Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FRST Log


  • This topic is locked This topic is locked
2 replies to this topic

#1 jab99

jab99

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 10 February 2015 - 11:25 AM

Hello, I'm cleaning up my computer and I've ran frst.  I need help with the fixing part. Here's my log Thank you in advance.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by cfranklin1 (administrator) on CFRANKLIN1-HP on 10-02-2015 11:18:33
Running from C:\Users\cfranklin1\Downloads
Loaded Profiles: cfranklin1 (Available profiles: cfranklin1)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2015-02-03] (Hewlett-Packard)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
HKU\S-1-5-21-687042451-2912375058-434098922-1000\...\Run: [Spotify] => C:\Users\cfranklin1\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-13] (Spotify Ltd)
HKU\S-1-5-21-687042451-2912375058-434098922-1000\...\Run: [Spotify Web Helper] => C:\Users\cfranklin1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-13] (Spotify Ltd)
HKU\S-1-5-21-687042451-2912375058-434098922-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21653096 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-687042451-2912375058-434098922-1000\...\Run: [Akamai NetSession Interface] => C:\Users\cfranklin1\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-687042451-2912375058-434098922-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-22] (SUPERAntiSpyware)
HKU\S-1-5-21-687042451-2912375058-434098922-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S0].txt [4976 2015-02-09] ()
HKU\S-1-5-21-687042451-2912375058-434098922-1000\...\MountPoints2: {c52504ba-257b-11e4-bb00-386077388949} - G:\Autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\cfranklin1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
ShortcutTarget: RollerCoaster Tycoon 3 Registration.lnk -> C:\Users\cfranklin1\AppData\Local\Temp\{6C997D4D-F473-402E-8B32-FE5AC769F3DE}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe (No File)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-687042451-2912375058-434098922-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-687042451-2912375058-434098922-1000 -> {9051C919-AF0F-4C5C-AA31-4290941024BD} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-687042451-2912375058-434098922-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-687042451-2912375058-434098922-1000: @nsroblox.roblox.com/launcher -> C:\Users\cfranklin1\AppData\Local\Roblox\Versions\version-d2af929835a34f18\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\IPSFF [2014-11-12]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn [2015-02-02]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-01-29]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-01-29]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-01-29]
 
Chrome: 
=======
CHR Profile: C:\Users\cfranklin1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\cfranklin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-26]
CHR Extension: (Google Drive) - C:\Users\cfranklin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\cfranklin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\cfranklin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-26]
CHR Extension: (Google Search) - C:\Users\cfranklin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-26]
CHR Extension: (Norton Identity Safe) - C:\Users\cfranklin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-11]
CHR Extension: (Skype Click to Call) - C:\Users\cfranklin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-24]
CHR Extension: (utorrent bittorrent) - C:\Users\cfranklin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgopkjlgbonklbjalhgabjichkamafm [2014-04-02]
CHR Extension: (jfTorrent) - C:\Users\cfranklin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgdkndnngmfkdcaheodildfelldpeif [2014-04-02]
CHR Extension: (Google Wallet) - C:\Users\cfranklin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-26]
CHR Extension: (Gmail) - C:\Users\cfranklin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-26]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3373912 2014-07-28] (INCA Internet Co., Ltd.)
