-4EB3-B2C6-C70087D7AF81}.
Unable to cancel {CC7F34AE-D3AF-442E-B035-D9BB1E14E61F}.
Unable to cancel {B1B5BB2C-7646-414F-80D5-D874E3AFEE3A}.
Unable to cancel {ED5C6E6C-32E3-45AC-88C8-7216CD99CA70}.
Unable to cancel {4D0FE337-EE2E-4124-ADAF-39AE1393C56D}.
Unable to cancel {946F032B-F4B1-4EED-AED6-F96F806B6E90}.
Unable to cancel {5D16DBD9-D862-471C-8B36-F0EF355432D6}.
Unable to cancel {92EEFAB7-B78A-4A2A-8305-F25CF7AE7637}.
Unable to cancel {236CBBF5-93E2-4CEE-88C3-C8A61E52BA69}.
Unable to cancel {674415BD-ED69-4B9D-A787-E007AE466F94}.
Unable to cancel {9361F8A9-F9E1-49F8-A66C-FD9BBB08595F}.
Unable to cancel {79E9ECC1-19FB-4836-9CA5-51B072131A9B}.
Unable to cancel {1906EE01-964E-472B-8D34-785852757FE3}.
Unable to cancel {5123561D-99EA-4A7B-BF35-0DEAE0C7DA62}.
Unable to cancel {5DB4229F-A0A8-4BDE-9FE4-8FD761AE4737}.
Unable to cancel {49E6CA5A-24B3-433F-9DDB-091A4911945B}.
Unable to cancel {519EDC94-D542-4299-B0CD-B2DF17C5B1DA}.
Unable to cancel {5114D491-ED16-4699-8054-32A38D099DA4}.
Unable to cancel {539FA0A9-7FA5-470B-AC58-CE1514E18F92}.
Unable to cancel {5AFD9732-81F3-49AB-89D8-8385F1B0DFA3}.
Unable to cancel {716C4969-261B-4FC8-9949-49D780F7DC6F}.
Unable to cancel {8D29A12C-11E1-4B04-9E42-FCE6A7E25106}.
Unable to cancel {DC600440-A3D9-4EEB-B3F7-1CB2C684425B}.
Unable to cancel {912BBE3D-1E41-40C3-A25D-6F8B626E0214}.
Unable to cancel {DF8BEB30-61FA-4D4B-B717-2FEEAC913E98}.
Unable to cancel {03AF77B4-D181-4646-9E04-452B44394E0F}.
Unable to cancel {8DFAC165-EDC4-48C3-89A6-ED92A6DF1E8C}.
Unable to cancel {35BCF503-5912-479E-B552-A35F7B4BAC8F}.
Unable to cancel {B3945FC7-3D1C-4728-9CC5-434B23230BF1}.
Unable to cancel {A6CE15F6-8B2B-4F57-AD4D-02CB80556585}.
Unable to cancel {478A5665-E271-4C52-82CE-662CD167A8DC}.
Unable to cancel {BAD1E398-DD42-45A6-A480-2D2858F8D310}.
Unable to cancel {40BFF62A-307E-4548-81D0-E48F3783D664}.
Unable to cancel {E0F57A93-03BC-4BCA-8F9E-CEE2FC20AA52}.
Unable to cancel {87791721-D646-4FB9-BA99-02960F560A8D}.
Unable to cancel {F0B0A416-46F4-4FC7-A509-CE3738621B43}.
Unable to cancel {1A6AE289-25BB-425D-9968-1B1288611D05}.
Unable to cancel {1C43A4CA-1113-45B4-BB1B-7A144D02986A}.
Unable to cancel {AEB06E56-029C-4200-AB5B-DF4D3087E845}.
Unable to cancel {A3A55BDC-636E-4733-9098-839803E282ED}.
Unable to cancel {EAC264B9-6840-4850-AF22-0495D8BB75A7}.
Unable to cancel {DA74FC21-23A9-4422-B8A0-1902921572E1}.
Unable to cancel {45BE7439-3796-45EE-86A0-1BA3A56508EC}.
Unable to cancel {6AC261F1-EE48-4067-9FCC-1F5111776091}.
Unable to cancel {BB04C577-144F-4547-86D1-A214E9D38F26}.
Unable to cancel {8F0167D0-A134-4161-84F4-53077DFB6B6B}.
Unable to cancel {8C17B781-9AE2-4828-B5F7-37083F0E839B}.
Unable to cancel {3604B196-54E5-4E17-A6B1-0D40A0E1F7A1}.
0 out of 91 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  net start srservice =========
 
