Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Locked Registry Keys, Unknown User Accounts, Probably More Issues...


  • This topic is locked This topic is locked
221 replies to this topic

#1 fjrules

fjrules

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 13 February 2015 - 01:50 AM

I was diagnosed with the Poweliks virus this past November and, while my computer is functional, I am nearly certain the viruses/malware were not completely removed by my neighborhood computer expert when I brought it to him for service. 

 

Over the last week I've used many of the popular tools; to name a few: sfc, TDSSKiller, Kapersky VRT, Gmer, Malwarebytes Premium, AVAST, ESET, RogueKiller, Hijack This, and AdwCleaner.  Some found issues and others didn't.  What concerns me most is that ComboFix (sorry, I know you advise laymen not  use it) found eight locked registry keys and there are unknown user accounts.

 

I look forward to hearing back from you soon.  Thank you for your assistance - I really appreciate it!

Attached Files



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:24 AM

Posted 15 February 2015 - 02:32 PM

Please post all logs you have so far directly into the thread as reply. I can not open attachments on my system. :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 fjrules

fjrules
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 15 February 2015 - 09:06 PM

Hi Machiavelli,

 

Thanks for getting back to me so quickly.  It will be great to work with you.

 

As you asked I pasted the two logs below that I initially attached.  I also pasted logs for R Kill, RogueKiller, Gmer, Hijack This (NOTE: Hijack This was denied access to Hosts file), Junkware Removal Tool, AVAST (run in boot), and ComboFix. 

 

I omitted TDSS KIller because my post is lengthy.  I didn't include AdwCleaner, Malware Bytes Anti-Malware (Premium), and Malware Bytes Anti-Rootkit as they came back clean.

 

Please let me know my next steps.  Thanks again!

 

ComboFix:

 

2015-02-15 22:20:02 . 2015-02-15 22:20:02           53,248 ----a-w-  C:\Qoobox\Quarantine\C\Windows\temp\catchme.dll.vir
2015-02-15 22:08:12 . 2015-02-15 22:08:12            5,368 -c--a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2015-02-15 21:49:27 . 2015-02-15 21:49:27              512 -c--a-w-  C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2015-02-15 21:45:51 . 2015-02-15 21:49:29               62 -c--a-w-  C:\Qoobox\Quarantine\catchme.log