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 nlsvc; "C:\Program Files\NetLimiter 3\nlsvc.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2015-02-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
S1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20150106.001_3a2\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
S1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
S1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20150130.001_4a7\IDSvia64.sys [668888 2015-01-30] (Symantec Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
S2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [47112 2014-08-19] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [151240 2014-11-28] (Kaspersky Lab ZAO)
S1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [245960 2014-10-22] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [843448 2014-12-13] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30920 2014-10-10] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [30920 2014-10-30] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [57032 2014-10-09] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77000 2014-11-22] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [181960 2014-11-10] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-09] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150203.018\ENG64.SYS [129752 2015-01-30] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150203.018\EX64.SYS [2137304 2015-01-30] (Symantec Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SRTSP; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2014-08-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-11-12] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
S1 SymNetS; C:\Windows\system32\drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 nltdi; \??\C:\Program Files\NetLimiter 3\nltdi.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
S3 X6va023; \??\C:\Windows\SysWOW64\Drivers\X6va023 [X]
S3 X6va025; \??\C:\Windows\SysWOW64\Drivers\X6va025 [X]
S3 X6va027; \??\C:\Windows\SysWOW64\Drivers\X6va027 [X]
S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-10 11:18 - 2015-02-10 11:18 - 00000000 ____D () C:\Users\cfranklin1\Downloads\FRST-OlderVersion
2015-02-09 21:21 - 2015-02-09 21:21 - 02347384 _____ (ESET) C:\Users\cfranklin1\Downloads\esetsmartinstaller_enu.exe
2015-02-09 21:21 - 2015-02-09 21:21 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-09 18:38 - 2015-02-09 19:18 - 00027451 _____ () C:\Users\cfranklin1\Downloads\Addition.txt
2015-02-09 18:36 - 2015-02-10 11:19 - 00026343 _____ () C:\Users\cfranklin1\Downloads\FRST.txt
2015-02-09 18:35 - 2015-02-10 11:18 - 00000000 ____D () C:\FRST
2015-02-09 18:34 - 2015-02-10 11:18 - 02132992 _____ (Farbar) C:\Users\cfranklin1\Downloads\FRST64.exe
2015-02-09 18:30 - 2015-02-09 18:30 - 00000990 _____ () C:\Users\cfranklin1\Desktop\JRT.txt
2015-02-09 18:24 - 2015-02-09 18:24 - 01388274 _____ (Thisisu) C:\Users\cfranklin1\Downloads\JRT.exe
2015-02-09 16:05 - 2015-02-09 16:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-09 16:04 - 2015-02-09 16:04 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-09 16:04 - 2015-02-09 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-09 16:04 - 2015-02-09 16:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-09 16:04 - 2015-02-09 16:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-09 16:04 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-09 16:04 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-09 16:04 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-09 15:49 - 2015-02-09 15:58 - 00000000 ____D () C:\AdwCleaner
2015-02-09 15:48 - 2015-02-09 15:48 - 02112512 _____ () C:\Users\cfranklin1\Downloads\adwcleaner_4.110 (1).exe
2015-02-09 15:44 - 2015-02-09 15:58 - 13522761 _____ (Safer-Networking Ltd. ) C:\Users\cfranklin1\Downloads\Unconfirmed 676057.crdownload
2015-02-09 15:42 - 2015-02-09 15:43 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\cfranklin1\Downloads\mbam-setup-2.0.4.1028 (4).exe
2015-02-09 15:41 - 2015-02-09 15:42 - 02112512 _____ () C:\Users\cfranklin1\Downloads\adwcleaner_4.110.exe
2015-02-08 10:28 - 2015-02-08 10:28 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForcfranklin1
2015-02-08 10:27 - 2015-02-09 15:34 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForcfranklin1.job
2015-02-04 16:40 - 2015-02-04 16:40 - 04437680 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-02-02 18:34 - 2015-02-02 18:35 - 20375924 _____ (Malwarebytes Corporation ) C:\Users\cfranklin1\Downloads\mbam-setup-2.0.4.1028 (3).exe
2015-02-02 16:06 - 2015-02-02 16:06 - 20319296 _____ (Malwarebytes Corporation ) C:\Users\cfranklin1\Downloads\mbam-setup-2.0.4.1028 (2).exe
2015-02-02 15:25 - 2015-02-02 15:25 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-02-02 15:18 - 2015-02-02 15:19 - 20307680 _____ (Malwarebytes Corporation ) C:\Users\cfranklin1\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-02-02 15:12 - 2015-02-02 15:14 - 20409320 _____ (Malwarebytes Corporation ) C:\Users\cfranklin1\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-02 12:59 - 2015-02-02 12:59 - 00000000 ____D () C:\Users\cfranklin1\AppData\Roaming\SUPERAntiSpyware.com
2015-02-02 12:51 - 2015-02-02 12:51 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-02-02 12:51 - 2015-02-02 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-02-02 12:50 - 2015-02-02 12:59 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-02 12:50 - 2015-02-02 12:50 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-02-02 12:10 - 2015-02-02 12:12 - 00002956 _____ () C:\Users\cfranklin1\Desktop\Rkill.txt
2015-02-02 12:10 - 2015-02-02 12:10 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\cfranklin1\Desktop\rkill.scr
2015-02-02 01:44 - 2015-02-02 01:44 - 00000271 _____ () C:\Users\cfranklin1\Downloads\gold.cgi
2015-02-01 14:03 - 2015-02-01 14:03 - 00001023 _____ () C:\Users\cfranklin1\Desktop\MicroVolts.lnk
2015-02-01 13:56 - 2015-02-01 14:03 - 00000000 ____D () C:\Program Files (x86)\MicroVolts
2015-01-31 21:57 - 2015-02-09 15:31 - 00566152 _____ () C:\Windows\WindowsUpdate.log
2015-01-31 21:53 - 2015-01-31 21:53 - 00002332 _____ () C:\Users\cfranklin1\Desktop\Safe Money.lnk
2015-01-31 21:51 - 2015-02-09 18:10 - 00002238 _____ () C:\Windows\PFRO.log
2015-01-31 21:51 - 2015-02-09 15:34 - 00000392 _____ () C:\Windows\setupact.log
2015-01-31 21:51 - 2015-01-31 21:51 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-31 01:30 - 2015-01-31 01:30 - 00000000 ____D () C:\Users\cfranklin1\AppData\Local\AMD
2015-01-30 23:18 - 2015-01-30 23:18 - 00000000 ____D () C:\ProgramData\ATI
2015-01-30 23:17 - 2015-01-31 01:22 - 00000000 ____D () C:\ProgramData\AMD
2015-01-30 23:17 - 2015-01-30 23:17 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-01-30 23:06 - 2015-01-30 23:17 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-01-30 23:05 - 2015-01-30 23:06 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-30 23:03 - 2015-01-30 23:17 - 00000000 ____D () C:\Program Files\AMD
2015-01-30 23:02 - 2015-01-30 23:02 - 00000388 _____ () C:\SetupCD.txt
2015-01-30 23:00 - 2015-01-30 23:00 - 00000000 ____D () C:\AMD
2015-01-30 21:30 - 2015-01-31 02:11 - 00000000 ____D () C:\Users\cfranklin1\AppData\Roaming\Raptr
2015-01-30 21:30 - 2015-01-31 02:11 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-01-30 21:30 - 2015-01-30 21:30 - 00000000 ____D () C:\Users\cfranklin1\AppData\Roaming\library_dir
2015-01-30 13:07 - 2015-01-30 13:08 - 01679864 _____ (Rock Hippo Productions) C:\Users\cfranklin1\Downloads\MicroVolts_Package (4).exe
2015-01-30 13:07 - 2015-01-30 13:07 - 01679864 _____ (Rock Hippo Productions) C:\Users\cfranklin1\Downloads\MicroVolts_Package (3).exe
2015-01-30 00:10 - 2015-01-30 00:59 - 1555162528 _____ (Tahadi Games Media ) C:\Users\cfranklin1\Downloads\Micro_Vault_EN28122014.exe
2015-01-29 19:17 - 2015-01-31 02:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-01-29 19:17 - 2015-01-29 19:17 - 00002134 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-01-29 19:16 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-01-29 19:15 - 2015-01-31 02:13 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-01-29 19:15 - 2015-01-31 02:02 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-01-29 19:14 - 2014-12-13 18:21 - 00843448 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-01-29 19:14 - 2014-11-28 18:19 - 00151240 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-01-29 19:14 - 2014-10-22 21:13 - 00245960 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-01-29 18:48 - 2015-01-29 18:43 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-29 18:48 - 2015-01-29 18:43 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-29 18:48 - 2015-01-29 18:43 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-29 18:37 - 2015-01-31 02:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2015-01-29 18:37 - 2015-01-29 18:37 - 00181285 _____ () C:\ProgramData\1422574357.bdinstall.bin
2015-01-29 18:37 - 2015-01-29 18:37 - 00002174 _____ () C:\Users\Public\Desktop\Bitdefender Antivirus Free Edition.lnk
2015-01-29 18:36 - 2015-01-31 02:04 - 00000000 ____D () C:\Program Files\Bitdefender
2015-01-29 18:36 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-01-29 18:36 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-01-29 18:36 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-01-29 18:36 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-01-29 18:36 - 2009-07-15 01:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2015-01-29 18:32 - 2015-01-29 18:32 - 10447328 _____ () C:\Users\cfranklin1\Downloads\Antivirus_Free_Edition_x64.exe
2015-01-29 18:31 - 2015-01-29 18:40 - 196619072 _____ (Kaspersky Lab) C:\Users\cfranklin1\Downloads\kis15.0.2.361en_7209.exe
2015-01-29 18:28 - 2015-01-29 18:28 - 00162208 _____ () C:\Users\cfranklin1\Downloads\Antivirus_Free_Edition.exe
2015-01-29 18:14 - 2015-01-29 18:14 - 00104253 _____ () C:\ProgramData\1422572984.bdinstall.bin
2015-01-29 18:09 - 2015-01-29 18:09 - 00000000 ____D () C:\Users\cfranklin1\AppData\Roaming\QuickScan
2015-01-18 02:07 - 2015-01-31 07:15 - 00000022 _____ () C:\Users\cfranklin1\Downloads\video.hd_53156.zip
2015-01-14 02:30 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 02:30 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 02:30 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 02:30 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 02:30 - 2014-12-11 12:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 02:30 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 02:30 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 02:30 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 02:29 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 02:29 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 02:29 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 02:29 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 02:29 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-10 11:19 - 2014-02-24 19:56 - 00000000 ____D () C:\Users\cfranklin1\AppData\Roaming\Skype
2015-02-10 02:03 - 2013-12-12 15:52 - 00000000 ____D () C:\MicroVolts Package
2015-02-09 20:25 - 2014-07-02 14:59 - 00000000 ____D () C:\Program Files (x86)\NirSoft
2015-02-09 18:10 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-02-09 15:35 - 2014-09-01 12:29 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-09 15:35 - 2011-08-08 16:16 - 00000000 ____D () C:\ProgramData\PDFC
2015-02-09 15:34 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-09 15:29 - 2013-10-26 12:00 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-09 14:37 - 2013-11-11 12:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-09 13:17 - 2014-05-04 20:19 - 00000398 _____ () C:\Windows\Tasks\update-S-1-5-21-687042451-2912375058-434098922-1000.job
2015-02-09 12:44 - 2014-03-07 17:44 - 00000000 ____D () C:\Users\cfranklin1\AppData\Local\Akamai
2015-02-09 05:54 - 2013-10-26 11:44 - 00003966 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FB258BA1-474F-4EF6-9A48-C070AAAC84D4}
2015-02-08 23:29 - 2013-10-26 11:59 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-07 04:22 - 2013-11-01 16:21 - 00000000 ____D () C:\Users\cfranklin1\AppData\Local\CrashDumps
2015-02-06 23:57 - 2013-10-26 12:02 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-06 07:52 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-06 07:52 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-04 17:15 - 2013-11-11 12:46 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 17:15 - 2011-08-08 16:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 23:24 - 2013-10-26 12:00 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-03 23:24 - 2013-10-26 11:59 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 19:57 - 2011-08-08 16:16 - 00000000 ____D () C:\Program Files (x86)\PDF Complete
2015-02-03 19:16 - 2014-05-04 20:51 - 00000000 ____D () C:\Users\cfranklin1\Documents\Lightshot
2015-02-02 15:08 - 2013-11-15 21:26 - 00000000 ____D () C:\Users\cfranklin1\AppData\Roaming\Spotify
2015-02-02 15:07 - 2013-11-15 21:30 - 00000000 ____D () C:\Users\cfranklin1\AppData\Local\Spotify
2015-02-02 15:01 - 2013-11-03 14:41 - 00000000 ____D () C:\Program Files (x86)\WhiteSmoke
2015-02-02 15:01 - 2013-10-27 22:18 - 00000000 ____D () C:\ProgramData\ZalmanInstaller_RocketDownloader
2015-02-01 14:03 - 2014-03-03 10:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MicroVolts
2015-02-01 08:27 - 2013-11-17 14:43 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-02-01 08:27 - 2013-10-27 11:56 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-02-01 00:21 - 2014-04-02 17:06 - 00000000 ____D () C:\Users\cfranklin1\AppData\Roaming\Torque
2015-01-31 20:06 - 2014-09-29 20:32 - 00000000 ____D () C:\Windows\Minidump
2015-01-31 20:06 - 2014-02-03 09:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-31 12:36 - 2013-10-26 11:34 - 00000000 ____D () C:\Users\cfranklin1
2015-01-31 02:15 - 2014-08-06 00:41 - 00000000 ____D () C:\Program Files\Bonjour
2015-01-31 02:15 - 2014-05-10 23:31 - 00000000 ____D () C:\Users\cfranklin1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-01-31 02:13 - 2014-11-12 23:00 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2015-01-31 02:13 - 2014-11-03 20:45 - 00000000 ____D () C:\Windows\System32\Tasks\Minitab
2015-01-31 02:13 - 2014-08-06 00:42 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-01-31 02:13 - 2013-11-11 12:46 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-31 02:13 - 2013-10-30 14:43 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-01-31 02:13 - 2011-08-08 16:15 - 00000000 ____D () C:\Program Files (x86)\PlayReady
2015-01-31 02:13 - 2011-08-08 16:00 - 00000000 ____D () C:\Windows\System32\Tasks\Hewlett-Packard
2015-01-31 02:13 - 2011-08-08 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
2015-01-31 02:13 - 2010-11-21 02:17 - 00000000 ____D () C:\Program Files\Windows Journal
2015-01-31 02:13 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-01-31 02:13 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-01-31 02:13 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-01-31 02:13 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\DVD Maker
2015-01-31 02:13 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-01-31 02:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2015-01-31 02:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Speech
2015-01-31 02:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Setup
2015-01-31 02:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\com
2015-01-31 02:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-01-31 02:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\servicing
2015-01-31 02:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-31 02:12 - 2014-10-20 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-31 02:12 - 2014-09-01 02:31 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-31 02:12 - 2014-06-16 16:20 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2015-01-31 02:12 - 2014-05-06 15:53 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-01-31 02:12 - 2014-03-01 21:23 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2015-01-31 02:12 - 2014-02-24 19:55 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-31 02:12 - 2014-01-20 21:34 - 00000000 ____D () C:\Program Files (x86)\S4League
2015-01-31 02:12 - 2013-11-06 21:56 - 00000000 ____D () C:\Program Files (x86)\Talesrunner
2015-01-31 02:12 - 2013-11-02 21:26 - 00000000 ____D () C:\Program Files (x86)\osu!
2015-01-31 02:12 - 2013-10-27 11:56 - 00000000 ____D () C:\Program Files\7-Zip
2015-01-31 02:12 - 2013-10-26 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-31 02:12 - 2013-10-26 11:51 - 00000000 ____D () C:\Program Files (x86)\Spotify
2015-01-31 02:12 - 2011-08-08 16:23 - 00000000 ____D () C:\ProgramData\Norton
2015-01-31 02:12 - 2011-08-08 16:19 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-01-31 02:12 - 2011-08-08 16:15 - 00000000 ____D () C:\Program Files (x86)\Kobo
2015-01-31 02:12 - 2011-08-08 16:08 - 00000000 ____D () C:\Program Files (x86)\HP Games
2015-01-31 02:12 - 2011-08-08 16:03 - 00000000 ____D () C:\ProgramData\RoxioNow
2015-01-31 02:12 - 2011-08-08 15:54 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-01-31 02:11 - 2014-08-06 00:42 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-01-31 02:11 - 2014-08-06 00:41 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-01-31 02:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-01-31 02:05 - 2013-10-26 11:55 - 00000000 ____D () C:\Users\cfranklin1\AppData\Roaming\Adobe
2015-01-31 02:04 - 2013-10-29 07:56 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-31 02:04 - 2011-08-08 15:57 - 00000000 ____D () C:\Program Files\ATI
2015-01-31 02:02 - 2014-10-20 15:15 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-31 02:02 - 2011-08-08 15:57 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2015-01-30 22:02 - 2013-10-27 16:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-30 18:27 - 2014-10-11 15:37 - 00000000 ____D () C:\Program Files (x86)\Tahadi Games
2015-01-30 08:30 - 2014-08-18 16:38 - 129799214 _____ (Elliptic Games) C:\Users\cfranklin1\Downloads\rodinasetup.exe
2015-01-30 08:28 - 2014-07-02 14:28 - 10190344 _____ (Locktime Software) C:\Users\cfranklin1\Downloads\nl3setup-x64 (1).exe
2015-01-29 18:43 - 2014-10-20 15:15 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-25 16:37 - 2013-11-11 12:46 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-18 18:28 - 2013-10-27 11:28 - 00003228 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCFRANKLIN1-HP$
2015-01-18 18:28 - 2013-10-27 11:28 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForCFRANKLIN1-HP$.job
2015-01-14 03:01 - 2013-10-27 16:27 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2013-12-03 15:20 - 2013-12-03 15:22 - 0007755 _____ () C:\Users\cfranklin1\AppData\Roaming\My Profile.xml
2013-11-06 19:59 - 2013-11-06 20:04 - 0007606 _____ () C:\Users\cfranklin1\AppData\Local\Resmon.ResmonCfg
2014-05-04 20:19 - 2014-05-04 20:19 - 0000003 _____ () C:\Users\cfranklin1\AppData\Local\updater.log
2014-05-04 20:19 - 2014-12-17 01:51 - 0000425 _____ () C:\Users\cfranklin1\AppData\Local\UserProducts.xml
2015-01-29 18:14 - 2015-01-29 18:14 - 0104253 _____ () C:\ProgramData\1422572984.bdinstall.bin
2015-01-29 18:37 - 2015-01-29 18:37 - 0181285 _____ () C:\ProgramData\1422574357.bdinstall.bin
 
Some content of TEMP:
====================
C:\Users\cfranklin1\AppData\Local\Temp\Quarantine.exe
C:\Users\cfranklin1\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-24 03:59
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:12 PM

Posted 14 February 2015 - 10:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
ShortcutTarget: RollerCoaster Tycoon 3 Registration.lnk -> C:\Users\cfranklin1\AppData\Local\Temp\{6C997D4D-F473-402E-8B32-FE5AC769F3DE}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe (No File)
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
S2 nlsvc; "C:\Program Files\NetLimiter 3\nlsvc.exe" [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 nltdi; \??\C:\Program Files\NetLimiter 3\nltdi.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
S3 X6va023; \??\C:\Windows\SysWOW64\Drivers\X6va023 [X]
S3 X6va025; \??\C:\Windows\SysWOW64\Drivers\X6va025 [X]
S3 X6va027; \??\C:\Windows\SysWOW64\Drivers\X6va027 [X]
S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Any issues with this computer?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:12 PM

Posted 19 February 2015 - 09:40 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users