The service name is invalid.
 
More help is available by typing NET HELPMSG 2185.
 
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3273066582-2917483218-166678392-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3273066582-2917483218-166678392-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 29.5 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 20:24:06 ====

  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,797 posts
Hello,

Do you have system restore turned off for some reason?

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
Next

thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.


In your next reply post;
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log
Thanks
Joe :)
  • 1

#5
Fiveroadies

Fiveroadies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

I'm pretty sure we have system restore turned off on all of our computers.  Should we have it on?

 

# AdwCleaner v4.207 - Logfile created 01/07/2015 at 22:28:41
# Updated 21/06/2015 by Xplode
# Database : 2015-06-29.1 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : Kelly - KELLY
# Running from : C:\Users\Kelly\Desktop\adwcleaner_4.207.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\Maxiget
Folder Deleted : C:\Users\Kelly\AppData\Local\Maxiget
Folder Deleted : C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
 
***** [ Scheduled tasks ] *****
 
Task Deleted : Groovorio Updater
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2F137995-4D26-44AD-9C4E-91055090A817}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\WSE_Astromenda
Key Deleted : HKCU\Software\MaxiGet
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\MaxiGet
Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
 
-\\ Mozilla Firefox v38.0.5 (x86 en-US)
 
 
-\\ Google Chrome v43.0.2357.124
 
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : blmchfpimpbbdmgpcieclabeafkljbhm
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : pfkfdlcdbajamklbneflfbcmfgddmpae
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : aaaaaiabcopkplhgaedhbloeejhhankf
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://www.search.ask.com/?gct=hp
[C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : management","nativeMessaging","searchProvider","startupPages","storage","tabs","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"manifest_permissions":[],"scriptable_host":["*://*.ask.com/
[C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : 40889A8FAB4AD5A2831A55212FBA0D947DB02A5F960B794794A90B41BFB0EBD0"},"software_reporter":{"prompt_reason":"69936C28C0F6E2DBF6B8B794DF3931CD485EB17763CE4A1A59F365A1F1C2C013","prompt_seed":"72CEF01267805DECEA4AE8E15AA69A865FDCC99320F8143440FF3F3C9BD31FE8","prompt_version":"02806C48DAF57054A757FA67B84D809D4ADE7F973A76DB4CB74F01323026B399"},"sync":{"remaining_rollback_tries":"C55B5C891CBFD864CDDDF0DE3C1897FC6BC0298CD1E8B6BF8FA4023A52D9ADEB"}},"super_mac":"38D6075F5896542F4F1785462838840D64773786B390D7EB04D332A77597B111"},"session":{"startup_urls":["hxxps://gosearch.me/?u=9c3edf8021c26304bfc00bdf685c8777&c=up1&src=hp&inst=1434328993
 
*************************
 
AdwCleaner[R0].txt - [6162 bytes] - [01/07/2015 22:24:10]
AdwCleaner[S0].txt - [5734 bytes] - [01/07/2015 22:28:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5793  bytes] ##########
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.2.5 (07.01.2015:1)
OS: Windows 8.1 Pro x64
Ran by Kelly on Wed 07/01/2015 at 22:35:49.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\SpyHunter4Startup
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Users\Kelly\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Kelly\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Kelly\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Kelly\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/01/2015 at 22:47:50.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,797 posts
Hello,

Yes I would turn System restore on. System restore can be very beneficial and can fix many issues that may arise.