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2015
Ran by Joe Collura (administrator) on JOECOLLURA-PC on 13-02-2015 00:07:31
Running from C:\Users\Joe Collura\Desktop
Loaded Profiles: Joe Collura & Administrator (Available profiles: Joe Collura & UpdatusUser & Administrator)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-05-09] (Realtek Semiconductor)
HKU\S-1-5-21-382782190-1362263433-3942239974-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-382782190-1362263433-3942239974-500\...\Run: [DriverMax] => "C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe" -agent
HKU\S-1-5-21-382782190-1362263433-3942239974-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-382782190-1362263433-3942239974-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-382782190-1362263433-3942239974-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-382782190-1362263433-3942239974-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.philly.com/
HKU\S-1-5-21-382782190-1362263433-3942239974-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: [S-1-5-21-382782190-1362263433-3942239974-500_classes] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-382782190-1362263433-3942239974-1000 -> DefaultScope {7093ECD2-F738-69D1-D9E0-6F52B4A88621} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-382782190-1362263433-3942239974-1000 -> {7093ECD2-F738-69D1-D9E0-6F52B4A88621} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-382782190-1362263433-3942239974-500 -> DefaultScope {E193424F-8B7F-4BE6-AC1E-2A6287505214} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-382782190-1362263433-3942239974-500 -> {7093ECD2-F738-69D1-D9E0-6F52B4A88621} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-382782190-1362263433-3942239974-500 -> {E193424F-8B7F-4BE6-AC1E-2A6287505214} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2015-01-27] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Joe Collura\AppData\Roaming\Mozilla\Firefox\Profiles\mg7t097r.default-1423650162737
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=Google
FF SearchEngineOrder.US.1: data:text/plain,browser.search.order.US.1=Google
FF Homepage: https://www.google.com/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Joe Collura\AppData\Roaming\Mozilla\Firefox\Profiles\mg7t097r.default-1423650162737\Extensions\artur.dubovoy@gmail.com [2015-02-11]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Joe Collura\AppData\Roaming\Mozilla\Firefox\Profiles\mg7t097r.default-1423650162737\Extensions\adblockpopups@jessehakanen.net.xpi [2015-02-11]
FF Extension: NoScript - C:\Users\Joe Collura\AppData\Roaming\Mozilla\Firefox\Profiles\mg7t097r.default-1423650162737\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-11]
FF Extension: Fasterfox - C:\Users\Joe Collura\AppData\Roaming\Mozilla\Firefox\Profiles\mg7t097r.default-1423650162737\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2015-02-11]
FF Extension: Adblock Plus - C:\Users\Joe Collura\AppData\Roaming\Mozilla\Firefox\Profiles\mg7t097r.default-1423650162737\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-24]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-24]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-20] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-24] (AVAST Software)
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-01-16] (Intuit) [File not signed]
S4 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2013-06-19] (Intuit Inc.) [File not signed]
S4 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-06-19] (Intuit Inc.) [File not signed]
S4 TosExtSvc; C:\Program Files\TOSHIBA\HDD Password Tool\TosExtSvc.exe [1630512 2013-03-07] (TOSHIBA CORPORATION)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S3 HPSLPSVC; C:\Users\Joe Collura\AppData\Local\Temp\7zS6A13\hpslpsvc32.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-12-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-12-24] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-12-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-12-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-12-24] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-24] ()
R3 dg_ksudbus; C:\Windows\System32\DRIVERS\ksudbus.sys [75776 2011-03-25] (Microsoft Corporation) [File not signed]
S3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2014-03-18] (Logitech, Inc.)
S3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2014-03-18] (Logitech, Inc.)
R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [82648 2015-02-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF32.sys [108544 2011-08-15] (Matrox Graphics Inc.) [File not signed]
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [822272 2009-11-16] (Ralink Technology Corp.) [File not signed]
R0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [24680 2009-11-24] (NVIDIA Corporation)
S3 NVNET; C:\Windows\System32\DRIVERS\nvmf6232.sys [291456 2012-02-28] (NVIDIA Corporation) [File not signed]
R3 pimou; C:\Windows\System32\DRIVERS\pimou.sys [21432 2013-11-30] (Christian Gulden)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 TosExt; C:\Windows\system32\Drivers\TosExt.sys [23344 2013-03-07] (TOSHIBA Corporation)
S3 dc3d; system32\DRIVERS\dc3d.sys [X]
S0 hcfdkkag; System32\drivers\qwfrch.sys [X]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X]
S3 mferkdk; system32\drivers\mferkdk.sys [X]
S3 mfesmfk; system32\drivers\mfesmfk.sys [X]
S3 NuidFltr; system32\DRIVERS\NuidFltr.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-13 00:07 - 2015-02-13 00:08 - 00013311 ____C () C:\Users\Joe Collura\Desktop\FRST.txt
2015-02-13 00:06 - 2015-02-13 00:07 - 00000000 ___DC () C:\FRST
2015-02-13 00:05 - 2015-02-13 00:06 - 01125376 _____ (Farbar) C:\Users\Joe Collura\Desktop\FRST.exe
2015-02-12 19:10 - 2015-02-12 19:10 - 00000544 ____C () C:\DelFix.txt
2015-02-12 11:11 - 2014-12-24 18:54 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-02-12 01:41 - 2015-02-12 01:41 - 00000000 ____D () C:\Users\Joe Collura\AppData\Local\Apps\2.0
2015-02-11 10:18 - 2015-02-12 12:06 - 00000000 ___DC () C:\Program Files\Mozilla Firefox
2015-02-11 10:18 - 2015-02-11 10:18 - 00001077 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-11 10:18 - 2015-02-11 10:18 - 00001065 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-11 10:18 - 2015-02-11 10:18 - 00000000 ___DC () C:\Program Files\Mozilla Maintenance Service
2015-02-11 04:45 - 2015-02-11 04:45 - 00000000 ____D () C:\Windows\Sun
2015-02-11 04:36 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 04:36 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 04:36 - 2015-01-08 21:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-11 04:36 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-11 04:36 - 2015-01-08 21:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-11 01:53 - 2015-02-11 01:53 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 01:47 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 01:47 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 01:02 - 2015-02-11 01:02 - 00003989 ____C () C:\Users\Joe Collura\Desktop\GMER.log
2015-02-11 00:51 - 2015-02-11 00:51 - 00000000 ___HD () C:\Windows\PIF
2015-02-10 20:54 - 2015-01-15 02:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 20:54 - 2015-01-15 02:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 20:54 - 2015-01-15 02:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 20:54 - 2015-01-15 02:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 20:54 - 2015-01-15 02:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 20:54 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 20:54 - 2015-01-15 02:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 20:54 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 20:54 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 20:54 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 20:54 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 20:54 - 2015-01-14 23:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 20:54 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 20:54 - 2015-01-08 20:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 20:53 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-10 20:53 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 20:52 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 20:52 - 2015-01-11 20:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 20:52 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 20:52 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 20:52 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 20:52 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 20:52 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 20:52 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 20:52 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 20:52 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 20:52 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 20:51 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 20:51 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 20:51 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 20:51 - 2015-01-11 21:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 20:51 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 20:51 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 20:51 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 20:51 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 20:51 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 20:51 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 20:51 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 20:51 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 20:51 - 2015-01-11 20:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 20:51 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 20:51 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 20:51 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 20:51 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 20:51 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 20:51 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 20:51 - 2015-01-11 20:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 20:51 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 20:51 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 20:51 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 20:51 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 20:51 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 20:50 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 19:13 - 2014-05-14 18:37 - 03086040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2015-02-10 19:13 - 2014-05-14 16:00 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-02-10 19:13 - 2014-05-08 16:29 - 01728280 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO232.dll
2015-02-10 19:13 - 2014-04-30 11:34 - 00916696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2015-02-10 19:13 - 2014-04-28 15:48 - 02474200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO.dll
2015-02-10 19:13 - 2014-04-25 13:51 - 02566872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2015-02-10 19:13 - 2014-04-25 13:23 - 00782040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2015-02-10 19:13 - 2014-03-06 16:35 - 01892056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2015-02-10 19:13 - 2014-02-18 17:04 - 02421792 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2015-02-10 19:13 - 2014-01-08 15:25 - 00332568 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp32.dll
2015-02-10 19:13 - 2013-10-16 03:43 - 00182472 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2015-02-10 19:13 - 2013-10-11 12:47 - 00092584 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-02-10 19:13 - 2012-06-08 16:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO32.dll
2015-02-10 19:13 - 2012-03-08 11:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2015-02-10 19:13 - 2011-12-16 14:57 - 00054360 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld32.dll
2015-02-10 19:13 - 2011-11-22 16:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2015-02-10 19:13 - 2010-11-08 07:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2015-02-10 19:13 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2015-02-10 19:13 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2015-02-10 19:13 - 2010-11-08 07:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2015-02-10 19:13 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2015-02-10 19:13 - 2010-11-08 07:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2015-02-10 19:13 - 2009-11-24 09:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2015-02-10 19:13 - 2009-11-24 09:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2015-02-10 19:13 - 2009-11-18 07:13 - 00050776 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn32.dll
2015-02-06 19:33 - 2015-02-10 23:19 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-06 19:33 - 2015-02-10 23:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-05 15:10 - 2015-02-05 16:31 - 00018432 ____C () C:\Users\Joe Collura\Documents\2014 Med Appt Credit.xls
2015-02-03 18:19 - 2015-02-03 18:19 - 00000280 _____ () C:\Windows\system32\mbr.log
2015-02-03 10:44 - 2015-02-03 10:44 - 00000819 ____C () C:\Users\Joe Collura\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2015-01-30 21:12 - 2015-02-12 22:53 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\vlc
2015-01-30 20:41 - 2015-02-11 02:11 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-30 20:41 - 2015-01-30 20:41 - 00000984 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-29 15:25 - 2014-04-02 13:55 - 00106928 _____ (GEAR Software Inc.) C:\Windows\system32\GEARAspi.dll
2015-01-29 15:25 - 2014-04-02 13:55 - 00029224 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-01-29 15:24 - 2015-01-29 15:38 - 00000000 ____D () C:\ProgramData\GEAR Software DVD CDRom
2015-01-29 15:23 - 2015-01-29 15:23 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\Downloaded Installations
2015-01-28 21:14 - 2015-01-28 21:14 - 00000000 ___DC () C:\Program Files\ESET
2015-01-28 01:56 - 2015-01-28 01:56 - 00198322 ____C () C:\Users\Joe Collura\Desktop\sfcdetails.txt
2015-01-28 01:18 - 2015-01-28 01:18 - 00000000 _____ () C:\Windows\system32\%userprofile
2015-01-28 01:14 - 2015-01-28 01:14 - 01044504 ____C () C:\Users\Joe Collura\Desktop\CBS 1-27-15.txt
2015-01-27 17:46 - 2015-01-27 17:46 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-01-27 17:46 - 2015-01-27 17:46 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-01-27 17:46 - 2015-01-27 17:46 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-01-27 17:46 - 2015-01-27 17:46 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-01-27 17:46 - 2015-01-27 17:46 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-01-27 17:46 - 2015-01-27 17:46 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-01-27 17:46 - 2015-01-27 17:46 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-01-27 17:46 - 2015-01-27 17:46 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-01-27 17:46 - 2015-01-27 17:46 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-01-27 16:46 - 2015-01-27 16:46 - 00000000 ____D () C:\ProgramData\Sun
2015-01-26 23:15 - 2015-02-12 23:17 - 01778217 _____ () C:\Windows\WindowsUpdate.log
2015-01-14 04:37 - 2014-12-18 21:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 04:37 - 2014-12-18 20:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 04:37 - 2014-12-11 12:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 04:37 - 2014-12-05 22:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 23:48 - 2014-07-01 14:35 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-12 22:47 - 2012-08-24 10:08 - 00000000 ___DC () C:\Program Files\SUPERAntiSpyware
2015-02-12 22:35 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2015-02-12 22:30 - 2014-01-18 14:07 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\Wise Disk Cleaner
2015-02-12 22:17 - 2014-11-01 11:31 - 00009712 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-12 22:17 - 2011-12-17 21:34 - 00009712 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-12 22:13 - 2013-04-07 13:40 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\Wise Registry Cleaner
2015-02-12 20:31 - 2006-11-02 05:23 - 00000240 _____ () C:\Windows\win.ini
2015-02-12 20:05 - 2014-12-31 11:31 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Configuration Analyzer Tool 1.2
2015-02-12 20:05 - 2014-12-31 11:31 - 00000000 ___DC () C:\Program Files\Microsoft OffCAT
2015-02-12 19:39 - 2009-08-15 22:09 - 00000000 ___DC () C:\ProgramData\Apple
2015-02-12 19:33 - 2009-12-12 12:14 - 00000000 ___DC () C:\Program Files\Java
2015-02-12 19:29 - 2011-09-03 15:45 - 00000000 ___DC () C:\Users\Joe Collura\Desktop\Tools
2015-02-12 12:10 - 2013-04-02 12:45 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\BitTorrent
2015-02-12 12:09 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-02-12 11:56 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-12 11:15 - 2014-07-01 13:59 - 00082648 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-12 11:12 - 2014-12-24 18:56 - 00002077 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-12 10:55 - 2010-11-20 16:01 - 00786558 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-12 02:03 - 2014-11-02 12:09 - 00000000 ____D () C:\Windows\erdnt
2015-02-12 00:23 - 2009-07-13 21:04 - 00000215 ____C () C:\Windows\system.ini
2015-02-11 23:05 - 2012-08-22 11:51 - 00000000 ____D () C:\Windows\pss
2015-02-11 10:19 - 2009-11-08 18:00 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\Mozilla
2015-02-11 10:14 - 2014-10-29 17:23 - 00000000 ___DC () C:\Program Files\iTunes
2015-02-11 09:55 - 2011-02-21 18:02 - 00000000 ___DC () C:\Users\Joe Collura\Documents\Health Insurance
2015-02-11 09:44 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\tracing
2015-02-11 02:11 - 2012-01-01 00:26 - 00000000 ____D () C:\Windows\Minidump
2015-02-11 02:07 - 2013-07-13 09:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 01:57 - 2011-12-18 12:46 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 19:14 - 2014-12-21 15:43 - 00000000 __HDC () C:\Program Files\Temp
2015-02-10 19:14 - 2014-11-23 15:54 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-02-05 11:58 - 2013-11-11 14:48 - 00000000 ___DC () C:\Users\Joe Collura\Documents\Personal Health
2015-02-04 11:16 - 2014-12-26 13:30 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-02-03 18:48 - 2009-08-15 13:24 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\Adobe
2015-02-03 18:06 - 2009-08-15 17:47 - 00000000 ___DC () C:\ProgramData\Adobe
2015-02-03 17:01 - 2009-08-17 11:44 - 00000376 _____ () C:\Windows\ODBC.INI
2015-02-03 14:55 - 2011-12-22 23:10 - 00000000 ___DC () C:\Program Files\Common Files\Adobe
2015-02-03 14:48 - 2009-08-15 17:47 - 00000000 ___DC () C:\Program Files\Adobe
2015-02-03 10:44 - 2015-01-04 14:40 - 00000839 ____C () C:\Users\Joe Collura\Desktop\BitTorrent.lnk
2015-02-02 15:52 - 2012-09-08 10:59 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\DVDVideoSoft
2015-01-30 20:40 - 2009-08-17 19:12 - 00000000 ___DC () C:\Program Files\VideoLAN
2015-01-28 01:40 - 2014-11-13 21:29 - 00042420 _____ () C:\Windows\system32\sfcdetails.txt
2015-01-27 23:12 - 2014-08-20 15:23 - 00000000 ___DC () C:\Program Files\7-Zip
2015-01-27 19:47 - 2010-11-05 23:59 - 00000925 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-27 19:47 - 2009-08-31 19:47 - 00000000 ___DC () C:\Program Files\CCleaner
2015-01-27 17:22 - 2011-12-18 12:11 - 00001373 ____C () C:\Users\Joe Collura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-27 16:49 - 2009-08-13 17:15 - 00000000 ___DC () C:\ProgramData\NVIDIA
2015-01-27 16:48 - 2014-04-26 19:20 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-27 16:45 - 2014-10-29 20:25 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-01-27 01:10 - 2011-12-17 21:46 - 00000000 ___DC () C:\Users\Joe Collura
2015-01-15 03:07 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET

==================== Files in the root of some directories =======

2014-10-23 21:56 - 2014-10-23 21:57 - 0000165 ____C () C:\Users\Joe Collura\AppData\Roaming\settings.xml
2011-12-19 00:41 - 2014-10-17 22:13 - 0046080 _____ () C:\Users\Joe Collura\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-23 17:11 - 2015-02-03 15:12 - 0007623 _____ () C:\Users\Joe Collura\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2012-08-27 09:31

==================== End Of Log ============================

 

dditional scan result of Farbar Recovery Scan Tool (x86) Version: 12-02-2015
Ran by Joe Collura at 2015-02-13 00:09:21
Running from C:\Users\Joe Collura\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.38 beta (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
BitTorrent (HKU\S-1-5-21-382782190-1362263433-3942239974-1000\...\BitTorrent) (Version: 7.9.2.38657 - BitTorrent Inc.)
BitTorrent (HKU\S-1-5-21-382782190-1362263433-3942239974-500\...\BitTorrent) (Version: 6.2.0 - BitTorrent, Inc)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
GEAR driver installer 4.021.1 (HKLM\...\{872C52AE-306E-4A0A-8544-CB3388F1F13B}) (Version: 4.021.1 - GEAR Software)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Media Cope 4.0 (HKLM\...\Media Cope_is1) (Version:  - Media Cope)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Configuration Analyzer Tool 1.2 (HKLM\...\{57164560-615C-4C9F-A75E-865B2A56310C}) (Version: 1.2.2 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Publisher 2007 (HKLM\...\PUBLISHERR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9713 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
QuickBooks Pro 2013 (HKLM\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4008.2305 - Intuit Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
SeaTools for Windows (HKLM\...\SeaTools for Windows) (Version:  - Seagate Technology)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.5.1012 - SUPERAntiSpyware.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Wise Disk Cleaner 8.41 (HKLM\...\Wise Disk Cleaner_is1) (Version: 8.41 - WiseCleaner.com, Inc.)
Wise Registry Cleaner 8.31 (HKLM\...\Wise Registry Cleaner_is1) (Version: 8.31 - WiseCleaner.com, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{23CEE673-F947-4d94-9D54-F4BA00C8B73D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{3CDEA288-D759-4C3B-B07F-7AFBCC842D98}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{047466F1-82AE-455A-AFC4-D3AC463FBF6B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{1704815D-0A03-44ff-8646-1AE1FE84E313}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2008\qbw32.exe No File
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{23CEE673-F947-4d94-9D54-F4BA00C8B73D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{32D32337-1511-4416-85C5-FD96C99322A0}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{3928D252-6BB4-4C0D-BE70-1E03AF93D464}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{3CDEA288-D759-4C3B-B07F-7AFBCC842D98}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{5349004A-12AB-4543-A596-6DC2F8D2B3F2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{8034BBB8-2145-4159-9A34-51E21A0A981F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2008\qbw32.exe No File
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{F19F9A95-7A43-4A93-80B0-C9C1FF6F63F9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2008\qbw32.exe No File
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-500_classes\CLSID\{FD73FE5B-12B1-4E8A-BDA9-9B4A79EABC99}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

==================== Restore Points  =========================

28-01-2015 16:26:48 avast! antivirus system restore point
29-01-2015 15:23:57 Installed GEAR driver installer 4.021.1
03-02-2015 01:40:50 Windows Update
04-02-2015 10:35:30 Windows Update
04-02-2015 11:02:36 Windows Update
04-02-2015 14:22:46 Windows Update
05-02-2015 03:25:09 Created by Wise Disk Cleaner
10-02-2015 01:41:49 Windows Update
11-02-2015 01:49:33 Windows Update
11-02-2015 04:37:03 Windows Update
11-02-2015 15:43:00 Installed Sophos Virus Removal Tool.
11-02-2015 17:27:15 Removed Sophos Virus Removal Tool.
12-02-2015 11:08:41 avast! antivirus system restore point
12-02-2015 19:55:35 Installed Microsoft Fix it 50388
12-02-2015 20:15:25 Windows Modules Installer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2015-02-12 00:23 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0EB26E28-CDA5-499D-A482-1B88A2A9670F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3A950610-5351-4CF3-89BD-526A7E64AA8B} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {72CDF776-B79F-4ADF-88A4-33D3BC1E653D} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {7920A6FE-C95F-46E7-9769-F128E1A9A0F5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-24] (AVAST Software)
Task: {B409D564-DC66-4F82-907B-EBA261056F13} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {D57FADC6-76ED-4795-84EF-38045E8C990E} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) ==============

2015-02-12 03:50 - 2015-02-12 03:50 - 02912256 ____C () C:\Program Files\AVAST Software\Avast\defs\15021200\algo.dll
2015-02-12 15:57 - 2015-02-12 15:57 - 02912256 ____C () C:\Program Files\AVAST Software\Avast\defs\15021201\algo.dll
2014-12-24 18:54 - 2014-12-24 18:54 - 38562088 ____C () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-11 10:18 - 2015-01-23 05:37 - 03925104 ____C () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-382782190-1362263433-3942239974-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Joe Collura\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-382782190-1362263433-3942239974-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: Zoho Assist => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HDD Password Tool.lnk => C:\Windows\pss\HDD Password Tool.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\Windows\pss\Intuit Data Protect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Joe Collura^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: HP Deskjet 3050A J611 series (NET) => "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN14S4C90K05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== Accounts: =============================

Administrator (S-1-5-21-382782190-1362263433-3942239974-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-382782190-1362263433-3942239974-501 - Limited - Enabled)
Joe Collura (S-1-5-21-382782190-1362263433-3942239974-1000 - Administrator - Enabled) => C:\Users\Joe Collura
UpdatusUser (S-1-5-21-382782190-1362263433-3942239974-1056 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/12/2015 10:45:44 PM) (Source: ESENT) (EventID: 454) (User: )
Description: DllHost (5060) WebCacheLocal: Database recovery/restore failed with unexpected error -543.

Error: (02/12/2015 10:45:44 PM) (Source: ESENT) (EventID: 452) (User: )
Description: DllHost (5060) WebCacheLocal: Database C:\Users\Joe Collura\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat requires logfiles 12-14 in order to recover successfully. Recovery could only locate logfiles starting at 14.


System errors:
=============
Error: (02/12/2015 10:11:22 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Description with the following error:
%%5

Error: (02/12/2015 10:11:22 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (02/12/2015 10:11:17 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Description with the following error:
%%5

Error: (02/12/2015 10:11:17 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (02/12/2015 10:11:16 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DelayedAutostart with the following error:
%%5

Error: (02/12/2015 10:11:16 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Description with the following error:
%%5

Error: (02/12/2015 10:11:16 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-12-20 15:07:12.278
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\WMVDECOD.DLL because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-20 15:07:11.908
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\WMVDECOD.DLL because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-19 17:14:32.403
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\WMVDECOD.DLL because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-19 17:14:32.143
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\WMVDECOD.DLL because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-19 17:13:37.532
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\WMVDECOD.DLL because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-19 17:13:37.264
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\WMVDECOD.DLL because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 4000+
Percentage of memory in use: 34%
Total physical RAM: 3518.49 MB
Available physical RAM: 2303.3 MB
Total Pagefile: 7036.98 MB
Available Pagefile: 5351.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1886.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:445.7 GB) (Free:250.8 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:20.01 GB) (Free:16.28 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F0F57708)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=445.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/15/2015 03:54:53 PM in x86 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * Your %Temp% folder is set to C:\Windows\TEMP, which can be dangerous. Skipping termination for this folder.
 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Disabled

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 02/15/2015 04:01:27 PM
Execution time: 0 hours(s), 6 minute(s), and 34 seconds(s)

 

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode
User : Joe Collura [Administrator]
Mode : Delete -- Date : 02/15/2015  16:29:20

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\CAVERAZA -> Deleted
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\JPABPVMCX -> Deleted
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MMPO -> Deleted
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] HKEY_USERS\S-1-5-21-382782190-1362263433-3942239974-1000\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-382782190-1362263433-3942239974-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Replaced (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-382782190-1362263433-3942239974-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Replaced (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-382782190-1362263433-3942239974-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Replaced (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-382782190-1362263433-3942239974-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Replaced (0)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD50 00AAKS-00UU3 SCSI Disk Device +++++
--- User ---
[MBR] 52015bbe1173f1591c14ba550dc796ab
[BSP] 4e8d60a25ba48f18a1e054a0532e3e98 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 112455 | Size: 20489 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 42076160 | Size: 456394 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: TEAC USB   HS-CF Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: TEAC USB   HS-xD/SM USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: TEAC USB   HS-MS Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: TEAC USB   HS-SD Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_02152015_162652.log

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-02-11 01:02:19
Windows 6.1.7601 Service Pack 1
Running: qd6xx89q.exe


---- Files - GMER 2.1 ----

File  C:\Qoobox\BackEnv\Music.folder.dat                                                    105 bytes
File  C:\Qoobox\BackEnv\AppData.folder.dat                                                  231 bytes
File  C:\Qoobox\BackEnv\Cache.folder.dat                                                    418 bytes
File  C:\Qoobox\BackEnv\Cookies.folder.dat                                                  220 bytes
File  C:\Qoobox\BackEnv\Desktop.folder.dat                                                  173 bytes
File  C:\Qoobox\BackEnv\Favorites.folder.dat                                                183 bytes
File  C:\Qoobox\BackEnv\History.folder.dat                                                  214 bytes
File  C:\Qoobox\BackEnv\LocalAppData.folder.dat                                             203 bytes
File  C:\Qoobox\BackEnv\LocalSettings.folder.dat                                            203 bytes
File  C:\Qoobox\BackEnv\NetHood.folder.dat                                                  172 bytes
File  C:\Qoobox\BackEnv\Personal.folder.dat                                                 183 bytes
File  C:\Qoobox\BackEnv\Pictures.folder.dat                                                 178 bytes
File  C:\Qoobox\BackEnv\PrintHood.folder.dat                                                172 bytes
File  C:\Qoobox\BackEnv\Profiles.Folder.dat                                                 229 bytes
File  C:\Qoobox\BackEnv\Profiles.Folder.folder.dat                                          305 bytes
File  C:\Qoobox\BackEnv\Profiles_wo_ntuser.Folder.dat                                       24 bytes
File  C:\Qoobox\BackEnv\Programs.folder.dat                                                 613 bytes
File  C:\Qoobox\BackEnv\Recent.folder.dat                                                   150 bytes
File  C:\Qoobox\BackEnv\SendTo.folder.dat                                                   217 bytes
File  C:\Qoobox\BackEnv\SetPath.bat                                                         9072 bytes
File  C:\Qoobox\BackEnv\StartMenu.folder.dat                                                405 bytes
File  C:\Qoobox\BackEnv\StartUp.folder.dat                                                  589 bytes
File  C:\Qoobox\BackEnv\SysPath.dat                                                         3697 bytes
File  C:\Qoobox\BackEnv\Templates.folder.dat                                                399 bytes
File  C:\Qoobox\BackEnv\VikPev00                                                            2135 bytes
File  C:\Windows\CSC\v2.0.6\namespace                                                       0 bytes
File  C:\Windows\CSC\v2.0.6\pq                                                              64 bytes
File  C:\Windows\CSC\v2.0.6\sm                                                              4 bytes
File  C:\Windows\CSC\v2.0.6\temp                                                            0 bytes
File  C:\Windows\CSC\v2.0.6\temp\ea-{85313ecb-705d-11e4-a24e-806e6f6e6963}                  0 bytes
File  C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl                            172584 bytes
File  C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl               0 bytes
File  C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Microsoft-Windows-Backup.etl  0 bytes
File  C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl                  72 bytes
File  C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl                    72 bytes
File  C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl                     0 bytes
File  C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl                               72 bytes

---- EOF - GMER 2.1 ----

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:06:49 PM, on 2/15/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Windows\system32\DllHost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

--
End of file - 2932 bytes

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Ultimate x86
Ran by Joe Collura on Sun 02/15/2015 at 17:25:36.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders



~~~ Event Viewer Logs were cleared

02/15/2015 18:18
Scan of C:

Scan of *STARTUP

File C:\Users\Joe Collura\AppData\Local\Mozilla\Firefox\Profiles\mg7t097r.default-1423650162737\cache2\entries\001501962E44D2B08400E7CB24FA72293EA25543|>{gzip} is infected by JS:PornPop-D [PUP], Moved to chest
File C:\Users\Joe Collura\Documents\Inbound Marketing\SMART-Marketing-in-2013-Template-protected-older-excel.xlt|>Workbook|>drs\picturexml.xml Error 42125 {ZIP archive is corrupted.}
Number of searched folders: 19423
Number of tested files: 974037
Number of infected files: 1
 



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:24 AM

Posted 16 February 2015 - 04:43 AM

Just to be sure there is no Adware left we will do the steps below. :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 fjrules

fjrules
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 16 February 2015 - 02:00 PM

AdwCleaner, MB,and JRT all clean. I did not fix anything in the FRST logs. Will making fixes with FRST solve any of the problems that were found in the GMER, RogueKiller, and ComboFix logs I posted earlier? Also, re: RogueKiller, some of the registry corrections were not made so I went in and did them manually. The following corrections, though, I'm not sure how to do: [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-382782190-1362263433-3942239974-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0) [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-382782190-1362263433-3942239974-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Replaced (0) [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-382782190-1362263433-3942239974-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0) [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-382782190-1362263433-3942239974-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Replaced (0) E.g. should I simply change 59031A47-3F72-44A7-89C5-5595FE6B30EE to 0? Is that all there is to it? Thank you again! # AdwCleaner v4.110 - Logfile created 16/02/2015 at 13:02:20 # Updated 05/02/2015 by Xplode # Database : 2015-02-14.2 [Server] # Operating system : Windows 7 Ultimate Service Pack 1 (x86) # Username : Joe Collura - JOECOLLURA-PC # Running from : C:\Users\Joe Collura\Desktop\Tools\AdwCleaner.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17631 -\\ Mozilla Firefox v35.0.1 (x86 en-US) ************************* AdwCleaner[R2].txt - [770 bytes] - [16/02/2015 10:44:49] AdwCleaner[R3].txt - [828 bytes] - [16/02/2015 12:52:03] AdwCleaner[S0].txt - [756 bytes] - [16/02/2015 13:02:20] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [814 bytes] ########## Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 2/16/2015 Scan Time: 11:02:35 AM Logfile: MB.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.02.16.05 Rootkit Database: v2015.02.03.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Joe Collura Scan Type: Threat Scan Result: Completed Objects Scanned: 331836 Time Elapsed: 28 min, 19 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.2 (02.02.2015:1) OS: Windows 7 Ultimate x86 Ran by Joe Collura on Mon 02/16/2015 at 12:51:31.88 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 02/16/2015 at 13:01:30.23 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ can result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015 Ran by Joe Collura (administrator) on JOECOLLURA-PC on 16-02-2015 13:09:16 Running from C:\Users\Joe Collura\Desktop\Tools Loaded Profiles: Joe Collura (Available profiles: Joe Collura & UpdatusUser & Administrator) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-05-09] (Realtek Semiconductor) HKU\S-1-5-21-382782190-1362263433-3942239974-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-382782190-1362263433-3942239974-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-382782190-1362263433-3942239974-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-382782190-1362263433-3942239974-1000 -> {7093ECD2-F738-69D1-D9E0-6F52B4A88621} URL = https://www.google.com/search?q={searchTerms} BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2015-01-27] (SuperAdBlocker.com) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll File Not found () Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Joe Collura\AppData\Roaming\Mozilla\Firefox\Profiles\mg7t097r.default-1423650162737 FF DefaultSearchEngine: Google FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=Google FF SearchEngineOrder.US.1: data:text/plain,browser.search.order.US.1=Google FF Homepage: https://www.google.com/?gws_rd=ssl FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Joe Collura\AppData\Roaming\Mozilla\Firefox\Profiles\mg7t097r.default-1423650162737\Extensions\artur.dubovoy@gmail.com [2015-02-15] FF Extension: Adblock Plus Pop-up Addon - C:\Users\Joe Collura\AppData\Roaming\Mozilla\Firefox\Profiles\mg7t097r.default-1423650162737\Extensions\adblockpopups@jessehakanen.net.xpi [2015-02-11] FF Extension: NoScript - C:\Users\Joe Collura\AppData\Roaming\Mozilla\Firefox\Profiles\mg7t097r.default-1423650162737\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-11] FF Extension: Fasterfox - C:\Users\Joe Collura\AppData\Roaming\Mozilla\Firefox\Profiles\mg7t097r.default-1423650162737\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2015-02-11] FF Extension: Adblock Plus - C:\Users\Joe Collura\AppData\Roaming\Mozilla\Firefox\Profiles\mg7t097r.default-1423650162737\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-11] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-24] Chrome: ======= CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-02-13] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - No Path ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-20] (SUPERAntiSpyware.com) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-24] (AVAST