Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Found virus, malware, spyware, and ran combofix


  • This topic is locked This topic is locked
25 replies to this topic

#1 SteveSteve

SteveSteve

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 17 December 2014 - 09:57 PM

My internet crashes, flash player crashes, many services running at once.  I cannot have multiple tabs open at once.  Multiple pdfs will also cause my laptop to crash.

 

I use cc cleaner regularly.

 

 

I used combo fix, which may have damaged registry.

 

Please help.

 

I do not have the combo fix log.  I have combo fix quarantined-files log:

 

 

2014-12-17 22:25:31 . 2014-12-17 22:25:31              377 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47}.reg.dat
2014-12-17 22:25:25 . 2014-12-17 22:25:25              558 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-CleanHlp.sys.reg.dat
2014-12-17 22:25:25 . 2014-12-17 22:25:25              542 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-CleanHlp.reg.dat
2014-12-17 22:25:09 . 2014-12-17 22:25:09              293 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat
2014-12-17 22:17:31 . 2014-12-17 22:17:31           18,670 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2014-12-17 22:11:00 . 2014-12-17 22:11:00               51 ----a-w-  C:\Qoobox\Quarantine\catchme.log

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.18667
Run by Nick at 21:32:16 on 2014-12-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2937.1655 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\System32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: {21347690-EC41-4F9A-8887-1F4AEE672439} - <orphaned>
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{C94E008A-2655-4AD5-AD43-DB8E5B468A56} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C94E008A-2655-4AD5-AD43-DB8E5B468A56}\2375942554637363 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C94E008A-2655-4AD5-AD43-DB8E5B468A56}\2457666616C6F6 : DHCPNameServer = 192.168.11.1
TCP: Interfaces\{C94E008A-2655-4AD5-AD43-DB8E5B468A56}\55271313142612 : DHCPNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{C94E008A-2655-4AD5-AD43-DB8E5B468A56}\760707C677962756C656373723 : DHCPNameServer = 10.1.5.30
TCP: Interfaces\{C94E008A-2655-4AD5-AD43-DB8E5B468A56}\84F4D454D293541303 : DHCPNameServer = 75.75.76.76 75.75.75.75
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\almop0ek.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdisFlt;Avast! Firewall Driver;C:\windows\System32\drivers\aswNdisFlt.sys [2014-11-30 449936]
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2014-11-30 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2014-11-30 267632]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2009-12-16 55856]
R0 SMR311;Symantec SMR Utility Service 3.1.1;C:\windows\System32\drivers\SMR311.SYS [2013-2-18 95392]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-12-16 482384]
R1 aswKbd;aswKbd;C:\windows\System32\drivers\aswKbd.sys [2014-11-30 28184]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswsnx.sys [2014-11-30 1050432]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2014-11-30 436624]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2013-5-23 172344]
R2 aswHwid;avast! HardwareID;C:\windows\System32\drivers\aswHwid.sys [2014-11-30 29208]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2014-11-30 83280]
R2 aswStm;aswStm;C:\windows\System32\drivers\aswStm.sys [2014-11-30 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-30 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-11-30 104416]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R3 huawei_enumerator;huawei_enumerator;C:\windows\System32\drivers\ew_jubusenum.sys [2012-4-2 86016]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2009-12-16 215040]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\windows\System32\drivers\RTL8187B.sys [2010-3-31 450048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\windows\System32\drivers\ew_hwusbdev.sys [2012-4-2 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\windows\System32\drivers\ew_usbenumfilter.sys [2012-4-2 13952]
S3 huawei_cdcacm;huawei_cdcacm;C:\windows\System32\drivers\ew_jucdcacm.sys [2012-4-2 98816]
S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\windows\System32\drivers\ew_juextctrl.sys [2012-4-2 28672]
S3 huawei_wwanecm;huawei_wwanecm;C:\windows\System32\drivers\ew_juwwanecm.sys [2012-4-2 213504]
S3 LVRS64;Logitech RightSound Filter Driver;C:\windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
S3 LVUVC64;Logitech HD Webcam C310(UVC);C:\windows\System32\drivers\lvuvc64.sys [2012-9-21 4763680]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2014-1-20 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2009-12-16 222208]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2009-12-16 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-2-26 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-5-4 1255736]
S4 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-9-4 25816]
S4 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-7-8 63704]
.
=============== Created Last 30 ================
.
2014-12-17 22:40:23    35064    ----a-w-    C:\windows\System32\drivers\TrueSight.sys
2014-12-17 22:21:30    --------    d-----w-    C:\$RECYCLE.BIN
2014-12-17 12:35:47    --------    d-----w-    C:\windows\System32\appraiser
2014-12-17 02:59:40    55808    ----a-w-    C:\windows\System32\rrinstaller.exe
2014-12-17 02:59:40    50176    ----a-w-    C:\windows\SysWow64\rrinstaller.exe
2014-12-17 02:59:40    24576    ----a-w-    C:\windows\System32\mfpmp.exe
2014-12-17 02:59:40    23040    ----a-w-    C:\windows\SysWow64\mfpmp.exe
2014-12-17 02:59:40    206848    ----a-w-    C:\windows\System32\mfps.dll
2014-12-17 02:59:40    2048    ----a-w-    C:\windows\SysWow64\mferror.dll
2014-12-17 02:59:40    2048    ----a-w-    C:\windows\System32\mferror.dll
2014-12-17 02:59:40    103424    ----a-w-    C:\windows\SysWow64\mfps.dll
2014-12-17 02:59:39    4121600    ----a-w-    C:\windows\System32\mf.dll
2014-12-17 02:59:39    3209728    ----a-w-    C:\windows\SysWow64\mf.dll
2014-12-16 14:50:27    904104    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2014-12-16 14:19:50    386048    ----a-w-    C:\windows\SysWow64\html.iec
2014-12-16 14:18:55    610304    ----a-w-    C:\windows\System32\vbscript.dll
2014-12-16 14:18:55    428544    ----a-w-    C:\windows\SysWow64\vbscript.dll
2014-12-16 09:12:35    --------    d-----w-    C:\Program Files (x86)\Common Files\i4j_jres
2014-12-16 03:01:22    --------    d-----w-    C:\ProgramData\RogueKiller
2014-12-15 23:56:35    --------    d-----w-    C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-09 01:30:30    --------    d-----w-    C:\Users\Nick\AppData\Local\Skype
2014-12-03 06:31:20    227048    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-12-02 01:37:52    --------    d-----w-    C:\Users\Nick\AppData\Roaming\gnupg
2014-12-02 00:48:48    --------    d-----w-    C:\Jumpshot
2014-12-02 00:47:19    --------    d-----w-    C:\windows\jumpshot.com
2014-12-01 03:40:08    --------    d-----w-    C:\perflogs
2014-12-01 03:08:36    --------    d-----w-    C:\Users\Nick\AppData\Roaming\AVAST Software
2014-12-01 03:06:38    267632    ----a-w-    C:\windows\System32\drivers\aswVmm.sys
2014-12-01 03:06:38    116728    ----a-w-    C:\windows\System32\drivers\aswStm.sys
2014-12-01 03:06:37    93568    ----a-w-    C:\windows\System32\drivers\aswRdr2.sys
2014-12-01 03:06:37    83280    ----a-w-    C:\windows\System32\drivers\aswMonFlt.sys
2014-12-01 03:06:37    65776    ----a-w-    C:\windows\System32\drivers\aswRvrt.sys
2014-12-01 03:06:37    29208    ----a-w-    C:\windows\System32\drivers\aswHwid.sys
2014-12-01 03:06:37    1050432    ----a-w-    C:\windows\System32\drivers\aswsnx.sys
2014-12-01 03:06:36    28184    ----a-w-    C:\windows\System32\drivers\aswKbd.sys
2014-12-01 03:06:22    43152    ----a-w-    C:\windows\avastSS.scr
2014-12-01 03:06:08    449936    ----a-w-    C:\windows\System32\drivers\aswNdisFlt.sys
2014-12-01 03:04:16    --------    d-----w-    C:\Program Files\AVAST Software
2014-11-18 21:06:03    728064    ----a-w-    C:\windows\System32\kerberos.dll
2014-11-18 21:06:03    241152    ----a-w-    C:\windows\System32\pku2u.dll
2014-11-18 21:06:03    186880    ----a-w-    C:\windows\SysWow64\pku2u.dll
2014-11-18 21:06:02    550912    ----a-w-    C:\windows\SysWow64\kerberos.dll
.
==================== Find3M  ====================
.
2014-12-09 23:46:33    71344    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-09 23:46:33    701104    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2014-12-04 02:50:55    413184    ----a-w-    C:\windows\System32\generaltel.dll
2014-12-04 02:50:45    741376    ----a-w-    C:\windows\System32\invagent.dll
2014-12-04 02:50:40    396800    ----a-w-    C:\windows\System32\devinv.dll
2014-12-04 02:50:38    830976    ----a-w-    C:\windows\System32\appraiser.dll
2014-12-04 02:50:37    227328    ----a-w-    C:\windows\System32\aepdu.dll
2014-12-04 02:50:37    192000    ----a-w-    C:\windows\System32\aepic.dll
2014-12-04 02:44:48    1083392    ----a-w-    C:\windows\System32\aeinv.dll
2014-12-01 23:28:44    1232040    ----a-w-    C:\windows\System32\aitstatic.exe
2014-11-21 11:35:05    1188864    ----a-w-    C:\windows\System32\wininet.dll
2014-11-21 11:33:09    47616    ----a-w-    C:\windows\System32\mshta.exe
2014-11-21 11:33:00    174592    ----a-w-    C:\windows\System32\ieUnatt.exe
2014-11-21 11:32:30    1538048    ----a-w-    C:\windows\System32\inetcpl.cpl
2014-11-21 10:44:15    981504    ----a-w-    C:\windows\SysWow64\wininet.dll
2014-11-21 10:41:56    50176    ----a-w-    C:\windows\SysWow64\mshta.exe
2014-11-21 10:41:48    142848    ----a-w-    C:\windows\SysWow64\ieUnatt.exe
2014-11-21 10:41:26    1466368    ----a-w-    C:\windows\SysWow64\inetcpl.cpl
2014-11-21 10:23:36    482816    ----a-w-    C:\windows\System32\html.iec
2014-11-21 08:55:35    1638912    ----a-w-    C:\windows\System32\mshtml.tlb
2014-11-21 07:53:56    1638912    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2014-11-11 03:09:06    1424384    ----a-w-    C:\windows\System32\WindowsCodecs.dll
2014-11-11 02:44:45    1230336    ----a-w-    C:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 01:46:26    119296    ----a-w-    C:\windows\System32\drivers\tdx.sys
2014-11-08 03:16:08    2048    ----a-w-    C:\windows\System32\tzres.dll
2014-11-08 02:45:09    2048    ----a-w-    C:\windows\SysWow64\tzres.dll
2014-10-30 02:03:43    165888    ----a-w-    C:\windows\System32\charmap.exe
2014-10-30 01:45:43    155136    ----a-w-    C:\windows\SysWow64\charmap.exe
2014-10-25 16:05:52    1188864    ----a-w-    C:\windows\System32\wininet(49).dll
2014-10-25 16:05:23    1541632    ----a-w-    C:\windows\System32\urlmon(46).dll
2014-10-25 16:04:58    2467328    ----a-w-    C:\windows\System32\iertutil(45).dll
2014-10-25 15:46:09    981504    ----a-w-    C:\windows\SysWow64\wininet(52).dll
2014-10-25 15:45:43    1267712    ----a-w-    C:\windows\SysWow64\urlmon(51).dll
2014-10-25 15:45:06    2086912    ----a-w-    C:\windows\SysWow64\iertutil(50).dll
2014-10-25 01:57:59    77824    ----a-w-    C:\windows\System32\packager.dll
2014-10-25 01:32:37    67584    ----a-w-    C:\windows\SysWow64\packager.dll
2014-10-18 02:05:23    861696    ----a-w-    C:\windows\System32\oleaut32.dll
2014-10-18 01:33:18    571904    ----a-w-    C:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37    155064    ----a-w-    C:\windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06    683520    ----a-w-    C:\windows\System32\termsrv.dll
2014-10-14 02:13:00    3241984    ----a-w-    C:\windows\System32\msi.dll
2014-10-14 02:12:57    1460736    ----a-w-    C:\windows\System32\lsasrv.dll
2014-10-14 02:09:31    146432    ----a-w-    C:\windows\System32\msaudite.dll
2014-10-14 02:07:31    681984    ----a-w-    C:\windows\System32\adtschema.dll
2014-10-14 01:50:47    22016    ----a-w-    C:\windows\SysWow64\secur32.dll
2014-10-14 01:50:41    2363904    ----a-w-    C:\windows\SysWow64\msi.dll
2014-10-14 01:49:38    96768    ----a-w-    C:\windows\SysWow64\sspicli.dll
2014-10-14 01:47:30    146432    ----a-w-    C:\windows\SysWow64\msaudite.dll
2014-10-14 01:46:02    681984    ----a-w-    C:\windows\SysWow64\adtschema.dll
2014-10-10 00:57:42    3198976    ----a-w-    C:\windows\System32\win32k.sys
2014-10-03 02:12:23    310272    ----a-w-    C:\windows\System32\WsmWmiPl.dll
2014-10-03 02:12:23    2020352    ----a-w-    C:\windows\System32\WsmSvc.dll
2014-10-03 02:12:22    346624    ----a-w-    C:\windows\System32\WSManMigrationPlugin.dll
2014-10-03 02:12:22    181248    ----a-w-    C:\windows\System32\WsmAuto.dll
2014-10-03 02:12:00    500224    ----a-w-    C:\windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54    284672    ----a-w-    C:\windows\System32\EncDump.dll
2014-10-03 02:11:51    680960    ----a-w-    C:\windows\System32\audiosrv.dll
2014-10-03 02:11:51    440832    ----a-w-    C:\windows\System32\AudioEng.dll
2014-10-03 02:11:51    296448    ----a-w-    C:\windows\System32\AudioSes.dll
2014-10-03 02:11:49    266240    ----a-w-    C:\windows\System32\WSManHTTPConfig.exe
2014-10-03 01:45:03    248832    ----a-w-    C:\windows\SysWow64\WSManMigrationPlugin.dll
2014-10-03 01:45:03    214016    ----a-w-    C:\windows\SysWow64\WsmWmiPl.dll
2014-10-03 01:45:03    145920    ----a-w-    C:\windows\SysWow64\WsmAuto.dll
2014-10-03 01:45:03    1177088    ----a-w-    C:\windows\SysWow64\WsmSvc.dll
2014-10-03 01:44:42    442880    ----a-w-    C:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26    374784    ----a-w-    C:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26    195584    ----a-w-    C:\windows\SysWow64\AudioSes.dll
2014-10-03 01:44:25    198656    ----a-w-    C:\windows\SysWow64\WSManHTTPConfig.exe
2014-09-25 02:08:38    371712    ----a-w-    C:\windows\System32\qdvd.dll
2014-09-25 01:40:50    519680    ----a-w-    C:\windows\SysWow64\qdvd.dll
2014-09-19 09:42:52    210944    ----a-w-    C:\windows\System32\wdigest.dll
2014-09-19 09:42:51    86528    ----a-w-    C:\windows\System32\TSpkg.dll
2014-09-19 09:42:49    342016    ----a-w-    C:\windows\System32\schannel.dll
2014-09-19 09:42:47    314880    ----a-w-    C:\windows\System32\msv1_0.dll
2014-09-19 09:42:47    309760    ----a-w-    C:\windows\System32\ncrypt.dll
2014-09-19 09:42:41    22016    ----a-w-    C:\windows\System32\credssp.dll
2014-09-19 09:23:55    172032    ----a-w-    C:\windows\SysWow64\wdigest.dll
2014-09-19 09:23:52    65536    ----a-w-    C:\windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49    248832    ----a-w-    C:\windows\SysWow64\schannel.dll
2014-09-19 09:23:46    221184    ----a-w-    C:\windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45    259584    ----a-w-    C:\windows\SysWow64\msv1_0.dll
2014-09-19 09:23:36    17408    ----a-w-    C:\windows\SysWow64\credssp.dll
.
============= FINISH: 21:33:11.95 ===============
 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,631 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:03 AM