Next
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
  • Enable free trial of Malwarebytes Anti-Malware Premium
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.
Posting the Malwarebytes log.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

  • 1

#7
Fiveroadies

Fiveroadies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

I'm not really sure how to open system restore or what settings to use.

 

this is the malwarebytes log:

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/2/2015
Scan Time: 9:12 PM
Logfile: mbam new log.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.07.02.05
Rootkit Database: v2015.07.01.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Kelly
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 410595
Time Elapsed: 24 min, 45 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [0cf1ca12701a7abc3c692871d72e857b], 
 
Registry Values: 2
PUP.Optional.Groovorio.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\Groovorio\\, Quarantined, [b746d00cccbe7abc9b592ad3bf440af6]
PUP.Optional.GoSearchMe.C, HKU\S-1-5-21-3273066582-2917483218-166678392-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, https://gosearch.me/...inst=1434328993, Quarantined, [c13cddff5b2fdd59d793ade544c151af]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 3
Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [4bb224b827638aac000ac1f7f310cd33], 
PUP.Optional.SecureWeb, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\9c3edf8021c26304bfc00bdf685c8777\content, Quarantined, [e518c7152565cf67faa08e03c73fac54], 
PUP.Optional.SecureWeb, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\9c3edf8021c26304bfc00bdf685c8777, Quarantined, [e518c7152565cf67faa08e03c73fac54], 
 
Files: 4
PUP.Optional.SecureWeb, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\9c3edf8021c26304bfc00bdf685c8777\content\load.js, Quarantined, [e518c7152565cf67faa08e03c73fac54], 
PUP.Optional.SecureWeb, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\9c3edf8021c26304bfc00bdf685c8777\content\overlay.xul, Quarantined, [e518c7152565cf67faa08e03c73fac54], 
PUP.Optional.SecureWeb, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\9c3edf8021c26304bfc00bdf685c8777\chrome.manifest, Quarantined, [e518c7152565cf67faa08e03c73fac54], 
PUP.Optional.SecureWeb, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\9c3edf8021c26304bfc00bdf685c8777\install.rdf, Quarantined, [e518c7152565cf67faa08e03c73fac54], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,797 posts
Hello,

To turn on or Configure System Restore

1. Press “Win + X” and select “System” from the list of options. This will open up the system details window.

2. Now click on the “System Protection” link displayed on the right side of the window.

3. The above action will open the “System Protection” tab inside the “System Properties” window.

4. Scroll down to the “Protection Settings” section, and check to see if your OS drive has protection status “on.” If not, select it and click the “configure” button to continue.

5. The above action will open the system protection window for your selected disk. Local Disc (C:) Here select the check box “turn on system protection” to turn on or enable the system restore feature.

http://www.maketeche...store-windows-8

Let me know how that goes.

Thanks
Joe :)
  • 1

#9
Fiveroadies

Fiveroadies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

It worked thank you.  System restore is now on.  Is there anything else I need to do?


  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,797 posts
If there are no more issues lets remove all the tools an log files created by following the below exercise;


Please Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 1

#11
Fiveroadies

Fiveroadies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Hello,

 

There don't seem to be any problems now :)

 

Thank you so much
 

# DelFix v1.010 - Logfile created 08/07/2015 at 20:33:21
# Updated 26/04/2015 by Xplode
# Username : Kelly - KELLY
# Operating System : Windows 8.1 Pro  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\Kelly\Desktop\adwcleaner_4.207.exe
Deleted : C:\Users\Kelly\Desktop\FRST64.exe
Deleted : C:\Users\Kelly\Desktop\JRT.exe
Deleted : C:\Users\Kelly\Downloads\script_version.rpy
Deleted : C:\Users\Kelly\Downloads\script_version.rpyc
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Cleaning system restore ...
 
Deleted : RP #7 [Scheduled Checkpoint | 07/04/2015 15:15:14]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,797 posts
Well done. You're welcome. I will close the topic now..

You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe :)
  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, adware

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP