Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems with Windows 7 computer...virus?


  • This topic is locked This topic is locked
13 replies to this topic

#1 MarcN

MarcN

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 13 August 2014 - 01:48 PM

I have been having some issues with my computer over the past week.  I stream a radio station in Google Chrome and Shockwave Flash crashes all the time.  Chrome takes forever to load on start up of the PC.  Then, I started getting "not responding" messages when opening an Excel or Word file.  Last week, I had three BSOD episodes where the system would blue screen and restart.

 

My machine only has 4GB of RAM and I am a fairly heavy business user.  Besides running Chrome, I have MS Outlook, Excel (usually several files at a time), and QuickBooks.

 

I have ran Malwarebytes several times and it comes back clean.  What else can I do to diagnose what is going on?

 

Marc



BC AdBot (Login to Remove)

 


#2 MarcN

MarcN
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 14 August 2014 - 11:28 AM

My computer was working fine today until a few minutes ago when it blue screened.  This is the Windows message I got when the machine finished re-booting.

 

Problem signature:
  Problem Event Name: BlueScreen
  OS Version: 6.1.7601.2.1.0.256.48
  Locale ID: 1033
 
Additional information about the problem:
  BCCode: 1
  BCP1: 000000007797132A
  BCP2: 0000000000000000
  BCP3: 000000000000FFFF
  BCP4: FFFFF88007DA7CA0
  OS Version: 6_1_7601
  Service Pack: 1_0
  Product: 256_1
 
Files that help describe the problem:
  C:\Windows\Minidump\081414-45396-01.dmp
  C:\Users\Jack Wills\AppData\Local\Temp\WER-103475-0.sysdata.xml
 
Read our privacy statement online:
 
If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:14 PM

Posted 16 August 2014 - 11:12 AM


Please run the following:

Please download the appropriate version of Farbar Recovery Scan Tool (FRST.exe) from here:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ (for 32bit systems)
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ (for 64bit systems)
save it to your desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
NEXT
  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
    • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
    • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#4 MarcN

MarcN
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 18 August 2014 - 10:17 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Jack Wills (administrator) on MARC on 18-08-2014 08:24:15
Running from C:\Users\Jack Wills\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\lync.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 13.0\QBW32.EXE
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 13.0\QBDBMgrN.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ucmapi.exe
(Microsoft) C:\Program Files (x86)\Common Files\Lenovo\SUP\sup_wermonitor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11831400 2011-04-22] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-08-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Power Manager Power Agenda] => C:\Program Files (x86)\ThinkPad\Utilities\DPMHost.EXE [75064 2011-08-10] ()
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [ROC_ROC_NT] => "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3774776 2014-01-16] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-06-13] (Western Digital)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5235128 2012-06-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056264 2013-10-10] (Carbonite, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKU\S-1-5-21-1395592908-4093799679-1986462406-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1395592908-4093799679-1986462406-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office 15\root\office15\lync.exe [18997408 2014-05-28] (Microsoft Corporation)
HKU\S-1-5-21-1395592908-4093799679-1986462406-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-11] (SUPERAntiSpyware)
HKU\S-1-5-21-1395592908-4093799679-1986462406-1001\...\MountPoints2: {d6591446-cd52-11e1-8078-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-1395592908-4093799679-1986462406-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1395592908-4093799679-1986462406-1002\...\RunOnce: [Lenovo.ShowBand] => C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52512 2014-05-06] (Lenovo)
HKU\S-1-5-21-1395592908-4093799679-1986462406-1002\...\RunOnce: [] => [X]
HKU\S-1-5-21-1395592908-4093799679-1986462406-1002\...\RunOnce: [Lenovoautoqdrive] => C:\Program Files (x86)\Common Files\Lenovo\LenovoDrive\LenovoAutorunreg.exe [159744 2009-03-23] ()
HKU\S-1-5-21-1395592908-4093799679-1986462406-1002\...\RunOnce: [27_1124141603357] => "C:\Users\Jack Wills\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp_r.bat"
HKU\S-1-5-21-1395592908-4093799679-1986462406-1002\...\MountPoints2: {d6591446-cd52-11e1-8078-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-1395592908-4093799679-1986462406-1002\...\MountPoints2: {d6591449-cd52-11e1-8078-806e6f6e6963} - E:\start.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk
ShortcutTarget: QuickBooks Web Connector.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe (Intuit)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 13.0\QBW32.EXE (Intuit Inc.)
ShellIconOverlayIdentifiers: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jackwills.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkcentre
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 13.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Jack Wills\AppData\Roaming\Mozilla\Firefox\Profiles\mp6vf8v6.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Jack Wills\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-04-17]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-08-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [168808 2011-06-05] (Broadcom Corporation)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356912 2014-07-19] (Microsoft Corporation)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1335344 2014-01-23] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [856112 2014-01-23] (pdfforge GmbH)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-01-16] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-12-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-12-23] (Intuit Inc.) [File not signed]
R3 QuickBooksDB23; C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 13.0\QBDBMgrN.exe [679936 2012-12-23] (Intuit, Inc.) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1151424 2012-06-14] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-06-14] (Western Digital )
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows ® Win 7 DDK provider)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-13] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-18 08:24 - 2014-08-18 08:26 - 00026733 _____ () C:\Users\Jack Wills\Downloads\FRST.txt
2014-08-18 08:23 - 2014-08-18 08:24 - 00000000 ____D () C:\FRST
2014-08-18 08:23 - 2014-08-18 08:23 - 02101760 _____ (Farbar) C:\Users\Jack Wills\Downloads\FRST64 (1).exe
2014-08-18 08:23 - 2014-08-18 08:23 - 01093632 _____ (Farbar) C:\Users\Jack Wills\Downloads\FRST.exe
2014-08-18 08:21 - 2014-08-18 08:22 - 02101760 _____ (Farbar) C:\Users\Jack Wills\Downloads\FRST64.exe
2014-08-15 13:46 - 2014-08-15 13:46 - 00594522 _____ () C:\Users\Jack Wills\Downloads\Baptist Village.jpeg
2014-08-14 17:48 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 17:48 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 17:48 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 17:48 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 17:48 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 17:48 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 17:48 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 17:48 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 11:10 - 2014-08-14 11:10 - 00275968 _____ () C:\Windows\Minidump\081414-45396-01.dmp
2014-08-14 08:41 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 08:41 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 08:41 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 08:41 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 08:41 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 08:41 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 08:41 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 08:41 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 08:41 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 08:40 - 2014-07-31 18:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 08:40 - 2014-07-25 09:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 08:40 - 2014-07-25 09:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 08:40 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 08:40 - 2014-07-25 08:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 08:40 - 2014-07-25 08:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 08:40 - 2014-07-25 08:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 08:40 - 2014-07-25 07:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 08:40 - 2014-07-25 07:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 08:40 - 2014-07-25 07:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 08:40 - 2014-07-25 07:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 08:40 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 08:40 - 2014-07-25 07:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 08:40 - 2014-07-25 07:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 08:40 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 08:40 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 08:40 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 08:40 - 2014-07-25 06:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 08:40 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 08:40 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 08:40 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 08:40 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 08:40 - 2014-07-25 05:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 08:40 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 08:40 - 2014-07-15 22:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 08:40 - 2014-07-15 21:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 08:40 - 2014-07-15 21:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-14 08:40 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 08:39 - 2014-07-31 18:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 08:39 - 2014-07-25 09:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 08:39 - 2014-07-25 08:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 08:39 - 2014-07-25 08:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 08:39 - 2014-07-25 08:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 08:39 - 2014-07-25 08:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 08:39 - 2014-07-25 08:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 08:39 - 2014-07-25 08:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 08:39 - 2014-07-25 08:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 08:39 - 2014-07-25 08:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 08:39 - 2014-07-25 07:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 08:39 - 2014-07-25 07:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 08:39 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 08:39 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 08:39 - 2014-07-25 07:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 08:39 - 2014-07-25 07:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 08:39 - 2014-07-25 07:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 08:39 - 2014-07-25 07:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 08:39 - 2014-07-25 07:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 08:39 - 2014-07-25 07:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 08:39 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 08:39 - 2014-07-25 06:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 08:39 - 2014-07-25 06:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 08:39 - 2014-07-25 06:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 08:39 - 2014-07-25 06:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 08:39 - 2014-07-25 06:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 08:39 - 2014-07-25 06:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 08:39 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 08:39 - 2014-07-25 05:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 08:39 - 2014-07-25 05:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 08:39 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 08:39 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 08:39 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 08:39 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 16:32 - 2014-08-13 16:32 - 06089928 _____ (Microsoft Corporation) C:\Users\Jack Wills\Downloads\OneDriveSetup.exe
2014-08-13 14:46 - 2014-08-13 14:46 - 00000000 ____D () C:\Users\Jack Wills\AppData\Local\Adobe
2014-08-13 14:41 - 2014-08-13 14:41 - 00001442 _____ () C:\Users\Jack Wills\Desktop\JRT.txt
2014-08-13 14:33 - 2014-08-13 14:33 - 00000000 ____D () C:\Windows\ERUNT
2014-08-13 14:32 - 2014-08-13 14:33 - 01016261 _____ (Thisisu) C:\Users\Jack Wills\Downloads\JRT.exe
2014-08-13 14:21 - 2014-08-13 14:29 - 00000000 ____D () C:\Program Files (x86)\PCFixKit
2014-08-13 14:21 - 2014-08-13 14:21 - 00000000 ____D () C:\Users\Jack Wills\AppData\Roaming\PCFixKit
2014-08-13 14:19 - 2014-08-13 14:19 - 02240408 _____ (www.PCFixKit.com ) C:\Users\Jack Wills\Downloads\PCFixKit_Setup (1).exe
2014-08-13 14:18 - 2014-08-13 14:18 - 02240408 _____ (www.PCFixKit.com ) C:\Users\Jack Wills\Downloads\PCFixKit_Setup.exe
2014-08-13 13:58 - 2014-08-13 14:02 - 00000000 ____D () C:\AdwCleaner
2014-08-13 13:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-13 13:57 - 2014-08-13 13:57 - 01366203 _____ () C:\Users\Jack Wills\Downloads\AdwCleaner.exe
2014-08-13 09:58 - 2014-08-18 08:14 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-13 09:58 - 2014-08-13 09:58 - 00001819 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-08-13 09:58 - 2014-08-13 09:58 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-13 09:58 - 2014-08-13 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-13 09:56 - 2014-08-13 09:57 - 18786440 _____ (SUPERAntiSpyware) C:\Users\Jack Wills\Downloads\SUPERAntiSpyware (1).exe
2014-08-13 08:48 - 2014-08-18 08:15 - 00004978 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MARC-Jack Wills Marc
2014-08-12 09:39 - 2014-08-13 09:13 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-12 09:39 - 2014-08-12 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-04 16:49 - 2014-08-04 16:49 - 00275968 _____ () C:\Windows\Minidump\080414-28548-01.dmp
2014-08-04 14:40 - 2014-08-04 17:01 - 00007606 _____ () C:\Users\Jack Wills\AppData\Local\Resmon.ResmonCfg
2014-08-04 14:05 - 2014-08-04 14:05 - 00275968 _____ () C:\Windows\Minidump\080414-21387-01.dmp
2014-08-04 13:20 - 2014-08-04 13:21 - 00275968 _____ () C:\Windows\Minidump\080414-26691-01.dmp
2014-07-31 16:04 - 2014-08-13 09:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-31 16:04 - 2014-07-31 16:04 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-31 16:03 - 2014-07-31 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-31 16:03 - 2014-07-31 16:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-31 16:03 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-31 16:03 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-31 16:03 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-31 16:02 - 2014-07-31 16:02 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Jack Wills\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 15:38 - 2014-08-14 11:10 - 473613861 _____ () C:\Windows\MEMORY.DMP
2014-07-31 15:38 - 2014-08-14 11:10 - 00000000 ____D () C:\Windows\Minidump
2014-07-31 15:38 - 2014-07-31 15:38 - 00275968 _____ () C:\Windows\Minidump\073114-16473-01.dmp
2014-07-31 10:18 - 2014-07-31 10:18 - 00006102 _____ () C:\Users\Jack Wills\Downloads\08192014excel.ics
2014-07-31 10:15 - 2014-07-31 10:15 - 00006217 _____ () C:\Users\Jack Wills\Downloads\08082014xcel.ics
2014-07-29 15:16 - 2014-07-29 15:16 - 00000200 _____ () C:\Users\Jack Wills\Downloads\data-nwcXI.csv
2014-07-28 15:27 - 2014-07-28 15:27 - 00007357 _____ () C:\Users\Jack Wills\Downloads\Attachments_2014728.zip
2014-07-28 15:27 - 2014-07-28 15:27 - 00007357 _____ () C:\Users\Jack Wills\Downloads\Attachments_2014728 (1).zip
2014-07-23 11:45 - 2014-07-24 10:46 - 00000000 ____D () C:\Users\Jack Wills\Documents\Citizens Bank of Oklahoma
2014-07-22 15:24 - 2014-07-22 15:24 - 00000217 _____ () C:\Users\Jack Wills\Downloads\McNellie's_Group.vcf
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-18 08:26 - 2014-08-18 08:24 - 00026733 _____ () C:\Users\Jack Wills\Downloads\FRST.txt
2014-08-18 08:24 - 2014-08-18 08:23 - 00000000 ____D () C:\FRST
2014-08-18 08:24 - 2009-07-13 23:51 - 00083617 _____ () C:\Windows\setupact.log
2014-08-18 08:23 - 2014-08-18 08:23 - 02101760 _____ (Farbar) C:\Users\Jack Wills\Downloads\FRST64 (1).exe
2014-08-18 08:23 - 2014-08-18 08:23 - 01093632 _____ (Farbar) C:\Users\Jack Wills\Downloads\FRST.exe
2014-08-18 08:22 - 2014-08-18 08:21 - 02101760 _____ (Farbar) C:\Users\Jack Wills\Downloads\FRST64.exe
2014-08-18 08:15 - 2014-08-13 08:48 - 00004978 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MARC-Jack Wills Marc
2014-08-18 08:14 - 2014-08-13 09:58 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-18 08:14 - 2012-07-13 20:43 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-18 08:13 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-15 17:36 - 2012-07-13 20:31 - 01829714 _____ () C:\Windows\WindowsUpdate.log
2014-08-15 17:13 - 2012-09-17 13:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-15 16:38 - 2012-07-13 20:43 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-15 13:46 - 2014-08-15 13:46 - 00594522 _____ () C:\Users\Jack Wills\Downloads\Baptist Village.jpeg
2014-08-15 10:37 - 2013-05-07 15:51 - 00000000 ____D () C:\Users\Jack Wills\Documents\Cash
2014-08-15 09:54 - 2013-05-13 17:30 - 00000000 ____D () C:\Users\Jack Wills\Documents\Sales Reports
2014-08-15 08:21 - 2009-07-13 23:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-15 08:21 - 2009-07-13 23:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-15 08:14 - 2009-07-13 23:45 - 00478832 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-15 08:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 18:09 - 2012-09-17 12:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 18:01 - 2013-08-14 17:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 17:55 - 2012-09-17 15:11 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 11:12 - 2013-02-07 12:39 - 00000000 ____D () C:\Users\QBDataServiceUser23
2014-08-14 11:10 - 2014-08-14 11:10 - 00275968 _____ () C:\Windows\Minidump\081414-45396-01.dmp
2014-08-14 11:10 - 2014-07-31 15:38 - 473613861 _____ () C:\Windows\MEMORY.DMP
2014-08-14 11:10 - 2014-07-31 15:38 - 00000000 ____D () C:\Windows\Minidump
2014-08-14 09:48 - 2014-01-27 16:54 - 00000000 ____D () C:\Users\Jack Wills\Documents\Procedures
2014-08-13 16:32 - 2014-08-13 16:32 - 06089928 _____ (Microsoft Corporation) C:\Users\Jack Wills\Downloads\OneDriveSetup.exe
2014-08-13 14:46 - 2014-08-13 14:46 - 00000000 ____D () C:\Users\Jack Wills\AppData\Local\Adobe
2014-08-13 14:41 - 2014-08-13 14:41 - 00001442 _____ () C:\Users\Jack Wills\Desktop\JRT.txt
2014-08-13 14:33 - 2014-08-13 14:33 - 00000000 ____D () C:\Windows\ERUNT
2014-08-13 14:33 - 2014-08-13 14:32 - 01016261 _____ (Thisisu) C:\Users\Jack Wills\Downloads\JRT.exe
2014-08-13 14:29 - 2014-08-13 14:21 - 00000000 ____D () C:\Program Files (x86)\PCFixKit
2014-08-13 14:21 - 2014-08-13 14:21 - 00000000 ____D () C:\Users\Jack Wills\AppData\Roaming\PCFixKit
2014-08-13 14:19 - 2014-08-13 14:19 - 02240408 _____ (www.PCFixKit.com ) C:\Users\Jack Wills\Downloads\PCFixKit_Setup (1).exe
2014-08-13 14:18 - 2014-08-13 14:18 - 02240408 _____ (www.PCFixKit.com ) C:\Users\Jack Wills\Downloads\PCFixKit_Setup.exe
2014-08-13 14:03 - 2010-11-20 22:47 - 00431254 _____ () C:\Windows\PFRO.log
2014-08-13 14:02 - 2014-08-13 13:58 - 00000000 ____D () C:\AdwCleaner
2014-08-13 13:57 - 2014-08-13 13:57 - 01366203 _____ () C:\Users\Jack Wills\Downloads\AdwCleaner.exe
2014-08-13 09:58 - 2014-08-13 09:58 - 00001819 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-08-13 09:58 - 2014-08-13 09:58 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-13 09:58 - 2014-08-13 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-13 09:57 - 2014-08-13 09:56 - 18786440 _____ (SUPERAntiSpyware) C:\Users\Jack Wills\Downloads\SUPERAntiSpyware (1).exe
2014-08-13 09:33 - 2014-07-31 16:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-13 09:13 - 2014-08-12 09:39 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-13 09:07 - 2012-09-17 13:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-12 17:32 - 2013-02-11 11:38 - 00000000 ____D () C:\Users\Jack Wills\Documents\Human Resources
2014-08-12 09:39 - 2014-08-12 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-12 09:36 - 2012-09-17 13:06 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-12 09:36 - 2012-09-17 13:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-12 09:36 - 2012-09-17 13:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-07 16:30 - 2014-01-30 15:35 - 00000000 ____D () C:\Users\Jack Wills\Documents\Promotions
2014-08-07 11:03 - 2013-03-08 11:23 - 00000000 ____D () C:\Users\Jack Wills\Documents\Inventory
2014-08-07 09:49 - 2014-03-27 15:08 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-06 13:57 - 2013-03-01 10:06 - 00000000 ____D () C:\Users\Jack Wills\Documents\Taxes
2014-08-04 17:01 - 2014-08-04 14:40 - 00007606 _____ () C:\Users\Jack Wills\AppData\Local\Resmon.ResmonCfg
2014-08-04 16:49 - 2014-08-04 16:49 - 00275968 _____ () C:\Windows\Minidump\080414-28548-01.dmp
2014-08-04 14:05 - 2014-08-04 14:05 - 00275968 _____ () C:\Windows\Minidump\080414-21387-01.dmp
2014-08-04 13:21 - 2014-08-04 13:20 - 00275968 _____ () C:\Windows\Minidump\080414-26691-01.dmp
2014-08-01 10:00 - 2014-04-03 15:13 - 00000000 ____D () C:\Users\Jack Wills\Documents\Customer PO's
2014-07-31 18:41 - 2014-08-14 08:39 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 18:16 - 2014-08-14 08:40 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-31 16:04 - 2014-07-31 16:04 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-31 16:04 - 2014-07-31 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-31 16:03 - 2014-07-31 16:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-31 16:03 - 2012-09-17 12:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-31 16:02 - 2014-07-31 16:02 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Jack Wills\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 15:38 - 2014-07-31 15:38 - 00275968 _____ () C:\Windows\Minidump\073114-16473-01.dmp
2014-07-31 10:18 - 2014-07-31 10:18 - 00006102 _____ () C:\Users\Jack Wills\Downloads\08192014excel.ics
2014-07-31 10:15 - 2014-07-31 10:15 - 00006217 _____ () C:\Users\Jack Wills\Downloads\08082014xcel.ics
2014-07-29 15:16 - 2014-07-29 15:16 - 00000200 _____ () C:\Users\Jack Wills\Downloads\data-nwcXI.csv
2014-07-28 15:27 - 2014-07-28 15:27 - 00007357 _____ () C:\Users\Jack Wills\Downloads\Attachments_2014728.zip
2014-07-28 15:27 - 2014-07-28 15:27 - 00007357 _____ () C:\Users\Jack Wills\Downloads\Attachments_2014728 (1).zip
2014-07-25 09:52 - 2014-08-14 08:39 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 09:02 - 2014-08-14 08:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 09:01 - 2014-08-14 08:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 08:51 - 2014-08-14 08:40 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 08:30 - 2014-08-14 08:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 08:28 - 2014-08-14 08:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 08:28 - 2014-08-14 08:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 08:25 - 2014-08-14 08:39 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 08:25 - 2014-08-14 08:39 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 08:11 - 2014-08-14 08:39 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 08:10 - 2014-08-14 08:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 08:04 - 2014-08-14 08:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 08:03 - 2014-08-14 08:39 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 08:00 - 2014-08-14 08:40 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 08:00 - 2014-08-14 08:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 07:59 - 2014-08-14 08:39 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 07:47 - 2014-08-14 08:39 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 07:40 - 2014-08-14 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 07:34 - 2014-08-14 08:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 07:34 - 2014-08-14 08:39 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 07:33 - 2014-08-14 08:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 07:30 - 2014-08-14 08:39 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 07:28 - 2014-08-14 08:40 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 07:28 - 2014-08-14 08:39 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 07:21 - 2014-08-14 08:40 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 07:19 - 2014-08-14 08:39 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 07:18 - 2014-08-14 08:40 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 07:17 - 2014-08-14 08:40 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 07:17 - 2014-08-14 08:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 07:12 - 2014-08-14 08:39 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 07:10 - 2014-08-14 08:39 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 07:10 - 2014-08-14 08:39 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 07:08 - 2014-08-14 08:40 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 07:06 - 2014-08-14 08:39 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 06:52 - 2014-08-14 08:40 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 06:47 - 2014-08-14 08:39 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 06:43 - 2014-08-14 08:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 06:42 - 2014-08-14 08:40 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 06:39 - 2014-08-14 08:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 06:39 - 2014-08-14 08:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 06:36 - 2014-08-14 08:39 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 06:34 - 2014-08-14 08:40 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 06:29 - 2014-08-14 08:40 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 06:23 - 2014-08-14 08:39 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 06:13 - 2014-08-14 08:40 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 06:07 - 2014-08-14 08:40 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 06:07 - 2014-08-14 08:39 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 06:03 - 2014-08-14 08:39 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 05:52 - 2014-08-14 08:39 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 05:26 - 2014-08-14 08:40 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 05:17 - 2014-08-14 08:39 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 05:09 - 2014-08-14 08:39 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 05:05 - 2014-08-14 08:39 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 05:00 - 2014-08-14 08:40 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-24 11:01 - 2012-09-17 13:06 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 11:01 - 2012-09-17 13:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 10:59 - 2013-03-13 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 10:46 - 2014-07-23 11:45 - 00000000 ____D () C:\Users\Jack Wills\Documents\Citizens Bank of Oklahoma
2014-07-23 09:21 - 2014-06-24 08:08 - 00000000 ____D () C:\Users\Jack Wills\AppData\Roaming\LSC
2014-07-22 17:35 - 2014-05-20 09:23 - 00000000 ____D () C:\Users\Jack Wills\Documents\Journal Entries
2014-07-22 15:24 - 2014-07-22 15:24 - 00000217 _____ () C:\Users\Jack Wills\Downloads\McNellie's_Group.vcf
 
Some content of TEMP:
====================
C:\Users\Jack Wills\AppData\Local\Temp\Abspdf.exe
C:\Users\Jack Wills\AppData\Local\Temp\acfpdfu.dll
C:\Users\Jack Wills\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\Jack Wills\AppData\Local\Temp\acfpdfui.dll
C:\Users\Jack Wills\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\Jack Wills\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\Jack Wills\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\Jack Wills\AppData\Local\Temp\avguidx.dll
C:\Users\Jack Wills\AppData\Local\Temp\cdintf.dll
C:\Users\Jack Wills\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Jack Wills\AppData\Local\Temp\GenericWndApi.dll
C:\Users\Jack Wills\AppData\Local\Temp\InstallAX.exe
C:\Users\Jack Wills\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Jack Wills\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Jack Wills\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Jack Wills\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Jack Wills\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Jack Wills\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Jack Wills\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Jack Wills\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Jack Wills\AppData\Local\Temp\ldwm4ybp.dll
C:\Users\Jack Wills\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Jack Wills\AppData\Local\Temp\oi_{63C4FB6F-0FBB-4BF6-AFEE-830FA0610354}.exe
C:\Users\Jack Wills\AppData\Local\Temp\ose00000.exe
C:\Users\Jack Wills\AppData\Local\Temp\PDFPRT400.exe
C:\Users\Jack Wills\AppData\Local\Temp\Quarantine.exe
C:\Users\Jack Wills\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Jack Wills\AppData\Local\Temp\xmllite.dll
C:\Users\Jack Wills\AppData\Local\Temp\_is574B.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-04-29 11:31
 
==================== End Of Log ============================
 
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-18 08:36:12
-----------------------------
08:36:12.713    OS Version: Windows x64 6.1.7601 Service Pack 1
08:36:12.713    Number of processors: 2 586 0x603
08:36:12.715    ComputerName: MARC  UserName: 
08:36:40.732    Initialize success
08:36:40.805    VM: initialized successfully
08:36:40.914    VM: Amd CPU supported 
08:36:49.149    VM: supported disk I/O ataport.SYS
08:55:48.063    AVAST engine defs: 14081800
08:55:58.201    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:55:58.204    Disk 0 Vendor: ST250DM000-1BD141 KC65 Size: 238475MB BusType: 11
08:55:58.342    Disk 0 MBR read successfully
08:55:58.346    Disk 0 MBR scan
08:55:58.354    Disk 0 unknown MBR code
08:55:58.366    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS         1500 MB offset 2048
08:55:58.374    Disk 0 Boot: NTFS     code=1
08:55:58.401    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       223973 MB offset 3074048
08:55:58.442    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        13000 MB offset 461770752
08:55:58.590    Disk 0 scanning C:\Windows\system32\drivers
08:56:24.482    Service scanning
08:58:11.781    Modules scanning
08:58:11.793    Disk 0 trace - called modules:
08:58:11.844    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
08:58:11.850    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004956790]
08:58:11.862    3 CLASSPNP.SYS[fffff8800196e43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80048c9060]
08:58:36.826    AVAST engine scan C:\Windows
08:59:16.577    AVAST engine scan C:\Windows\system32
09:11:36.383    AVAST engine scan C:\Windows\system32\drivers
09:12:33.115    AVAST engine scan C:\Users\Jack Wills
09:56:54.908    AVAST engine scan C:\ProgramData
10:03:13.336    Scan finished successfully
10:07:04.020    Disk 0 MBR has been saved successfully to "C:\Users\Jack Wills\Desktop\MBR.dat"
10:07:04.042    The log file has been saved successfully to "C:\Users\Jack Wills\Desktop\aswMBR.txt"
 
______________________________
I have the MBR.dat file zipped and ready to send, but I am not sure how to attach that file in my reply.


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:14 PM

Posted 18 August 2014 - 11:04 AM

In the reply window, click on "more options' > there you will see bottom left of the reply window the "attach files" area > browse to where you have the zipped file saved and select it > click on "Attach this file" > once it is uploaded click "Add to post"
 
 
Please run the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • If items are found, please select the Clean button
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 MarcN

MarcN
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 18 August 2014 - 11:09 AM

The MBR.zip file is attached.

Attached Files

  • Attached File  MBR.zip   563bytes   1 downloads


#7 MarcN

MarcN
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 18 August 2014 - 11:23 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Jack Wills on Mon 08/18/2014 at 11:12:58.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\Jack Wills\AppData\Roaming\mozilla\firefox\profiles\mp6vf8v6.default\minidumps [1 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/18/2014 at 11:20:49.94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#8 MarcN

MarcN
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 18 August 2014 - 11:43 AM

# AdwCleaner v3.307 - Report created 18/08/2014 at 11:31:44
# Updated 17/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Jack Wills - MARC
# Running from : C:\Users\Jack Wills\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Mozilla Firefox v15.0.1 (en-US)
 
[ File : C:\Users\Jack Wills\AppData\Roaming\Mozilla\Firefox\Profiles\mp6vf8v6.default\prefs.js ]
 
 
-\\ Google Chrome v36.0.1985.143
 
*************************
 
AdwCleaner[R1].txt - [1120 octets] - [18/08/2014 11:25:00]
AdwCleaner[S1].txt - [1042 octets] - [18/08/2014 11:31:44]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1102 octets] ##########


#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:14 PM

Posted 18 August 2014 - 12:37 PM

please run a free online scan with the ESET Online Scanner

US Link: http://www.eset.com/us/online-scanner/
EU Link: http://www.eset.eu/online-scanner/

Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
• Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
• Turn off the real time scanner of any existing antivirus program while performing the online scan.
• Click the blue Run ESET Online Scanner button
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
• Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
• Click on Advanced Settings
• Make sure that the option Remove found threats is unticked.
• Ensure these options are ticked
○ Scan archives
○ Scan for potentially unsafe applications
○ Enable Anti-Stealth technology
• Click Start
• Wait for the scan to finish
• When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
• Save that text file on your desktop. Attach the log as a reply to your next reply..
• Close the ESET online scan, and let me know how things are now.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 MarcN

MarcN
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 19 August 2014 - 08:18 AM

Attached is the text file with the two threats found.  Should I remove the threats or just close the application?

Attached Files

  • Attached File  eset.txt   238bytes   1 downloads

Edited by MarcN, 19 August 2014 - 08:20 AM.


#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:14 PM

Posted 19 August 2014 - 11:13 AM

you can delete those installation files if you no longer need them.

ESET is just advising that they are bundled with adware (the type that will install an unwanted toolbar if you are not careful to Opt Out while installing the program).

Please advise how the computer is running now and if there are any outstanding issues.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 MarcN

MarcN
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 20 August 2014 - 10:20 AM

After a little more than 24 hours, the computer is operating normally with no issues to report at this time.



#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:14 PM

Posted 20 August 2014 - 10:26 AM

Very good, we just need to clean up our tools:

You can delete the FRST, aswMBR and JRT logs and programs from your desktop.


NEXT
  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.
If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome, Firefox and IE
  • AdblockPlus
    • AdblockPlus, Surf the web without annoying ads!
    • Blocks banners, pop-ups and video ads - even on Facebook and YouTube
    • Protects your online privacy
    • Two-click installation, It's free!
    • click the icon that corresponds to your browser and download.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    PC Safety and Security--What Do I Need?.
  • Simple and easy ways to keep your computer safe and secure on the Internet
Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:14 PM

Posted 24 August 2014 - 10:25 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users