Posted 22 December 2014 - 10:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/560228 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:03 AM

Posted 24 December 2014 - 03:39 PM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#4 SteveSteve

SteveSteve
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 24 December 2014 - 05:48 PM

Hi, Thanks for the help. 

 

Here you go!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-12-2014
Ran by Nick (administrator) on NICK-PC on 24-12-2014 17:41:26
Running from C:\Users\Nick\Desktop
Loaded Profiles: Nick &  (Available profiles: Nick)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes Corporation) C:\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Malwarebytes Anti-Malware\mbam.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Malwarebytes Corporation) C:\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Logitech, Inc.) C:\Users\Nick\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Users\Nick\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
(Microsoft Corporation) C:\Windows\ehome\mcupdate.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-29] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2009-08-12] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-14] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2009-06-02] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-07-13] ()
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-15] (SUPERAntiSpyware)
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-15] (SUPERAntiSpyware)
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {D9EDDC64-3DC1-4E66-914E-EE02617AF176} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {D9EDDC64-3DC1-4E66-914E-EE02617AF176} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-3565968102-2038924888-3838231409-1002 -> DefaultScope {1B7A6B8E-6309-4CDF-9D2A-405EC040F42F} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3565968102-2038924888-3838231409-1002 -> {1B7A6B8E-6309-4CDF-9D2A-405EC040F42F} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3565968102-2038924888-3838231409-1002 -> {52999157-3AAC-466F-B568-778BA2A1064F} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3176921&CUI=UN42069475113735209&UM=2
SearchScopes: HKU\S-1-5-21-3565968102-2038924888-3838231409-1002 -> {D9EDDC64-3DC1-4E66-914E-EE02617AF176} URL =
SearchScopes: HKU\S-1-5-21-3565968102-2038924888-3838231409-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {1B7A6B8E-6309-4CDF-9D2A-405EC040F42F} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3565968102-2038924888-3838231409-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {1B7A6B8E-6309-4CDF-9D2A-405EC040F42F} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3565968102-2038924888-3838231409-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {52999157-3AAC-466F-B568-778BA2A1064F} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3176921&CUI=UN42069475113735209&UM=2
SearchScopes: HKU\S-1-5-21-3565968102-2038924888-3838231409-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D9EDDC64-3DC1-4E66-914E-EE02617AF176} URL =
Toolbar: HKU\S-1-5-21-3565968102-2038924888-3838231409-1002 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKU\S-1-5-21-3565968102-2038924888-3838231409-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: HKLM-x32 {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\almop0ek.default
FF Homepage: google.com
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (No Name) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-19]
CHR Extension: (No Name) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 MBAMScheduler; C:\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 cfWiMAXService; "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe" [X]
S4 ConfigFree Gadget Service; "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe" [X]
S4 ConfigFree Service; "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [213504 2011-06-10] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [450048 2010-03-31] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SMR311; C:\Windows\System32\drivers\SMR311.SYS [95392 2013-02-18] (Symantec Corporation)
S3 pcouffin; System32\Drivers\pcouffin.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-24 17:41 - 2014-12-24 17:42 - 00013308 _____ () C:\Users\Nick\Desktop\FRST.txt
2014-12-24 17:40 - 2014-12-24 17:41 - 00000000 ____D () C:\FRST
2014-12-24 17:38 - 2014-12-24 17:39 - 02122240 _____ (Farbar) C:\Users\Nick\Desktop\FRST64.exe
2014-12-22 01:55 - 2014-12-22 01:55 - 00000000 ____D () C:\Users\Nick\AppData\Local\Adobe
2014-12-22 01:52 - 2014-12-22 01:52 - 00000000 ____D () C:\Users\Nick\Desktop\REFWORKS
2014-12-22 01:51 - 2014-12-22 01:51 - 00000000 ____D () C:\Users\Nick\Desktop\Certs
2014-12-22 01:51 - 2014-12-22 01:51 - 00000000 ____D () C:\Users\Nick\Desktop\587A
2014-12-22 01:51 - 2014-12-22 01:51 - 00000000 ____D () C:\Users\Nick\Desktop\586A
2014-12-22 01:51 - 2014-12-22 01:51 - 00000000 ____D () C:\Users\Nick\Desktop\562
2014-12-22 01:51 - 2014-12-22 01:51 - 00000000 ____D () C:\Users\Nick\Desktop\534
2014-12-22 01:21 - 2014-12-22 01:23 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-21 21:45 - 2014-12-21 22:08 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Wise Registry Cleaner
2014-12-21 21:45 - 2014-12-21 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-12-21 21:45 - 2014-12-21 21:45 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-12-21 21:37 - 2014-12-22 01:26 - 00003136 _____ () C:\windows\System32\Tasks\Registry Optimizer
2014-12-21 21:37 - 2014-12-21 22:09 - 00000302 _____ () C:\windows\Tasks\Registry Optimizer_UPDATES.job
2014-12-21 21:37 - 2014-12-21 22:09 - 00000294 _____ () C:\windows\Tasks\Registry Optimizer_DEFAULT.job
2014-12-21 21:37 - 2014-12-21 21:37 - 00003040 _____ () C:\windows\System32\Tasks\Registry Optimizer_UPDATES
2014-12-21 21:37 - 2014-12-21 21:37 - 00002884 _____ () C:\windows\System32\Tasks\Registry Optimizer_DEFAULT
2014-12-21 21:37 - 2014-12-21 21:37 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Nico Mak Computing
2014-12-21 21:37 - 2014-12-21 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Registry Optimizer
2014-12-21 21:37 - 2014-09-30 16:07 - 00019120 _____ (WinZip Computing, S.L.(WinZip Computing)) C:\windows\system32\roboot64.exe
2014-12-21 17:11 - 2014-12-24 17:28 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-21 15:11 - 2014-12-21 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-12-21 15:11 - 2014-12-21 15:11 - 00000508 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task ad9324ec-197c-4227-9b20-d9fa09d42081.job
2014-12-21 15:11 - 2014-12-21 15:11 - 00000508 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 2df07b66-8074-4a55-b452-564818a7e11f.job
2014-12-21 15:11 - 2014-12-21 15:11 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\SUPERAntiSpyware.com
2014-12-21 15:11 - 2014-12-21 15:11 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-12-20 21:36 - 2014-12-20 21:36 - 00113352 _____ () C:\Users\Nick\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-20 21:05 - 2014-12-20 21:05 - 00000000 ____D () C:\Malwarebytes Anti-Malware
2014-12-20 21:05 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-20 20:41 - 2014-12-21 15:07 - 00000000 ____D () C:\Users\Nick\AppData\Local\Mozilla
2014-12-20 19:03 - 2014-12-20 19:03 - 00000000 ____D () C:\Users\Nick\AppData\Local\Toshiba
2014-12-20 16:36 - 2014-12-20 16:36 - 00000000 ____D () C:\hijacj
2014-12-20 16:28 - 2014-11-21 06:35 - 01188864 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-20 16:28 - 2014-11-21 06:34 - 01541632 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-20 16:28 - 2014-11-21 05:44 - 00981504 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-20 16:28 - 2014-11-21 05:43 - 01267712 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-20 16:27 - 2014-11-21 06:34 - 02467328 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-20 16:27 - 2014-11-21 05:42 - 02086912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-20 16:27 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-20 15:58 - 2014-12-20 15:58 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-12-20 15:19 - 2014-12-20 15:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-20 14:56 - 2014-12-20 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-20 14:28 - 2014-12-20 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-20 13:53 - 2014-12-20 14:29 - 00000000 ____D () C:\Users\Nick\AppData\Local\CrashDumps
2014-12-20 12:44 - 2014-12-20 12:45 - 00000000 ____D () C:\Users\Nick\Documents\My Digital Editions
2014-12-20 12:44 - 2014-09-30 06:44 - 00046080 ___SH () C:\Users\Nick\Desktop\~WRL3126.tmp
2014-12-20 12:44 - 2014-09-30 03:31 - 00045568 ___SH () C:\Users\Nick\Desktop\~WRL2750.tmp
2014-12-20 12:44 - 2014-08-29 02:03 - 00092672 ___SH () C:\Users\Nick\Desktop\~WRL2726.tmp
2014-12-20 12:44 - 2014-08-29 00:54 - 00091136 ___SH () C:\Users\Nick\Desktop\~WRL0149.tmp
2014-12-20 12:44 - 2014-08-28 15:49 - 00091136 ___SH () C:\Users\Nick\Desktop\~WRL3240.tmp
2014-12-20 12:44 - 2014-07-11 03:09 - 00048640 ___SH () C:\Users\Nick\Desktop\~WRL0520.tmp
2014-12-20 12:44 - 2014-04-09 21:17 - 00031232 ___SH () C:\Users\Nick\Desktop\~WRL2981.tmp
2014-12-20 12:44 - 2014-04-09 14:46 - 00054784 ___SH () C:\Users\Nick\Desktop\~WRL3437.tmp
2014-12-20 12:44 - 2014-04-09 14:10 - 00052736 ___SH () C:\Users\Nick\Desktop\~WRL0761.tmp
2014-12-20 12:44 - 2014-02-22 01:02 - 00030720 ___SH () C:\Users\Nick\Desktop\~WRL1116.tmp
2014-12-20 12:44 - 2013-04-23 14:19 - 00025088 ___SH () C:\Users\Nick\Desktop\~WRL0004.tmp
2014-12-20 12:44 - 2013-01-14 10:24 - 00000162 ___SH () C:\Users\Nick\Desktop\~$kenna WRAT4
2014-12-20 12:27 - 2014-02-11 00:07 - 00029600 _____ () C:\Users\Nick\Desktop\notes.txt
2014-12-20 12:27 - 2014-01-22 16:03 - 00016669 _____ () C:\Users\Nick\Desktop\JAN22notes.txt
2014-12-20 11:21 - 2014-05-21 16:30 - 00016896 ___SH () C:\Users\Nick\Downloads\Thumbs.db
2014-12-20 11:21 - 2014-03-19 10:22 - 00916700 _____ () C:\Users\Nick\Downloads\Unit10Wed.pptx
2014-12-20 11:20 - 2014-01-15 11:05 - 00013365 _____ () C:\Users\Nick\Downloads\notes (2).txt
2014-12-20 11:20 - 2014-01-14 00:34 - 00005879 _____ () C:\Users\Nick\Downloads\notes (1).txt
2014-12-20 11:20 - 2014-01-01 16:59 - 03723258 _____ () C:\Users\Nick\Downloads\outlook_addin_3_4_64bit.zip
2014-12-20 06:02 - 2014-12-20 06:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-20 02:05 - 2014-12-20 02:05 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-12-20 01:48 - 2014-12-20 01:48 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-17 17:10 - 2014-12-20 13:26 - 00000000 ____D () C:\windows\erdnt
2014-12-15 18:56 - 2014-12-20 20:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-15 18:56 - 2014-12-20 20:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-15 18:56 - 2014-12-15 18:56 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-15 18:30 - 2014-12-22 01:23 - 00456688 _____ () C:\windows\PFRO.log
2014-12-15 14:39 - 2014-11-21 06:35 - 01188864 _____ (Microsoft Corporation) C:\windows\system32\wininet(301).dll
2014-12-15 14:39 - 2014-11-21 06:34 - 12289024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-15 14:39 - 2014-11-21 06:34 - 09058816 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-15 14:39 - 2014-11-21 06:34 - 02467328 _____ (Microsoft Corporation) C:\windows\system32\iertutil(297).dll
2014-12-15 14:39 - 2014-11-21 06:34 - 01541632 _____ (Microsoft Corporation) C:\windows\system32\urlmon(298).dll
2014-12-15 14:39 - 2014-11-21 06:34 - 00735232 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-15 14:39 - 2014-11-21 06:34 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-15 14:39 - 2014-11-21 06:34 - 00134144 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-12-15 14:39 - 2014-11-21 06:34 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-15 14:39 - 2014-11-21 06:34 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-12-15 14:39 - 2014-11-21 06:34 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-15 14:39 - 2014-11-21 06:33 - 00495616 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-15 14:39 - 2014-11-21 06:33 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-15 14:39 - 2014-11-21 06:33 - 00174592 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-15 14:39 - 2014-11-21 06:33 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-12-15 14:39 - 2014-11-21 06:33 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-12-15 14:39 - 2014-11-21 06:32 - 01538048 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-15 14:39 - 2014-11-21 05:44 - 00981504 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet(304).dll
2014-12-15 14:39 - 2014-11-21 05:43 - 06026240 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-15 14:39 - 2014-11-21 05:43 - 01267712 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon(303).dll
2014-12-15 14:39 - 2014-11-21 05:43 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-15 14:39 - 2014-11-21 05:43 - 00132096 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-12-15 14:39 - 2014-11-21 05:43 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-15 14:39 - 2014-11-21 05:43 - 00064512 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-12-15 14:39 - 2014-11-21 05:43 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-15 14:39 - 2014-11-21 05:42 - 11019264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-15 14:39 - 2014-11-21 05:42 - 02086912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil(302).dll
2014-12-15 14:39 - 2014-11-21 05:42 - 00345600 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-15 14:39 - 2014-11-21 05:42 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-15 14:39 - 2014-11-21 05:42 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-15 14:39 - 2014-11-21 05:41 - 01466368 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-15 14:39 - 2014-11-21 05:41 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-15 14:39 - 2014-11-21 05:41 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-12-15 14:39 - 2014-11-21 05:41 - 00016384 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-12-15 14:39 - 2014-11-21 05:23 - 00482816 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-12-15 14:39 - 2014-11-21 04:28 - 00386048 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-12-15 14:39 - 2014-11-21 03:55 - 01638912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-15 14:39 - 2014-11-21 02:53 - 01638912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-15 14:38 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs(300).dll
2014-12-15 14:38 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-15 14:37 - 2014-10-29 21:04 - 00610304 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-15 14:37 - 2014-10-29 20:46 - 00428544 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-15 14:27 - 2014-12-24 17:35 - 00001064 _____ () C:\windows\setupact.log
2014-12-15 14:27 - 2014-12-15 14:27 - 00000000 _____ () C:\windows\setuperr.log
2014-12-09 21:36 - 2014-11-21 06:34 - 02467328 _____ (Microsoft Corporation) C:\windows\system32\iertutil(299).dll
2014-12-01 23:13 - 2014-12-07 12:59 - 82575360 _____ () C:\windows\system32\config\.ghost-ntfs-3g-00000000000000000001
2014-12-01 23:13 - 2014-12-07 12:59 - 17825792 _____ () C:\windows\system32\config\.ghost-ntfs-3g-00000000000000000003

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-24 17:41 - 2014-11-16 21:29 - 01061955 _____ () C:\windows\WindowsUpdate.log
2014-12-24 17:37 - 2014-07-08 21:07 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-24 17:35 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-24 17:33 - 2009-07-14 00:13 - 00006274 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-22 01:55 - 2010-02-20 12:29 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Adobe
2014-12-22 01:51 - 2012-03-10 15:39 - 00000000 ___RD () C:\Users\Nick\Desktop\Desktop items
2014-12-22 01:48 - 2014-09-02 07:06 - 00000000 ____D () C:\Users\Nick\Desktop\505
2014-12-22 01:35 - 2009-11-30 23:30 - 00000000 ____D () C:\Program Files (x86)\Toshiba
2014-12-22 01:32 - 2012-03-10 13:13 - 00000000 ____D () C:\Program Files (x86)\Eye-Fi
2014-12-22 01:31 - 2009-12-16 06:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2014-12-22 01:30 - 2014-02-03 21:38 - 00015024 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-22 01:30 - 2014-02-03 21:38 - 00015024 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-22 01:29 - 2009-11-30 23:31 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-22 01:09 - 2013-12-04 01:28 - 00000000 ____D () C:\Users\Nick\Desktop\USC
2014-12-21 16:58 - 2011-10-08 09:50 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-12-20 20:56 - 2009-07-14 00:08 - 00032620 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-12-20 20:41 - 2014-10-21 02:54 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Mozilla
2014-12-20 20:25 - 2010-02-20 00:19 - 00000000 ____D () C:\Users\Nick
2014-12-20 20:24 - 2014-05-06 10:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-20 20:24 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-12-20 20:23 - 2014-05-11 23:02 - 00000000 ____D () C:\Users\Nick\Desktop\503
2014-12-20 20:23 - 2014-01-06 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-12-20 20:23 - 2013-09-02 19:36 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\XnView
2014-12-20 20:23 - 2013-03-13 02:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-20 20:23 - 2013-03-13 02:24 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-20 20:23 - 2013-02-18 01:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-20 20:23 - 2013-02-08 21:56 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-20 20:23 - 2012-03-10 13:13 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eye-Fi
2014-12-20 20:23 - 2012-02-19 19:25 - 00000000 __RSD () C:\Users\Nick\Documents\My Stationery
2014-12-20 20:23 - 2012-01-23 16:26 - 00000000 ____D () C:\windows\system32\Macromed
2014-12-20 20:23 - 2011-10-08 09:50 - 00000000 ____D () C:\ProgramData\CanonIJ
2014-12-20 20:23 - 2011-08-17 12:33 - 00000000 ____D () C:\Users\Nick\AppData\Local\Microsoft Help
2014-12-20 20:23 - 2010-02-20 12:21 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Roxio
2014-12-20 20:23 - 2009-07-14 00:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-12-20 20:23 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2014-12-20 20:23 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\servicing
2014-12-20 20:22 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\registration
2014-12-20 20:19 - 2014-10-09 19:40 - 00000000 ____D () C:\Users\Nick\AppData\Local\Adobe_Systems_Incorporate
2014-12-20 20:19 - 2014-01-06 09:17 - 00000000 ____D () C:\Users\Nick\AppData\Local\Logitech® Webcam Software
2014-12-20 20:19 - 2013-08-26 02:53 - 00000000 ____D () C:\Users\Nick\Documents\Fax
2014-12-20 20:19 - 2011-10-08 09:50 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Canon
2014-12-20 20:19 - 2010-09-06 15:11 - 00000000 ____D () C:\Users\Nick\AppData\Local\Apps\2.0
2014-12-20 20:19 - 2010-02-20 12:59 - 00000000 ____D () C:\Users\Nick\AppData\Local\Microsoft Games
2014-12-20 20:19 - 2010-02-20 12:31 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Macromedia
2014-12-20 20:19 - 2010-02-20 12:26 - 00000000 ____D () C:\Users\Nick\AppData\Local\TOSHIBA_Corporation
2014-12-20 20:19 - 2010-02-20 12:20 - 00000000 ____D () C:\Users\Nick\AppData\Local\VirtualStore
2014-12-20 20:19 - 2010-02-20 00:19 - 00000000 ___RD () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-20 20:19 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-20 20:18 - 2011-10-08 09:50 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-12-20 20:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-20 20:16 - 2009-12-16 05:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-12-20 20:16 - 2009-11-30 23:29 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-12-20 20:15 - 2009-12-16 05:52 - 00000000 ___RD () C:\MSOCache
2014-12-20 19:46 - 2013-08-14 23:48 - 00000000 ____D () C:\windows\system32\MRT
2014-12-20 19:32 - 2010-02-20 12:28 - 00000000 ____D () C:\Users\Nick\AppData\Local\Google
2014-12-15 17:15 - 2010-02-23 18:29 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-15 15:09

==================== End Of Log ============================

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-12-2014
Ran by Nick at 2014-12-24 17:43:37
Running from C:\Users\Nick\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\...\Adobe Connect 9 Add-in) (Version: 11,9,970,233 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version:  - )
Canon MP495 series User Registration (HKLM-x32\...\Canon MP495 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.2 - Roxio)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.05.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.0 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.65 - TOSHIBA CORPORATION)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.33 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.7C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.26.64 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
Utility Common Driver (x32 Version: 1.0.50.27C - TOSHIBA) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
WinZip Registry Optimizer (HKLM-x32\...\WinZip Registry Optimizer_is1) (Version: 1.0 - WinZip International LLC)
Wise Registry Cleaner 8.26 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.26 - WiseCleaner.com, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

16-12-2014 11:00:20 Windows Update
16-12-2014 18:45:23 Removed Java 7 Update 67 (64-bit)
16-12-2014 21:58:39 Windows Update
20-12-2014 10:32:02 Restore Operation
20-12-2014 13:30:20 avast! antivirus system restore point
20-12-2014 13:33:36 Device Driver Package Install: Avast Network Service
20-12-2014 16:35:25 Installed HiJackThis
20-12-2014 19:34:07 avast! antivirus system restore point
20-12-2014 19:39:27 Windows Update
20-12-2014 20:12:59 Restore Operation
20-12-2014 20:25:31 avast! antivirus system restore point
20-12-2014 21:34:53 avast! antivirus system restore point
21-12-2014 14:44:59 avast! antivirus system restore point
21-12-2014 14:47:17 Removed Java 7 Update 67 (64-bit)
21-12-2014 14:49:55 Device Driver Package Install: Avast Network Service
21-12-2014 14:50:08 Windows Update
21-12-2014 19:11:40 Device Driver Package Install: Avast Network Service
21-12-2014 21:07:38 avast! antivirus system restore point
21-12-2014 21:09:13 Device Driver Package Install: Avast Network Service
21-12-2014 21:15:38 avast! antivirus system restore point
21-12-2014 21:40:59 WinZip Registry Optimizer Sun, Dec 21, 14  21:40
22-12-2014 01:21:23 avast! antivirus system restore point

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0BE0A2E4-D8DE-44BA-BC03-EE74F6CE2BE9} - System32\Tasks\Registry Optimizer => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: {19A78360-85CB-49C0-9A3A-5AD6601DEC25} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
Task: {30FEA2DF-6570-4C7B-8A37-0CCFA49EA18D} - System32\Tasks\Registry Optimizer_DEFAULT => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: {42DC03B4-FBF0-47FD-A86A-895D44A3BE4E} - System32\Tasks\Registry Optimizer_UPDATES => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: {75CC7121-CFBD-4F5E-A4D6-DC79DB60CF7A} - \{A585218B-E03E-453B-9876-5F9D51611011} No Task File <==== ATTENTION
Task: {7B833556-09A2-40FA-95A9-9348DB29CBB4} - System32\Tasks\{CA2EABB6-4AD3-4513-AFC5-2ED31D9B7B8A} => Chrome.exe
Task: {AA157760-2F2B-4B3F-A1B6-DDC46C397792} - \0 No Task File <==== ATTENTION
Task: {D54121BB-A853-48D3-826E-F1123210C597} - \{08697DC7-C68D-4094-A0A2-B3D0F68B776D} No Task File <==== ATTENTION
Task: {D5A52571-6546-4551-A59D-26124BB5C5AC} - \Express FilesUpdate No Task File <==== ATTENTION
Task: {DA550352-B52C-4A6B-8464-AC3AA5591E34} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: C:\windows\Tasks\Registry Optimizer_DEFAULT.job => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: C:\windows\Tasks\Registry Optimizer_UPDATES.job => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 2df07b66-8074-4a55-b452-564818a7e11f.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task ad9324ec-197c-4227-9b20-d9fa09d42081.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2009-07-13 01:35 - 2009-07-13 01:35 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: cfWiMAXService => 2
MSCONFIG\Services: ConfigFree Gadget Service => 2
MSCONFIG\Services: ConfigFree Service => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3

========================= Accounts: ==========================

Administrator (S-1-5-21-3565968102-2038924888-3838231409-500 - Administrator - Disabled)
Guest (S-1-5-21-3565968102-2038924888-3838231409-501 - Limited - Disabled)
Nick (S-1-5-21-3565968102-2038924888-3838231409-1002 - Administrator - Enabled) => C:\Users\Nick

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/24/2014 05:43:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (12/24/2014 05:43:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (12/24/2014 05:33:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (12/24/2014 05:33:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (12/22/2014 01:28:29 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (12/22/2014 01:28:29 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (12/22/2014 01:05:11 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (12/22/2014 01:05:11 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (12/21/2014 11:51:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (12/21/2014 11:51:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


System errors:
=============
Error: (12/24/2014 05:38:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (12/24/2014 05:36:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (12/24/2014 05:35:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (12/24/2014 05:35:54 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/24/2014 05:35:50 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/24/2014 05:35:49 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/24/2014 05:35:41 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (12/24/2014 05:35:33 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (12/24/2014 05:35:33 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (12/24/2014 05:30:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (12/24/2014 05:43:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (12/24/2014 05:43:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (12/24/2014 05:33:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (12/24/2014 05:33:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (12/22/2014 01:28:29 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (12/22/2014 01:28:29 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (12/22/2014 01:05:11 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (12/22/2014 01:05:11 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (12/21/2014 11:51:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (12/21/2014 11:51:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000


CodeIntegrity Errors:
===================================
  Date: 2013-09-05 06:19:19.436
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-05 06:19:18.921
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU 900 @ 2.20GHz
Percentage of memory in use: 49%
Total physical RAM: 2936.89 MB
Available physical RAM: 1470.6 MB
Total Pagefile: 5871.95 MB
Available Pagefile: 4403.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (TI105756W0B) (Fixed) (Total:222.43 GB) (Free:173.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: CE865B76)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=222.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9 GB) - (Type=17)

==================== End Of Log ============================



#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:03 AM

Posted 25 December 2014 - 06:47 AM

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#6 SteveSteve

SteveSteve
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 25 December 2014 - 11:44 AM

# AdwCleaner v4.106 - Report created 25/12/2014 at 10:50:00
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Nick - NICK-PC
# Running from : C:\Users\Nick\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Registry Optimizer
File Deleted : C:\windows\System32\roboot64.exe

***** [ Scheduled Tasks ] *****

Task Deleted : Express FilesUpdate

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{52999157-3AAC-466F-B568-778BA2A1064F}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.18667


-\\ Mozilla Firefox v


-\\ Google Chrome v39.0.2171.71


*************************

AdwCleaner[R2].txt - [1165 octets] - [25/12/2014 10:47:54]
AdwCleaner[S2].txt - [981 octets] - [25/12/2014 10:50:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1040 octets] ##########

 

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/25/2014
Scan Time: 10:59:18 AM
Logfile: Malwarebytes.Scan.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.25.09
Rootkit Database: v2014.12.23.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Nick

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 341813
Time Elapsed: 22 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Nick on Thu 12/25/2014 at 11:27:18.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\windows\Tasks\Registry Optimizer_DEFAULT.job
Successfully deleted: [File] C:\windows\Tasks\Registry Optimizer_UPDATES.job



~~~ Folders

Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/25/2014 at 11:30:52.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-12-2014
Ran by Nick (administrator) on NICK-PC on 25-12-2014 11:34:26
Running from C:\Users\Nick\Desktop
Loaded Profile: Nick (Available profiles: Nick)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Logitech, Inc.) C:\Users\Nick\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Users\Nick\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
(Malwarebytes Corporation) C:\Users\Nick\Desktop\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Users\Nick\Desktop\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Users\Nick\Desktop\Malwarebytes Anti-Malware\mbamscheduler.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-29] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2009-08-12] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-14] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2009-06-02] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-07-13] ()
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-15] (SUPERAntiSpyware)
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {D9EDDC64-3DC1-4E66-914E-EE02617AF176} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3565968102-2038924888-3838231409-1002 -> {1B7A6B8E-6309-4CDF-9D2A-405EC040F42F} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3565968102-2038924888-3838231409-1002 -> {D9EDDC64-3DC1-4E66-914E-EE02617AF176} URL =
Toolbar: HKU\S-1-5-21-3565968102-2038924888-3838231409-1002 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: HKLM-x32 {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\almop0ek.default
FF Homepage: google.com
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (No Name) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-19]
CHR Extension: (No Name) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 MBAMScheduler; C:\Users\Nick\Desktop\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Users\Nick\Desktop\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 cfWiMAXService; "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe" [X]
S4 ConfigFree Gadget Service; "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe" [X]
S4 ConfigFree Service; "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [213504 2011-06-10] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-25] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [450048 2010-03-31] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SMR311; C:\Windows\System32\drivers\SMR311.SYS [95392 2013-02-18] (Symantec Corporation)
S3 pcouffin; System32\Drivers\pcouffin.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-25 11:30 - 2014-12-25 11:30 - 00000860 _____ () C:\Users\Nick\Desktop\JRT.txt
2014-12-25 11:27 - 2014-12-25 11:27 - 00000000 ____D () C:\windows\ERUNT
2014-12-25 11:26 - 2014-12-25 11:26 - 01707646 _____ (Thisisu) C:\Users\Nick\Desktop\JRT.exe
2014-12-25 11:24 - 2014-12-25 11:24 - 00001069 _____ () C:\Users\Nick\Desktop\Malwarebytes.Scan.txt
2014-12-25 10:57 - 2014-12-25 10:58 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-25 10:57 - 2014-12-25 10:57 - 00000782 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-25 10:57 - 2014-12-25 10:57 - 00000000 ____D () C:\Users\Nick\Desktop\Malwarebytes Anti-Malware
2014-12-25 10:57 - 2014-12-25 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-25 10:57 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-25 10:57 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-25 10:57 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-12-25 10:53 - 2014-12-25 10:53 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Nick\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-25 10:51 - 2014-12-25 10:51 - 00001120 _____ () C:\Users\Nick\Desktop\AdwCleaner[S2].txt
2014-12-25 10:47 - 2014-12-25 10:50 - 00000000 ____D () C:\AdwCleaner
2014-12-25 10:46 - 2014-12-25 10:46 - 02173952 _____ () C:\Users\Nick\Desktop\AdwCleaner.exe
2014-12-24 17:43 - 2014-12-24 17:43 - 00024024 _____ () C:\Users\Nick\Desktop\Addition.txt
2014-12-24 17:41 - 2014-12-25 11:34 - 00010473 _____ () C:\Users\Nick\Desktop\FRST.txt
2014-12-24 17:40 - 2014-12-25 11:34 - 00000000 ____D () C:\FRST
2014-12-24 17:38 - 2014-12-24 17:39 - 02122240 _____ (Farbar) C:\Users\Nick\Desktop\FRST64.exe
2014-12-22 01:55 - 2014-12-22 01:55 - 00000000 ____D () C:\Users\Nick\AppData\Local\Adobe
2014-12-22 01:52 - 2014-12-22 01:52 - 00000000 ____D () C:\Users\Nick\Desktop\REFWORKS
2014-12-22 01:51 - 2014-12-22 01:51 - 00000000 ____D () C:\Users\Nick\Desktop\Certs
2014-12-22 01:51 - 2014-12-22 01:51 - 00000000 ____D () C:\Users\Nick\Desktop\587A
2014-12-22 01:51 - 2014-12-22 01:51 - 00000000 ____D () C:\Users\Nick\Desktop\586A
2014-12-22 01:51 - 2014-12-22 01:51 - 00000000 ____D () C:\Users\Nick\Desktop\562
2014-12-22 01:51 - 2014-12-22 01:51 - 00000000 ____D () C:\Users\Nick\Desktop\534
2014-12-22 01:21 - 2014-12-22 01:23 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-21 21:45 - 2014-12-21 22:08 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Wise Registry Cleaner
2014-12-21 21:45 - 2014-12-21 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-12-21 21:45 - 2014-12-21 21:45 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-12-21 21:37 - 2014-12-22 01:26 - 00003136 _____ () C:\windows\System32\Tasks\Registry Optimizer
2014-12-21 21:37 - 2014-12-21 21:37 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Nico Mak Computing
2014-12-21 17:11 - 2014-12-24 17:28 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-21 15:11 - 2014-12-21 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-12-21 15:11 - 2014-12-21 15:11 - 00000508 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task ad9324ec-197c-4227-9b20-d9fa09d42081.job
2014-12-21 15:11 - 2014-12-21 15:11 - 00000508 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 2df07b66-8074-4a55-b452-564818a7e11f.job
2014-12-21 15:11 - 2014-12-21 15:11 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\SUPERAntiSpyware.com
2014-12-21 15:11 - 2014-12-21 15:11 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-12-20 21:36 - 2014-12-20 21:36 - 00113352 _____ () C:\Users\Nick\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-20 20:41 - 2014-12-21 15:07 - 00000000 ____D () C:\Users\Nick\AppData\Local\Mozilla
2014-12-20 19:03 - 2014-12-20 19:03 - 00000000 ____D () C:\Users\Nick\AppData\Local\Toshiba
2014-12-20 16:36 - 2014-12-20 16:36 - 00000000 ____D () C:\hijacj
2014-12-20 16:28 - 2014-11-21 06:35 - 01188864 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-20 16:28 - 2014-11-21 06:34 - 01541632 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-20 16:28 - 2014-11-21 05:44 - 00981504 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-20 16:28 - 2014-11-21 05:43 - 01267712 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-20 16:27 - 2014-11-21 06:34 - 02467328 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-20 16:27 - 2014-11-21 05:42 - 02086912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-20 16:27 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-20 15:58 - 2014-12-20 15:58 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-12-20 15:19 - 2014-12-20 15:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-20 14:28 - 2014-12-20 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-20 13:53 - 2014-12-20 14:29 - 00000000 ____D () C:\Users\Nick\AppData\Local\CrashDumps
2014-12-20 12:44 - 2014-12-20 12:45 - 00000000 ____D () C:\Users\Nick\Documents\My Digital Editions
2014-12-20 12:44 - 2014-09-30 06:44 - 00046080 ___SH () C:\Users\Nick\Desktop\~WRL3126.tmp
2014-12-20 12:44 - 2014-09-30 03:31 - 00045568 ___SH () C:\Users\Nick\Desktop\~WRL2750.tmp
2014-12-20 12:44 - 2014-08-29 02:03 - 00092672 ___SH () C:\Users\Nick\Desktop\~WRL2726.tmp
2014-12-20 12:44 - 2014-08-29 00:54 - 00091136 ___SH () C:\Users\Nick\Desktop\~WRL0149.tmp
2014-12-20 12:44 - 2014-08-28 15:49 - 00091136 ___SH () C:\Users\Nick\Desktop\~WRL3240.tmp
2014-12-20 12:44 - 2014-07-11 03:09 - 00048640 ___SH () C:\Users\Nick\Desktop\~WRL0520.tmp
2014-12-20 12:44 - 2014-04-09 21:17 - 00031232 ___SH () C:\Users\Nick\Desktop\~WRL2981.tmp
2014-12-20 12:44 - 2014-04-09 14:46 - 00054784 ___SH () C:\Users\Nick\Desktop\~WRL3437.tmp
2014-12-20 12:44 - 2014-04-09 14:10 - 00052736 ___SH () C:\Users\Nick\Desktop\~WRL0761.tmp
2014-12-20 12:44 - 2014-02-22 01:02 - 00030720 ___SH () C:\Users\Nick\Desktop\~WRL1116.tmp
2014-12-20 12:44 - 2013-04-23 14:19 - 00025088 ___SH () C:\Users\Nick\Desktop\~WRL0004.tmp
2014-12-20 12:44 - 2013-01-14 10:24 - 00000162 ___SH () C:\Users\Nick\Desktop\~$kenna WRAT4
2014-12-20 12:27 - 2014-02-11 00:07 - 00029600 _____ () C:\Users\Nick\Desktop\notes.txt
2014-12-20 12:27 - 2014-01-22 16:03 - 00016669 _____ () C:\Users\Nick\Desktop\JAN22notes.txt
2014-12-20 11:21 - 2014-05-21 16:30 - 00016896 ___SH () C:\Users\Nick\Downloads\Thumbs.db
2014-12-20 11:21 - 2014-03-19 10:22 - 00916700 _____ () C:\Users\Nick\Downloads\Unit10Wed.pptx
2014-12-20 11:20 - 2014-01-15 11:05 - 00013365 _____ () C:\Users\Nick\Downloads\notes (2).txt
2014-12-20 11:20 - 2014-01-14 00:34 - 00005879 _____ () C:\Users\Nick\Downloads\notes (1).txt
2014-12-20 11:20 - 2014-01-01 16:59 - 03723258 _____ () C:\Users\Nick\Downloads\outlook_addin_3_4_64bit.zip
2014-12-20 06:02 - 2014-12-20 06:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-20 02:05 - 2014-12-20 02:05 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-12-20 01:48 - 2014-12-20 01:48 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-17 17:10 - 2014-12-20 13:26 - 00000000 ____D () C:\windows\erdnt
2014-12-15 18:56 - 2014-12-20 20:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-15 18:56 - 2014-12-20 20:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-15 18:56 - 2014-12-15 18:56 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-15 18:30 - 2014-12-25 10:50 - 00457006 _____ () C:\windows\PFRO.log
2014-12-15 14:39 - 2014-11-21 06:35 - 01188864 _____ (Microsoft Corporation) C:\windows\system32\wininet(301).dll
2014-12-15 14:39 - 2014-11-21 06:34 - 12289024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-15 14:39 - 2014-11-21 06:34 - 09058816 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-15 14:39 - 2014-11-21 06:34 - 02467328 _____ (Microsoft Corporation) C:\windows\system32\iertutil(297).dll
2014-12-15 14:39 - 2014-11-21 06:34 - 01541632 _____ (Microsoft Corporation) C:\windows\system32\urlmon(298).dll
2014-12-15 14:39 - 2014-11-21 06:34 - 00735232 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-15 14:39 - 2014-11-21 06:34 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-15 14:39 - 2014-11-21 06:34 - 00134144 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-12-15 14:39 - 2014-11-21 06:34 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-15 14:39 - 2014-11-21 06:34 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-12-15 14:39 - 2014-11-21 06:34 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-15 14:39 - 2014-11-21 06:33 - 00495616 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-15 14:39 - 2014-11-21 06:33 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-15 14:39 - 2014-11-21 06:33 - 00174592 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-15 14:39 - 2014-11-21 06:33 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-12-15 14:39 - 2014-11-21 06:33 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-12-15 14:39 - 2014-11-21 06:32 - 01538048 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-15 14:39 - 2014-11-21 05:44 - 00981504 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet(304).dll
2014-12-15 14:39 - 2014-11-21 05:43 - 06026240 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-15 14:39 - 2014-11-21 05:43 - 01267712 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon(303).dll
2014-12-15 14:39 - 2014-11-21 05:43 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-15 14:39 - 2014-11-21 05:43 - 00132096 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-12-15 14:39 - 2014-11-21 05:43 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-15 14:39 - 2014-11-21 05:43 - 00064512 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-12-15 14:39 - 2014-11-21 05:43 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-15 14:39 - 2014-11-21 05:42 - 11019264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-15 14:39 - 2014-11-21 05:42 - 02086912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil(302).dll
2014-12-15 14:39 - 2014-11-21 05:42 - 00345600 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-15 14:39 - 2014-11-21 05:42 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-15 14:39 - 2014-11-21 05:42 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-15 14:39 - 2014-11-21 05:41 - 01466368 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-15 14:39 - 2014-11-21 05:41 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-15 14:39 - 2014-11-21 05:41 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-12-15 14:39 - 2014-11-21 05:41 - 00016384 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-12-15 14:39 - 2014-11-21 05:23 - 00482816 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-12-15 14:39 - 2014-11-21 04:28 - 00386048 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-12-15 14:39 - 2014-11-21 03:55 - 01638912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-15 14:39 - 2014-11-21 02:53 - 01638912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-15 14:38 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs(300).dll
2014-12-15 14:38 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-15 14:37 - 2014-10-29 21:04 - 00610304 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-15 14:37 - 2014-10-29 20:46 - 00428544 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-15 14:27 - 2014-12-25 10:50 - 00001176 _____ () C:\windows\setupact.log
2014-12-15 14:27 - 2014-12-15 14:27 - 00000000 _____ () C:\windows\setuperr.log
2014-12-09 21:36 - 2014-11-21 06:34 - 02467328 _____ (Microsoft Corporation) C:\windows\system32\iertutil(299).dll
2014-12-01 23:13 - 2014-12-07 12:59 - 82575360 _____ () C:\windows\system32\config\.ghost-ntfs-3g-00000000000000000001
2014-12-01 23:13 - 2014-12-07 12:59 - 17825792 _____ () C:\windows\system32\config\.ghost-ntfs-3g-00000000000000000003

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-25 11:03 - 2014-11-16 21:29 - 01074522 _____ () C:\windows\WindowsUpdate.log
2014-12-25 10:58 - 2014-02-03 21:38 - 00015024 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-25 10:58 - 2014-02-03 21:38 - 00015024 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-25 10:55 - 2009-07-14 00:13 - 00006274 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-25 10:50 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-22 01:55 - 2010-02-20 12:29 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Adobe
2014-12-22 01:51 - 2012-03-10 15:39 - 00000000 ___RD () C:\Users\Nick\Desktop\Desktop items
2014-12-22 01:48 - 2014-09-02 07:06 - 00000000 ____D () C:\Users\Nick\Desktop\505
2014-12-22 01:35 - 2009-11-30 23:30 - 00000000 ____D () C:\Program Files (x86)\Toshiba
2014-12-22 01:32 - 2012-03-10 13:13 - 00000000 ____D () C:\Program Files (x86)\Eye-Fi
2014-12-22 01:31 - 2009-12-16 06:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2014-12-22 01:29 - 2009-11-30 23:31 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-22 01:09 - 2013-12-04 01:28 - 00000000 ____D () C:\Users\Nick\Desktop\USC
2014-12-21 16:58 - 2011-10-08 09:50 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-12-20 20:56 - 2009-07-14 00:08 - 00032620 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-12-20 20:41 - 2014-10-21 02:54 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Mozilla
2014-12-20 20:25 - 2010-02-20 00:19 - 00000000 ____D () C:\Users\Nick
2014-12-20 20:24 - 2014-05-06 10:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-20 20:24 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-12-20 20:23 - 2014-05-11 23:02 - 00000000 ____D () C:\Users\Nick\Desktop\503
2014-12-20 20:23 - 2014-01-06 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-12-20 20:23 - 2013-09-02 19:36 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\XnView
2014-12-20 20:23 - 2013-03-13 02:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-20 20:23 - 2013-03-13 02:24 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-20 20:23 - 2013-02-18 01:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-20 20:23 - 2013-02-08 21:56 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-20 20:23 - 2012-03-10 13:13 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eye-Fi
2014-12-20 20:23 - 2012-02-19 19:25 - 00000000 __RSD () C:\Users\Nick\Documents\My Stationery
2014-12-20 20:23 - 2012-01-23 16:26 - 00000000 ____D () C:\windows\system32\Macromed
2014-12-20 20:23 - 2011-10-08 09:50 - 00000000 ____D () C:\ProgramData\CanonIJ
2014-12-20 20:23 - 2011-08-17 12:33 - 00000000 ____D () C:\Users\Nick\AppData\Local\Microsoft Help
2014-12-20 20:23 - 2010-02-20 12:21 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Roxio
2014-12-20 20:23 - 2009-07-14 00:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-12-20 20:23 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2014-12-20 20:23 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\servicing
2014-12-20 20:22 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\registration
2014-12-20 20:19 - 2014-10-09 19:40 - 00000000 ____D () C:\Users\Nick\AppData\Local\Adobe_Systems_Incorporate
2014-12-20 20:19 - 2014-01-06 09:17 - 00000000 ____D () C:\Users\Nick\AppData\Local\Logitech® Webcam Software
2014-12-20 20:19 - 2013-08-26 02:53 - 00000000 ____D () C:\Users\Nick\Documents\Fax
2014-12-20 20:19 - 2011-10-08 09:50 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Canon
2014-12-20 20:19 - 2010-09-06 15:11 - 00000000 ____D () C:\Users\Nick\AppData\Local\Apps\2.0
2014-12-20 20:19 - 2010-02-20 12:59 - 00000000 ____D () C:\Users\Nick\AppData\Local\Microsoft Games
2014-12-20 20:19 - 2010-02-20 12:31 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Macromedia
2014-12-20 20:19 - 2010-02-20 12:26 - 00000000 ____D () C:\Users\Nick\AppData\Local\TOSHIBA_Corporation
2014-12-20 20:19 - 2010-02-20 12:20 - 00000000 ____D () C:\Users\Nick\AppData\Local\VirtualStore
2014-12-20 20:19 - 2010-02-20 00:19 - 00000000 ___RD () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-20 20:19 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-20 20:18 - 2011-10-08 09:50 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-12-20 20:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-20 20:16 - 2009-12-16 05:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-12-20 20:16 - 2009-11-30 23:29 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-12-20 20:15 - 2009-12-16 05:52 - 00000000 ___RD () C:\MSOCache
2014-12-20 19:46 - 2013-08-14 23:48 - 00000000 ____D () C:\windows\system32\MRT
2014-12-20 19:32 - 2010-02-20 12:28 - 00000000 ____D () C:\Users\Nick\AppData\Local\Google
2014-12-15 17:15 - 2010-02-23 18:29 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Nick\AppData\Local\Temp\Quarantine.exe
C:\Users\Nick\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-15 15:09

==================== End Of Log ============================



#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:03 AM

Posted 25 December 2014 - 12:06 PM

Step 1: FRST Fix
  • Please download the attached fixlist.txt file and save it to the same location as FRST

    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

Attached Files


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#8 SteveSteve

SteveSteve
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 25 December 2014 - 02:21 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-12-2014
Ran by Nick at 2014-12-25 13:12:04 Run:1
Running from C:\Users\Nick\Desktop
Loaded Profile: Nick (Available profiles: Nick)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3565968102-2038924888-3838231409-1002 -> {D9EDDC64-3DC1-4E66-914E-EE02617AF176} URL =
Toolbar: HKU\S-1-5-21-3565968102-2038924888-3838231409-1002 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Hosts: Hosts file not detected in the default directory
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
EmptyTemp:
*****************

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D9EDDC64-3DC1-4E66-914E-EE02617AF176}" => Key deleted successfully.
HKCR\CLSID\{D9EDDC64-3DC1-4E66-914E-EE02617AF176} => Key not found.
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => value deleted successfully.
HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => Key not found.
Hosts was reset successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
EmptyTemp: => Removed 27.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog 13:12:08 ====

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-12-2014
Ran by Nick (administrator) on NICK-PC on 25-12-2014 13:15:07
Running from C:\Users\Nick\Desktop
Loaded Profile: Nick (Available profiles: Nick)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes Corporation) C:\Users\Nick\Desktop\Malwarebytes Anti-Malware\mbamscheduler.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-29] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2009-08-12] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-14] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2009-06-02] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-07-13] ()
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-15] (SUPERAntiSpyware)
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {D9EDDC64-3DC1-4E66-914E-EE02617AF176} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-3565968102-2038924888-3838231409-1002 -> {1B7A6B8E-6309-4CDF-9D2A-405EC040F42F} URL = https://www.google.com/search?q={searchTerms}
DPF: HKLM-x32 {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\almop0ek.default
FF Homepage: google.com
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (No Name) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-19]
CHR Extension: (No Name) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 MBAMScheduler; C:\Users\Nick\Desktop\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Users\Nick\Desktop\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 cfWiMAXService; "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe" [X]
S4 ConfigFree Gadget Service; "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe" [X]
S4 ConfigFree Service; "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [213504 2011-06-10] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-25] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [450048 2010-03-31] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SMR311; C:\Windows\System32\drivers\SMR311.SYS [95392 2013-02-18] (Symantec Corporation)
S3 pcouffin; System32\Drivers\pcouffin.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-25 13:15 - 2014-12-25 13:16 - 00009321 _____ () C:\Users\Nick\Desktop\FRST.txt
2014-12-25 13:10 - 2014-12-25 13:10 - 00000000 ____D () C:\Users\Nick\Desktop\New folder
2014-12-25 11:27 - 2014-12-25 11:27 - 00000000 ____D () C:\windows\ERUNT
2014-12-25 11:26 - 2014-12-25 11:26 - 01707646 _____ (Thisisu) C:\Users\Nick\Desktop\JRT.exe
2014-12-25 10:57 - 2014-12-25 10:58 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-25 10:57 - 2014-12-25 10:57 - 00000782 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-25 10:57 - 2014-12-25 10:57 - 00000000 ____D () C:\Users\Nick\Desktop\Malwarebytes Anti-Malware
2014-12-25 10:57 - 2014-12-25 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-25 10:57 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-25 10:57 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-25 10:57 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-12-25 10:53 - 2014-12-25 10:53 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Nick\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-25 10:47 - 2014-12-25 10:50 - 00000000 ____D () C:\AdwCleaner
2014-12-25 10:46 - 2014-12-25 10:46 - 02173952 _____ () C:\Users\Nick\Desktop\AdwCleaner.exe
2014-12-24 17:40 - 2014-12-25 13:15 - 00000000 ____D () C:\FRST
2014-12-24 17:38 - 2014-12-24 17:39 - 02122240 _____ (Farbar) C:\Users\Nick\Desktop\FRST64.exe
2014-12-22 01:55 - 2014-12-22 01:55 - 00000000 ____D () C:\Users\Nick\AppData\Local\Adobe
2014-12-22 01:21 - 2014-12-22 01:23 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-21 21:45 - 2014-12-21 22:08 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Wise Registry Cleaner
2014-12-21 21:45 - 2014-12-21 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-12-21 21:45 - 2014-12-21 21:45 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-12-21 21:37 - 2014-12-22 01:26 - 00003136 _____ () C:\windows\System32\Tasks\Registry Optimizer
2014-12-21 21:37 - 2014-12-21 21:37 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Nico Mak Computing
2014-12-21 17:11 - 2014-12-24 17:28 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-21 15:11 - 2014-12-21 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-12-21 15:11 - 2014-12-21 15:11 - 00000508 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task ad9324ec-197c-4227-9b20-d9fa09d42081.job
2014-12-21 15:11 - 2014-12-21 15:11 - 00000508 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 2df07b66-8074-4a55-b452-564818a7e11f.job
2014-12-21 15:11 - 2014-12-21 15:11 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\SUPERAntiSpyware.com
2014-12-21 15:11 - 2014-12-21 15:11 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-12-20 21:36 - 2014-12-20 21:36 - 00113352 _____ () C:\Users\Nick\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-20 20:41 - 2014-12-21 15:07 - 00000000 ____D () C:\Users\Nick\AppData\Local\Mozilla
2014-12-20 19:03 - 2014-12-20 19:03 - 00000000 ____D () C:\Users\Nick\AppData\Local\Toshiba
2014-12-20 16:36 - 2014-12-20 16:36 - 00000000 ____D () C:\hijacj
2014-12-20 16:28 - 2014-11-21 06:35 - 01188864 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-20 16:28 - 2014-11-21 06:34 - 01541632 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-20 16:28 - 2014-11-21 05:44 - 00981504 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-20 16:28 - 2014-11-21 05:43 - 01267712 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-20 16:27 - 2014-11-21 06:34 - 02467328 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-20 16:27 - 2014-11-21 05:42 - 02086912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-20 16:27 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-20 15:58 - 2014-12-20 15:58 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-12-20 15:19 - 2014-12-20 15:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-20 14:28 - 2014-12-20 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-20 13:53 - 2014-12-20 14:29 - 00000000 ____D () C:\Users\Nick\AppData\Local\CrashDumps
2014-12-20 12:44 - 2014-12-20 12:45 - 00000000 ____D () C:\Users\Nick\Documents\My Digital Editions
2014-12-20 12:44 - 2014-09-30 06:44 - 00046080 ___SH () C:\Users\Nick\Desktop\~WRL3126.tmp
2014-12-20 12:44 - 2014-09-30 03:31 - 00045568 ___SH () C:\Users\Nick\Desktop\~WRL2750.tmp
2014-12-20 12:44 - 2014-08-29 02:03 - 00092672 ___SH () C:\Users\Nick\Desktop\~WRL2726.tmp
2014-12-20 12:44 - 2014-08-29 00:54 - 00091136 ___SH () C:\Users\Nick\Desktop\~WRL0149.tmp
2014-12-20 12:44 - 2014-08-28 15:49 - 00091136 ___SH () C:\Users\Nick\Desktop\~WRL3240.tmp
2014-12-20 12:44 - 2014-07-11 03:09 - 00048640 ___SH () C:\Users\Nick\Desktop\~WRL0520.tmp
2014-12-20 12:44 - 2014-04-09 21:17 - 00031232 ___SH () C:\Users\Nick\Desktop\~WRL2981.tmp
2014-12-20 12:44 - 2014-04-09 14:46 - 00054784 ___SH () C:\Users\Nick\Desktop\~WRL3437.tmp
2014-12-20 12:44 - 2014-04-09 14:10 - 00052736 ___SH () C:\Users\Nick\Desktop\~WRL0761.tmp
2014-12-20 12:44 - 2014-02-22 01:02 - 00030720 ___SH () C:\Users\Nick\Desktop\~WRL1116.tmp
2014-12-20 12:44 - 2013-04-23 14:19 - 00025088 ___SH () C:\Users\Nick\Desktop\~WRL0004.tmp
2014-12-20 12:44 - 2013-01-14 10:24 - 00000162 ___SH () C:\Users\Nick\Desktop\~$kenna WRAT4
2014-12-20 11:21 - 2014-05-21 16:30 - 00016896 ___SH () C:\Users\Nick\Downloads\Thumbs.db
2014-12-20 11:21 - 2014-03-19 10:22 - 00916700 _____ () C:\Users\Nick\Downloads\Unit10Wed.pptx
2014-12-20 11:20 - 2014-01-15 11:05 - 00013365 _____ () C:\Users\Nick\Downloads\notes (2).txt
2014-12-20 11:20 - 2014-01-14 00:34 - 00005879 _____ () C:\Users\Nick\Downloads\notes (1).txt
2014-12-20 11:20 - 2014-01-01 16:59 - 03723258 _____ () C:\Users\Nick\Downloads\outlook_addin_3_4_64bit.zip
2014-12-20 06:02 - 2014-12-20 06:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-20 02:05 - 2014-12-20 02:05 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-12-20 01:48 - 2014-12-20 01:48 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-17 17:10 - 2014-12-20 13:26 - 00000000 ____D () C:\windows\erdnt
2014-12-15 18:56 - 2014-12-20 20:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-15 18:56 - 2014-12-20 20:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-15 18:56 - 2014-12-15 18:56 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-15 18:30 - 2014-12-25 13:04 - 00457380 _____ () C:\windows\PFRO.log
2014-12-15 14:39 - 2014-11-21 06:35 - 01188864 _____ (Microsoft Corporation) C:\windows\system32\wininet(301).dll
2014-12-15 14:39 - 2014-11-21 06:34 - 12289024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-15 14:39 - 2014-11-21 06:34 - 09058816 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-15 14:39 - 2014-11-21 06:34 - 02467328 _____ (Microsoft Corporation) C:\windows\system32\iertutil(297).dll
2014-12-15 14:39 - 2014-11-21 06:34 - 01541632 _____ (Microsoft Corporation) C:\windows\system32\urlmon(298).dll
2014-12-15 14:39 - 2014-11-21 06:34 - 00735232 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-15 14:39 - 2014-11-21 06:34 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-15 14:39 - 2014-11-21 06:34 - 00134144 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-12-15 14:39 - 2014-11-21 06:34 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-15 14:39 - 2014-11-21 06:34 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-12-15 14:39 - 2014-11-21 06:34 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-15 14:39 - 2014-11-21 06:33 - 00495616 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-15 14:39 - 2014-11-21 06:33 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-15 14:39 - 2014-11-21 06:33 - 00174592 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-15 14:39 - 2014-11-21 06:33 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-12-15 14:39 - 2014-11-21 06:33 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-12-15 14:39 - 2014-11-21 06:32 - 01538048 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-15 14:39 - 2014-11-21 05:44 - 00981504 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet(304).dll
2014-12-15 14:39 - 2014-11-21 05:43 - 06026240 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-15 14:39 - 2014-11-21 05:43 - 01267712 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon(303).dll
2014-12-15 14:39 - 2014-11-21 05:43 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-15 14:39 - 2014-11-21 05:43 - 00132096 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-12-15 14:39 - 2014-11-21 05:43 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-15 14:39 - 2014-11-21 05:43 - 00064512 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-12-15 14:39 - 2014-11-21 05:43 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-15 14:39 - 2014-11-21 05:42 - 11019264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-15 14:39 - 2014-11-21 05:42 - 02086912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil(302).dll
2014-12-15 14:39 - 2014-11-21 05:42 - 00345600 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-15 14:39 - 2014-11-21 05:42 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-15 14:39 - 2014-11-21 05:42 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-15 14:39 - 2014-11-21 05:41 - 01466368 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-15 14:39 - 2014-11-21 05:41 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-15 14:39 - 2014-11-21 05:41 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-12-15 14:39 - 2014-11-21 05:41 - 00016384 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-12-15 14:39 - 2014-11-21 05:23 - 00482816 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-12-15 14:39 - 2014-11-21 04:28 - 00386048 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-12-15 14:39 - 2014-11-21 03:55 - 01638912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-15 14:39 - 2014-11-21 02:53 - 01638912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-15 14:38 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs(300).dll
2014-12-15 14:38 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-15 14:37 - 2014-10-29 21:04 - 00610304 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-15 14:37 - 2014-10-29 20:46 - 00428544 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-15 14:27 - 2014-12-25 13:13 - 00001288 _____ () C:\windows\setupact.log
2014-12-15 14:27 - 2014-12-15 14:27 - 00000000 _____ () C:\windows\setuperr.log
2014-12-09 21:36 - 2014-11-21 06:34 - 02467328 _____ (Microsoft Corporation) C:\windows\system32\iertutil(299).dll
2014-12-01 23:13 - 2014-12-07 12:59 - 82575360 _____ () C:\windows\system32\config\.ghost-ntfs-3g-00000000000000000001
2014-12-01 23:13 - 2014-12-07 12:59 - 17825792 _____ () C:\windows\system32\config\.ghost-ntfs-3g-00000000000000000003

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-25 13:13 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-25 13:12 - 2014-11-16 21:29 - 01083808 _____ () C:\windows\WindowsUpdate.log
2014-12-25 13:12 - 2014-02-03 21:38 - 00015024 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-25 13:12 - 2014-02-03 21:38 - 00015024 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-25 13:09 - 2009-07-14 00:13 - 00006274 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-25 11:52 - 2012-03-10 15:39 - 00000000 ___RD () C:\Users\Nick\Desktop\Desktop items
2014-12-22 01:55 - 2010-02-20 12:29 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Adobe
2014-12-22 01:35 - 2009-11-30 23:30 - 00000000 ____D () C:\Program Files (x86)\Toshiba
2014-12-22 01:32 - 2012-03-10 13:13 - 00000000 ____D () C:\Program Files (x86)\Eye-Fi
2014-12-22 01:31 - 2009-12-16 06:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2014-12-22 01:29 - 2009-11-30 23:31 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-21 16:58 - 2011-10-08 09:50 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-12-20 20:56 - 2009-07-14 00:08 - 00032620 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-12-20 20:41 - 2014-10-21 02:54 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Mozilla
2014-12-20 20:25 - 2010-02-20 00:19 - 00000000 ____D () C:\Users\Nick
2014-12-20 20:24 - 2014-05-06 10:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-20 20:24 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-12-20 20:23 - 2014-01-06 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-12-20 20:23 - 2013-09-02 19:36 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\XnView
2014-12-20 20:23 - 2013-03-13 02:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-20 20:23 - 2013-03-13 02:24 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-20 20:23 - 2013-02-18 01:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-20 20:23 - 2013-02-08 21:56 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-20 20:23 - 2012-03-10 13:13 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eye-Fi
2014-12-20 20:23 - 2012-02-19 19:25 - 00000000 __RSD () C:\Users\Nick\Documents\My Stationery
2014-12-20 20:23 - 2012-01-23 16:26 - 00000000 ____D () C:\windows\system32\Macromed
2014-12-20 20:23 - 2011-10-08 09:50 - 00000000 ____D () C:\ProgramData\CanonIJ
2014-12-20 20:23 - 2011-08-17 12:33 - 00000000 ____D () C:\Users\Nick\AppData\Local\Microsoft Help
2014-12-20 20:23 - 2010-02-20 12:21 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Roxio
2014-12-20 20:23 - 2009-07-14 00:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-12-20 20:23 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2014-12-20 20:23 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\servicing
2014-12-20 20:22 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\registration
2014-12-20 20:19 - 2014-10-09 19:40 - 00000000 ____D () C:\Users\Nick\AppData\Local\Adobe_Systems_Incorporate
2014-12-20 20:19 - 2014-01-06 09:17 - 00000000 ____D () C:\Users\Nick\AppData\Local\Logitech® Webcam Software
2014-12-20 20:19 - 2013-08-26 02:53 - 00000000 ____D () C:\Users\Nick\Documents\Fax
2014-12-20 20:19 - 2011-10-08 09:50 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Canon
2014-12-20 20:19 - 2010-09-06 15:11 - 00000000 ____D () C:\Users\Nick\AppData\Local\Apps\2.0
2014-12-20 20:19 - 2010-02-20 12:59 - 00000000 ____D () C:\Users\Nick\AppData\Local\Microsoft Games
2014-12-20 20:19 - 2010-02-20 12:31 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Macromedia
2014-12-20 20:19 - 2010-02-20 12:26 - 00000000 ____D () C:\Users\Nick\AppData\Local\TOSHIBA_Corporation
2014-12-20 20:19 - 2010-02-20 12:20 - 00000000 ____D () C:\Users\Nick\AppData\Local\VirtualStore
2014-12-20 20:19 - 2010-02-20 00:19 - 00000000 ___RD () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-20 20:19 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-20 20:18 - 2011-10-08 09:50 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-12-20 20:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-20 20:16 - 2009-12-16 05:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-12-20 20:16 - 2009-11-30 23:29 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-12-20 20:15 - 2009-12-16 05:52 - 00000000 ___RD () C:\MSOCache
2014-12-20 19:46 - 2013-08-14 23:48 - 00000000 ____D () C:\windows\system32\MRT
2014-12-20 19:32 - 2010-02-20 12:28 - 00000000 ____D () C:\Users\Nick\AppData\Local\Google
2014-12-15 17:15 - 2010-02-23 18:29 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-15 15:09

==================== End Of Log ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-12-2014
Ran by Nick at 2014-12-25 13:16:41
Running from C:\Users\Nick\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\...\Adobe Connect 9 Add-in) (Version: 11,9,970,233 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version:  - )
Canon MP495 series User Registration (HKLM-x32\...\Canon MP495 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.2 - Roxio)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.05.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.0 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.65 - TOSHIBA CORPORATION)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.33 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.7C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.26.64 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
Utility Common Driver (x32 Version: 1.0.50.27C - TOSHIBA) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
WinZip Registry Optimizer (HKLM-x32\...\WinZip Registry Optimizer_is1) (Version: 1.0 - WinZip International LLC)
Wise Registry Cleaner 8.26 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.26 - WiseCleaner.com, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

16-12-2014 11:00:20 Windows Update
16-12-2014 18:45:23 Removed Java 7 Update 67 (64-bit)
16-12-2014 21:58:39 Windows Update
20-12-2014 10:32:02 Restore Operation
20-12-2014 13:30:20 avast! antivirus system restore point
20-12-2014 13:33:36 Device Driver Package Install: Avast Network Service
20-12-2014 16:35:25 Installed HiJackThis
20-12-2014 19:34:07 avast! antivirus system restore point
20-12-2014 19:39:27 Windows Update
20-12-2014 20:12:59 Restore Operation
20-12-2014 20:25:31 avast! antivirus system restore point
20-12-2014 21:34:53 avast! antivirus system restore point
21-12-2014 14:44:59 avast! antivirus system restore point
21-12-2014 14:47:17 Removed Java 7 Update 67 (64-bit)
21-12-2014 14:49:55 Device Driver Package Install: Avast Network Service
21-12-2014 14:50:08 Windows Update
21-12-2014 19:11:40 Device Driver Package Install: Avast Network Service
21-12-2014 21:07:38 avast! antivirus system restore point
21-12-2014 21:09:13 Device Driver Package Install: Avast Network Service
21-12-2014 21:15:38 avast! antivirus system restore point
21-12-2014 21:40:59 WinZip Registry Optimizer Sun, Dec 21, 14  21:40
22-12-2014 01:21:23 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-12-25 13:12 - 2014-12-25 13:12 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0BE0A2E4-D8DE-44BA-BC03-EE74F6CE2BE9} - System32\Tasks\Registry Optimizer => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: {19A78360-85CB-49C0-9A3A-5AD6601DEC25} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
Task: {75CC7121-CFBD-4F5E-A4D6-DC79DB60CF7A} - \{A585218B-E03E-453B-9876-5F9D51611011} No Task File <==== ATTENTION
Task: {7B833556-09A2-40FA-95A9-9348DB29CBB4} - System32\Tasks\{CA2EABB6-4AD3-4513-AFC5-2ED31D9B7B8A} => Chrome.exe
Task: {AA157760-2F2B-4B3F-A1B6-DDC46C397792} - \0 No Task File <==== ATTENTION
Task: {D54121BB-A853-48D3-826E-F1123210C597} - \{08697DC7-C68D-4094-A0A2-B3D0F68B776D} No Task File <==== ATTENTION
Task: {DA550352-B52C-4A6B-8464-AC3AA5591E34} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 2df07b66-8074-4a55-b452-564818a7e11f.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task ad9324ec-197c-4227-9b20-d9fa09d42081.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2009-07-13 01:35 - 2009-07-13 01:35 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: cfWiMAXService => 2
MSCONFIG\Services: ConfigFree Gadget Service => 2
MSCONFIG\Services: ConfigFree Service => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3

========================= Accounts: ==========================

Administrator (S-1-5-21-3565968102-2038924888-3838231409-500 - Administrator - Disabled)
Guest (S-1-5-21-3565968102-2038924888-3838231409-501 - Limited - Disabled)
Nick (S-1-5-21-3565968102-2038924888-3838231409-1002 - Administrator - Enabled) => C:\Users\Nick

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/25/2014 01:09:41 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (12/25/2014 01:09:41 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


System errors:
=============
Error: (12/25/2014 01:15:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (12/25/2014 01:13:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (12/25/2014 01:13:01 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (12/25/2014 01:12:54 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (12/25/2014 01:12:54 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (12/25/2014 01:07:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (12/25/2014 01:05:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (12/25/2014 01:05:09 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/25/2014 01:05:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (12/25/2014 01:04:51 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!


Microsoft Office Sessions:
=========================
Error: (12/25/2014 01:09:41 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (12/25/2014 01:09:41 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000


CodeIntegrity Errors:
===================================
  Date: 2013-09-05 06:19:19.436
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-05 06:19:18.921
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU 900 @ 2.20GHz
Percentage of memory in use: 28%
Total physical RAM: 2936.89 MB
Available physical RAM: 2087.05 MB
Total Pagefile: 5871.95 MB
Available Pagefile: 4969.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (TI105756W0B) (Fixed) (Total:222.43 GB) (Free:172.76 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: CE865B76)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=222.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9 GB) - (Type=17)

==================== End Of Log ============================

 

 

ESETlog:

 

C:\AdwCleaner\Quarantine\C\windows\System32\roboot64.exe.vir    a variant of Win64/Systweak.A potentially unwanted application    deleted - quarantined
 



#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:03 AM

Posted 25 December 2014 - 03:28 PM

Step 4 is missing.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#10 SteveSteve

SteveSteve
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 25 December 2014 - 05:47 PM

Much better!  I cannot get windows defender to work, and I am getting this odd pop up at the bottm right on my screen: Ids_IE_Ballon_WAIT FOR dOWNLOAd

 

I assume this is from any registry damage I may have caused before your help. 

 

Is it OK to install adobe reader update?  It has been asking me to install since before the help.

 

I have been waiting to install a new antivirus.  Please recommend one. 

 

Thanks!



#11 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:03 AM

Posted 26 December 2014 - 04:39 AM

Is it OK to install adobe reader update?

No, please wait until we are finished.

I have been waiting to install a new antivirus.

I'm a fan of EmsiSoft.

 

First,
  • Please download the attached fixlist.txt file and save it to the same location as FRST
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Next,
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Next,
Please download Farbar Service Scanner and run it on the computer with the issue. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FSS icon and select Run as Administrator)
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Attached Files


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#12 SteveSteve

SteveSteve
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 26 December 2014 - 01:13 PM

When I started staeo one, I open FRST to do the fix, and, a few seconds after I opened it, it said an update was available.  I "X'ed out an reopened it.  Now I have a new fold on my desktop labled "FRST-OlderVersion", containing "FRST64.exe" (looks identicle to the one I used).  Not sure if this is normal; just wanted to relay this information.  Below are the results of the scans.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-12-2014
Ran by Nick at 2014-12-26 12:58:06 Run:2
Running from C:\Users\Nick\Desktop
Loaded Profile: Nick (Available profiles: Nick)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
Task: {75CC7121-CFBD-4F5E-A4D6-DC79DB60CF7A} - \{A585218B-E03E-453B-9876-5F9D51611011} No Task File <==== ATTENTION
Task: {AA157760-2F2B-4B3F-A1B6-DDC46C397792} - \0 No Task File <==== ATTENTION
Task: {D54121BB-A853-48D3-826E-F1123210C597} - \{08697DC7-C68D-4094-A0A2-B3D0F68B776D} No Task File <==== ATTENTION
*****************

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75CC7121-CFBD-4F5E-A4D6-DC79DB60CF7A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75CC7121-CFBD-4F5E-A4D6-DC79DB60CF7A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A585218B-E03E-453B-9876-5F9D51611011}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA157760-2F2B-4B3F-A1B6-DDC46C397792}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA157760-2F2B-4B3F-A1B6-DDC46C397792}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D54121BB-A853-48D3-826E-F1123210C597}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D54121BB-A853-48D3-826E-F1123210C597}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{08697DC7-C68D-4094-A0A2-B3D0F68B776D}" => Key deleted successfully.

==== End of Fixlog 12:58:07 ====

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-12-2014
Ran by Nick (administrator) on NICK-PC on 26-12-2014 13:00:02
Running from C:\Users\Nick\Desktop
Loaded Profile: Nick (Available profiles: Nick)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Logitech, Inc.) C:\Users\Nick\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Users\Nick\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
(Microsoft Corporation) C:\Windows\ehome\mcupdate.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-29] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2009-08-12] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-14] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2009-06-02] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-07-13] ()
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-15] (SUPERAntiSpyware)
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {D9EDDC64-3DC1-4E66-914E-EE02617AF176} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3565968102-2038924888-3838231409-1002 -> {1B7A6B8E-6309-4CDF-9D2A-405EC040F42F} URL = https://www.google.com/search?q={searchTerms}
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\almop0ek.default
FF DefaultSearchEngine: Google
FF Homepage: https://www.google.com
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (No Name) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-19]
CHR Extension: (No Name) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 MBAMScheduler; C:\Users\Nick\Desktop\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Users\Nick\Desktop\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 cfWiMAXService; "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe" [X]
S4 ConfigFree Gadget Service; "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe" [X]
S4 ConfigFree Service; "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [213504 2011-06-10] (Huawei Technologies Co., Ltd.)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [450048 2010-03-31] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SMR311; C:\Windows\System32\drivers\SMR311.SYS [95392 2013-02-18] (Symantec Corporation)
S3 pcouffin; System32\Drivers\pcouffin.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-26 13:00 - 2014-12-26 13:00 - 00009602 _____ () C:\Users\Nick\Desktop\FRST.txt
2014-12-26 12:57 - 2014-12-26 12:57 - 00000000 ____D () C:\Users\Nick\Desktop\FRST-OlderVersion
2014-12-25 18:01 - 2014-12-25 18:01 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\Nick\Desktop\iExplore64.exe
2014-12-25 18:00 - 2014-12-25 18:00 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\Nick\Desktop\iExplore.exe
2014-12-25 13:25 - 2014-12-25 13:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-25 13:10 - 2014-12-26 12:56 - 00000000 ____D () C:\Users\Nick\Desktop\New folder
2014-12-25 11:27 - 2014-12-25 11:27 - 00000000 ____D () C:\windows\ERUNT
2014-12-25 11:26 - 2014-12-25 11:26 - 01707646 _____ (Thisisu) C:\Users\Nick\Desktop\JRT.exe
2014-12-25 10:57 - 2014-12-26 12:54 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-25 10:57 - 2014-12-25 10:57 - 00000782 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-25 10:57 - 2014-12-25 10:57 - 00000000 ____D () C:\Users\Nick\Desktop\Malwarebytes Anti-Malware
2014-12-25 10:57 - 2014-12-25 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-25 10:57 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-25 10:57 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-25 10:57 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-12-25 10:53 - 2014-12-25 10:53 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Nick\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-25 10:47 - 2014-12-25 18:20 - 00000000 ____D () C:\AdwCleaner
2014-12-25 10:46 - 2014-12-25 10:46 - 02173952 _____ () C:\Users\Nick\Desktop\AdwCleaner.exe
2014-12-24 17:40 - 2014-12-26 13:00 - 00000000 ____D () C:\FRST
2014-12-24 17:38 - 2014-12-26 12:57 - 02122752 _____ (Farbar) C:\Users\Nick\Desktop\FRST64.exe
2014-12-22 01:55 - 2014-12-22 01:55 - 00000000 ____D () C:\Users\Nick\AppData\Local\Adobe
2014-12-22 01:21 - 2014-12-22 01:23 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-21 21:37 - 2014-12-22 01:26 - 00003136 _____ () C:\windows\System32\Tasks\Registry Optimizer
2014-12-21 21:37 - 2014-12-21 21:37 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Nico Mak Computing
2014-12-21 17:11 - 2014-12-25 18:05 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-21 15:11 - 2014-12-21 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-12-21 15:11 - 2014-12-21 15:11 - 00000508 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task ad9324ec-197c-4227-9b20-d9fa09d42081.job
2014-12-21 15:11 - 2014-12-21 15:11 - 00000508 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 2df07b66-8074-4a55-b452-564818a7e11f.job
2014-12-21 15:11 - 2014-12-21 15:11 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\SUPERAntiSpyware.com
2014-12-21 15:11 - 2014-12-21 15:11 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-12-20 21:36 - 2014-12-20 21:36 - 00113352 _____ () C:\Users\Nick\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-20 20:41 - 2014-12-21 15:07 - 00000000 ____D () C:\Users\Nick\AppData\Local\Mozilla
2014-12-20 19:03 - 2014-12-20 19:03 - 00000000 ____D () C:\Users\Nick\AppData\Local\Toshiba
2014-12-20 16:36 - 2014-12-20 16:36 - 00000000 ____D () C:\hijacj
2014-12-20 16:28 - 2014-11-21 06:35 - 01188864 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-20 16:28 - 2014-11-21 06:34 - 01541632 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-20 16:28 - 2014-11-21 05:44 - 00981504 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-20 16:28 - 2014-11-21 05:43 - 01267712 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-20 16:27 - 2014-11-21 06:34 - 02467328 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-20 16:27 - 2014-11-21 05:42 - 02086912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-20 16:27 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-20 15:58 - 2014-12-20 15:58 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-12-20 15:19 - 2014-12-20 15:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-20 14:28 - 2014-12-20 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-20 13:53 - 2014-12-20 14:29 - 00000000 ____D () C:\Users\Nick\AppData\Local\CrashDumps
2014-12-20 12:44 - 2014-12-20 12:45 - 00000000 ____D () C:\Users\Nick\Documents\My Digital Editions
2014-12-20 12:44 - 2014-09-30 06:44 - 00046080 ___SH () C:\Users\Nick\Desktop\~WRL3126.tmp
2014-12-20 12:44 - 2014-09-30 03:31 - 00045568 ___SH () C:\Users\Nick\Desktop\~WRL2750.tmp
2014-12-20 12:44 - 2014-08-29 02:03 - 00092672 ___SH () C:\Users\Nick\Desktop\~WRL2726.tmp
2014-12-20 12:44 - 2014-08-29 00:54 - 00091136 ___SH () C:\Users\Nick\Desktop\~WRL0149.tmp
2014-12-20 12:44 - 2014-08-28 15:49 - 00091136 ___SH () C:\Users\Nick\Desktop\~WRL3240.tmp
2014-12-20 12:44 - 2014-07-11 03:09 - 00048640 ___SH () C:\Users\Nick\Desktop\~WRL0520.tmp
2014-12-20 12:44 - 2014-04-09 21:17 - 00031232 ___SH () C:\Users\Nick\Desktop\~WRL2981.tmp
2014-12-20 12:44 - 2014-04-09 14:46 - 00054784 ___SH () C:\Users\Nick\Desktop\~WRL3437.tmp
2014-12-20 12:44 - 2014-04-09 14:10 - 00052736 ___SH () C:\Users\Nick\Desktop\~WRL0761.tmp
2014-12-20 12:44 - 2014-02-22 01:02 - 00030720 ___SH () C:\Users\Nick\Desktop\~WRL1116.tmp
2014-12-20 12:44 - 2013-04-23 14:19 - 00025088 ___SH () C:\Users\Nick\Desktop\~WRL0004.tmp
2014-12-20 12:44 - 2013-01-14 10:24 - 00000162 ___SH () C:\Users\Nick\Desktop\~$kenna WRAT4
2014-12-20 11:21 - 2014-05-21 16:30 - 00016896 ___SH () C:\Users\Nick\Downloads\Thumbs.db
2014-12-20 11:21 - 2014-03-19 10:22 - 00916700 _____ () C:\Users\Nick\Downloads\Unit10Wed.pptx
2014-12-20 11:20 - 2014-01-15 11:05 - 00013365 _____ () C:\Users\Nick\Downloads\notes (2).txt
2014-12-20 11:20 - 2014-01-14 00:34 - 00005879 _____ () C:\Users\Nick\Downloads\notes (1).txt
2014-12-20 11:20 - 2014-01-01 16:59 - 03723258 _____ () C:\Users\Nick\Downloads\outlook_addin_3_4_64bit.zip
2014-12-20 06:02 - 2014-12-20 06:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-20 02:05 - 2014-12-20 02:05 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-12-20 01:48 - 2014-12-20 01:48 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-17 17:10 - 2014-12-20 13:26 - 00000000 ____D () C:\windows\erdnt
2014-12-15 18:56 - 2014-12-20 20:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-15 18:56 - 2014-12-20 20:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-15 18:56 - 2014-12-15 18:56 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-15 18:30 - 2014-12-25 18:21 - 00457694 _____ () C:\windows\PFRO.log
2014-12-15 14:39 - 2014-11-21 06:35 - 01188864 _____ (Microsoft Corporation) C:\windows\system32\wininet(301).dll
2014-12-15 14:39 - 2014-11-21 06:34 - 12289024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-15 14:39 - 2014-11-21 06:34 - 09058816 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-15 14:39 - 2014-11-21 06:34 - 02467328 _____ (Microsoft Corporation) C:\windows\system32\iertutil(297).dll
2014-12-15 14:39 - 2014-11-21 06:34 - 01541632 _____ (Microsoft Corporation) C:\windows\system32\urlmon(298).dll
2014-12-15 14:39 - 2014-11-21 06:34 - 00735232 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-15 14:39 - 2014-11-21 06:34 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-15 14:39 - 2014-11-21 06:34 - 00134144 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-12-15 14:39 - 2014-11-21 06:34 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-15 14:39 - 2014-11-21 06:34 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-12-15 14:39 - 2014-11-21 06:34 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-15 14:39 - 2014-11-21 06:33 - 00495616 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-15 14:39 - 2014-11-21 06:33 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-15 14:39 - 2014-11-21 06:33 - 00174592 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-15 14:39 - 2014-11-21 06:33 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-12-15 14:39 - 2014-11-21 06:33 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-12-15 14:39 - 2014-11-21 06:32 - 01538048 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-15 14:39 - 2014-11-21 05:44 - 00981504 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet(304).dll
2014-12-15 14:39 - 2014-11-21 05:43 - 06026240 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-15 14:39 - 2014-11-21 05:43 - 01267712 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon(303).dll
2014-12-15 14:39 - 2014-11-21 05:43 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-15 14:39 - 2014-11-21 05:43 - 00132096 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-12-15 14:39 - 2014-11-21 05:43 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-15 14:39 - 2014-11-21 05:43 - 00064512 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-12-15 14:39 - 2014-11-21 05:43 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-15 14:39 - 2014-11-21 05:42 - 11019264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-15 14:39 - 2014-11-21 05:42 - 02086912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil(302).dll
2014-12-15 14:39 - 2014-11-21 05:42 - 00345600 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-15 14:39 - 2014-11-21 05:42 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-15 14:39 - 2014-11-21 05:42 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-15 14:39 - 2014-11-21 05:41 - 01466368 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-15 14:39 - 2014-11-21 05:41 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-15 14:39 - 2014-11-21 05:41 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-12-15 14:39 - 2014-11-21 05:41 - 00016384 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-12-15 14:39 - 2014-11-21 05:23 - 00482816 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-12-15 14:39 - 2014-11-21 04:28 - 00386048 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-12-15 14:39 - 2014-11-21 03:55 - 01638912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-15 14:39 - 2014-11-21 02:53 - 01638912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-15 14:38 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs(300).dll
2014-12-15 14:38 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-15 14:37 - 2014-10-29 21:04 - 00610304 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-15 14:37 - 2014-10-29 20:46 - 00428544 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-15 14:27 - 2014-12-26 12:52 - 00001512 _____ () C:\windows\setupact.log
2014-12-15 14:27 - 2014-12-15 14:27 - 00000000 _____ () C:\windows\setuperr.log
2014-12-09 21:36 - 2014-11-21 06:34 - 02467328 _____ (Microsoft Corporation) C:\windows\system32\iertutil(299).dll
2014-12-01 23:13 - 2014-12-07 12:59 - 82575360 _____ () C:\windows\system32\config\.ghost-ntfs-3g-00000000000000000001
2014-12-01 23:13 - 2014-12-07 12:59 - 17825792 _____ () C:\windows\system32\config\.ghost-ntfs-3g-00000000000000000003

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-26 13:00 - 2014-02-03 21:38 - 00015024 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-26 13:00 - 2014-02-03 21:38 - 00015024 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-26 12:57 - 2009-07-14 00:13 - 00006274 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-26 12:56 - 2014-11-16 21:29 - 01137335 _____ () C:\windows\WindowsUpdate.log
2014-12-26 12:52 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-25 17:58 - 2012-03-10 15:39 - 00000000 ___RD () C:\Users\Nick\Desktop\Desktop items
2014-12-22 01:55 - 2010-02-20 12:29 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Adobe
2014-12-22 01:35 - 2009-11-30 23:30 - 00000000 ____D () C:\Program Files (x86)\Toshiba
2014-12-22 01:32 - 2012-03-10 13:13 - 00000000 ____D () C:\Program Files (x86)\Eye-Fi
2014-12-22 01:31 - 2009-12-16 06:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2014-12-22 01:29 - 2009-11-30 23:31 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-21 16:58 - 2011-10-08 09:50 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-12-20 20:56 - 2009-07-14 00:08 - 00032620 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-12-20 20:41 - 2014-10-21 02:54 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Mozilla
2014-12-20 20:25 - 2010-02-20 00:19 - 00000000 ____D () C:\Users\Nick
2014-12-20 20:24 - 2014-05-06 10:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-20 20:24 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-12-20 20:23 - 2014-01-06 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-12-20 20:23 - 2013-09-02 19:36 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\XnView
2014-12-20 20:23 - 2013-03-13 02:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-20 20:23 - 2013-03-13 02:24 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-20 20:23 - 2013-02-18 01:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-20 20:23 - 2013-02-08 21:56 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-20 20:23 - 2012-03-10 13:13 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eye-Fi
2014-12-20 20:23 - 2012-02-19 19:25 - 00000000 __RSD () C:\Users\Nick\Documents\My Stationery
2014-12-20 20:23 - 2012-01-23 16:26 - 00000000 ____D () C:\windows\system32\Macromed
2014-12-20 20:23 - 2011-10-08 09:50 - 00000000 ____D () C:\ProgramData\CanonIJ
2014-12-20 20:23 - 2011-08-17 12:33 - 00000000 ____D () C:\Users\Nick\AppData\Local\Microsoft Help
2014-12-20 20:23 - 2010-02-20 12:21 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Roxio
2014-12-20 20:23 - 2009-07-14 00:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-12-20 20:23 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2014-12-20 20:23 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\servicing
2014-12-20 20:22 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\registration
2014-12-20 20:19 - 2014-10-09 19:40 - 00000000 ____D () C:\Users\Nick\AppData\Local\Adobe_Systems_Incorporate
2014-12-20 20:19 - 2014-01-06 09:17 - 00000000 ____D () C:\Users\Nick\AppData\Local\Logitech® Webcam Software
2014-12-20 20:19 - 2013-08-26 02:53 - 00000000 ____D () C:\Users\Nick\Documents\Fax
2014-12-20 20:19 - 2011-10-08 09:50 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Canon
2014-12-20 20:19 - 2010-09-06 15:11 - 00000000 ____D () C:\Users\Nick\AppData\Local\Apps\2.0
2014-12-20 20:19 - 2010-02-20 12:59 - 00000000 ____D () C:\Users\Nick\AppData\Local\Microsoft Games
2014-12-20 20:19 - 2010-02-20 12:31 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Macromedia
2014-12-20 20:19 - 2010-02-20 12:26 - 00000000 ____D () C:\Users\Nick\AppData\Local\TOSHIBA_Corporation
2014-12-20 20:19 - 2010-02-20 12:20 - 00000000 ____D () C:\Users\Nick\AppData\Local\VirtualStore
2014-12-20 20:19 - 2010-02-20 00:19 - 00000000 ___RD () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-20 20:19 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-20 20:18 - 2011-10-08 09:50 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-12-20 20:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-20 20:16 - 2009-12-16 05:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-12-20 20:16 - 2009-11-30 23:29 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-12-20 20:15 - 2009-12-16 05:52 - 00000000 ___RD () C:\MSOCache
2014-12-20 19:46 - 2013-08-14 23:48 - 00000000 ____D () C:\windows\system32\MRT
2014-12-20 19:32 - 2010-02-20 12:28 - 00000000 ____D () C:\Users\Nick\AppData\Local\Google
2014-12-15 17:15 - 2010-02-23 18:29 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Nick\AppData\Local\Temp\Quarantine.exe
C:\Users\Nick\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-15 15:09

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2014
Ran by Nick at 2014-12-26 13:00:53
Running from C:\Users\Nick\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\...\Adobe Connect 9 Add-in) (Version: 11,9,970,233 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version:  - )
Canon MP495 series User Registration (HKLM-x32\...\Canon MP495 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.2 - Roxio)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.05.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.0 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.65 - TOSHIBA CORPORATION)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.33 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.7C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.26.64 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
Utility Common Driver (x32 Version: 1.0.50.27C - TOSHIBA) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

16-12-2014 11:00:20 Windows Update
16-12-2014 18:45:23 Removed Java 7 Update 67 (64-bit)
16-12-2014 21:58:39 Windows Update
20-12-2014 10:32:02 Restore Operation
20-12-2014 13:30:20 avast! antivirus system restore point
20-12-2014 13:33:36 Device Driver Package Install: Avast Network Service
20-12-2014 16:35:25 Installed HiJackThis
20-12-2014 19:34:07 avast! antivirus system restore point
20-12-2014 19:39:27 Windows Update
20-12-2014 20:12:59 Restore Operation
20-12-2014 20:25:31 avast! antivirus system restore point
20-12-2014 21:34:53 avast! antivirus system restore point
21-12-2014 14:44:59 avast! antivirus system restore point
21-12-2014 14:47:17 Removed Java 7 Update 67 (64-bit)
21-12-2014 14:49:55 Device Driver Package Install: Avast Network Service
21-12-2014 14:50:08 Windows Update
21-12-2014 19:11:40 Device Driver Package Install: Avast Network Service
21-12-2014 21:07:38 avast! antivirus system restore point
21-12-2014 21:09:13 Device Driver Package Install: Avast Network Service
21-12-2014 21:15:38 avast! antivirus system restore point
21-12-2014 21:40:59 WinZip Registry Optimizer Sun, Dec 21, 14  21:40
22-12-2014 01:21:23 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-12-25 13:12 - 2014-12-25 13:12 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0BE0A2E4-D8DE-44BA-BC03-EE74F6CE2BE9} - System32\Tasks\Registry Optimizer => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: {19A78360-85CB-49C0-9A3A-5AD6601DEC25} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
Task: {7B833556-09A2-40FA-95A9-9348DB29CBB4} - System32\Tasks\{CA2EABB6-4AD3-4513-AFC5-2ED31D9B7B8A} => Chrome.exe
Task: {DA550352-B52C-4A6B-8464-AC3AA5591E34} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 2df07b66-8074-4a55-b452-564818a7e11f.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task ad9324ec-197c-4227-9b20-d9fa09d42081.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2009-07-13 01:35 - 2009-07-13 01:35 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: cfWiMAXService => 2
MSCONFIG\Services: ConfigFree Gadget Service => 2
MSCONFIG\Services: ConfigFree Service => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3

========================= Accounts: ==========================

Administrator (S-1-5-21-3565968102-2038924888-3838231409-500 - Administrator - Disabled)
Guest (S-1-5-21-3565968102-2038924888-3838231409-501 - Limited - Disabled)
Nick (S-1-5-21-3565968102-2038924888-3838231409-1002 - Administrator - Enabled) => C:\Users\Nick

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/26/2014 00:57:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (12/26/2014 00:57:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (12/25/2014 06:25:46 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (12/25/2014 06:25:46 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (12/25/2014 06:04:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (12/25/2014 06:04:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (12/25/2014 05:39:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (12/25/2014 05:39:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (12/25/2014 02:29:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (12/25/2014 02:29:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


System errors:
=============
Error: (12/26/2014 00:55:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (12/26/2014 00:54:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (12/26/2014 00:52:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (12/26/2014 00:52:39 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (12/26/2014 00:52:31 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (12/26/2014 00:52:31 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (12/25/2014 06:26:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (12/25/2014 06:25:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (12/25/2014 06:23:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126

Error: (12/25/2014 06:21:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Program Compatibility Assistant Service service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (12/26/2014 00:57:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (12/26/2014 00:57:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (12/25/2014 06:25:46 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (12/25/2014 06:25:46 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (12/25/2014 06:04:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (12/25/2014 06:04:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (12/25/2014 05:39:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (12/25/2014 05:39:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (12/25/2014 02:29:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (12/25/2014 02:29:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000


CodeIntegrity Errors:
===================================
  Date: 2013-09-05 06:19:19.436
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-05 06:19:18.921
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU 900 @ 2.20GHz
Percentage of memory in use: 45%
Total physical RAM: 2936.89 MB
Available physical RAM: 1607.52 MB
Total Pagefile: 5871.95 MB
Available Pagefile: 4535.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (TI105756W0B) (Fixed) (Total:222.43 GB) (Free:172.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: CE865B76)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=222.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9 GB) - (Type=17)

==================== End Of Log ============================

 

 

Farbar Service Scanner Version: 21-07-2014
Ran by Nick (administrator) on 26-12-2014 at 13:04:20
Running from "C:\Users\Nick\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****



#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:03 AM

Posted 26 December 2014 - 01:17 PM

Now I have a new fold on my desktop labled "FRST-OlderVersion", containing "FRST64.exe" (looks identicle to the one I used). Not sure if this is normal; just wanted to relay this information. Below are the results of the scans.

Yes, it's normal.

The Defender should work. Do you get an error?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#14 SteveSteve

SteveSteve
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 26 December 2014 - 01:21 PM

Will not open.  Error code:  0x80070422



#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:03 AM

Posted 26 December 2014 - 03:50 PM

SFC Scan
  • Click on the Start Start%20Orb.jpg button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • When command prompt opens, copy and paste the following commands into it, press enter after each

    sfc /scannow
Export CBS folder
  • Click the Start button StartButton_16x16.gif then click Computer.
  • Double-click on the C: drive, under the Hard Disk Drives category, and then scroll down to, and double click on the Windows folder.
  • Find and double click on the Logs folder.
  • Right-click on the CBS folder, and select Copy.
  • Go back to your Desktop, right-click on it, and select Paste. You should now see a copy of the CBS folder appear on your Desktop called CBS.
  • Right-click on this new folder, and navigate through Send to, and select Compressed (zipped) folder.
  • A new file, also called CBS (CBS.zip), but this time with a different icon, will be created.
  • Attach this to your next post please. If it is too big, please use an alternative uploading method then send me the link (Dropbox, SkyDrive, SendSpace etc.).

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users