Software) S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S4 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-01-16] (Intuit) [File not signed] S4 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2013-06-19] (Intuit Inc.) [File not signed] S4 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-06-19] (Intuit Inc.) [File not signed] S4 TosExtSvc; C:\Program Files\TOSHIBA\HDD Password Tool\TosExtSvc.exe [1630512 2013-03-07] (TOSHIBA CORPORATION) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation) S3 HPSLPSVC; C:\Users\Joe Collura\AppData\Local\Temp\7zS6A13\hpslpsvc32.dll [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-24] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-12-24] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-12-24] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-24] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-12-24] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-12-24] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-12-24] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-24] () R3 dg_ksudbus; C:\Windows\System32\DRIVERS\ksudbus.sys [75776 2011-03-25] (Microsoft Corporation) [File not signed] S3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2014-03-18] (Logitech, Inc.) S3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2014-03-18] (Logitech, Inc.) S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [82648 2015-02-12] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF32.sys [108544 2011-08-15] (Matrox Graphics Inc.) [File not signed] S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [822272 2009-11-16] (Ralink Technology Corp.) [File not signed] R0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [24680 2009-11-24] (NVIDIA Corporation) S3 NVNET; C:\Windows\System32\DRIVERS\nvmf6232.sys [291456 2012-02-28] (NVIDIA Corporation) [File not signed] R3 pimou; C:\Windows\System32\DRIVERS\pimou.sys [21432 2013-11-30] (Christian Gulden) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R0 TosExt; C:\Windows\system32\Drivers\TosExt.sys [23344 2013-03-07] (TOSHIBA Corporation) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-15] () S3 dc3d; system32\DRIVERS\dc3d.sys [X] S0 hcfdkkag; System32\drivers\qwfrch.sys [X] S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X] S3 mferkdk; system32\drivers\mferkdk.sys [X] S3 mfesmfk; system32\drivers\mfesmfk.sys [X] S3 NuidFltr; system32\DRIVERS\NuidFltr.sys [X] S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-16 13:06 - 2015-02-16 13:06 - 00000893 ____C () C:\Users\Joe Collura\Desktop\AdwCleaner[S0].txt 2015-02-16 13:04 - 2015-02-16 13:07 - 03820624 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-16 13:04 - 2015-02-16 13:04 - 00009643 _____ () C:\Windows\setupact.log 2015-02-16 13:04 - 2015-02-16 13:04 - 00000000 _____ () C:\Windows\setuperr.log 2015-02-16 13:03 - 2015-02-16 13:03 - 00004842 _____ () C:\Windows\PFRO.log 2015-02-16 13:02 - 2015-02-16 13:02 - 00000635 ____C () C:\Users\Joe Collura\Documents\JRT 2.txt 2015-02-16 13:01 - 2015-02-16 13:01 - 00000635 ____C () C:\Users\Joe Collura\Desktop\JRT.txt 2015-02-16 12:15 - 2015-02-16 12:50 - 427777593 _____ () C:\Users\Joe Collura\Downloads\vv15.zip.002 2015-02-16 11:38 - 2015-02-16 11:38 - 00001059 ____C () C:\Users\Joe Collura\Desktop\MB.txt 2015-02-16 11:27 - 2015-02-16 12:46 - 00000000 ___DC () C:\Users\Joe Collura\Downloads\Mandy A 2015-02-16 11:23 - 2015-02-16 11:23 - 00000000 ___DC () C:\Users\Joe Collura\Downloads\Kearsley 2015-02-16 10:44 - 2015-02-16 13:02 - 00000000 ___DC () C:\AdwCleaner 2015-02-16 10:28 - 2014-03-06 15:26 - 1046239149 ____C () C:\Users\Joe Collura\Downloads\POVD - Alexis Adams - Footballing.mp4 2015-02-15 20:08 - 2015-02-15 19:50 - 00000543 ____C () C:\Users\Joe Collura\Desktop\aswBoot.txt 2015-02-15 17:43 - 2015-02-15 18:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-02-15 17:24 - 2015-02-15 17:24 - 00017453 ____C () C:\ComboFix.txt 2015-02-15 16:46 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-02-15 16:46 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-02-15 16:46 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-02-15 16:46 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-02-15 16:46 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-02-15 16:46 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe 2015-02-15 16:46 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe 2015-02-15 16:46 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe 2015-02-15 16:45 - 2015-02-15 17:24 - 00000000 ___DC () C:\Qoobox 2015-02-15 16:45 - 2015-02-15 17:24 - 00000000 ___DC () C:\ComboFix 2015-02-15 16:11 - 2015-02-15 16:21 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2015-02-15 16:11 - 2015-02-15 16:11 - 00000000 ____D () C:\ProgramData\RogueKiller 2015-02-15 15:54 - 2015-02-15 16:01 - 00002462 ____C () C:\Users\Joe Collura\Desktop\Rkill.txt 2015-02-15 15:06 - 2015-02-15 15:06 - 00002933 ____C () C:\Users\Joe Collura\Desktop\hijackthis.log 2015-02-15 14:58 - 2015-02-15 14:58 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis 2015-02-15 14:58 - 2015-02-15 14:58 - 00000000 ___DC () C:\Program Files\Trend Micro 2015-02-14 12:34 - 2015-02-14 12:34 - 00000949 ____C () C:\Users\Joe Collura\Desktop\Media Cope.lnk 2015-02-14 12:34 - 2015-02-14 12:34 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Cope 2015-02-14 12:34 - 2010-09-10 16:38 - 00211456 _____ (Media Cope) C:\Windows\system32\MediaCopeShellM.dll 2015-02-14 12:34 - 2010-09-10 16:37 - 00211456 _____ (Media Cope) C:\Windows\system32\MediaCopeShellS.dll 2015-02-13 14:26 - 2015-02-13 14:26 - 00000000 ___DC () C:\Program Files\Windows Resource Kits 2015-02-13 13:17 - 2014-12-24 18:54 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-02-13 00:09 - 2015-02-13 00:10 - 00040772 ____C () C:\Users\Joe Collura\Desktop\Addition.txt 2015-02-13 00:07 - 2015-02-13 00:10 - 00035769 ____C () C:\Users\Joe Collura\Desktop\FRST.txt 2015-02-13 00:06 - 2015-02-16 13:09 - 00000000 ___DC () C:\FRST 2015-02-12 19:10 - 2015-02-12 19:10 - 00000544 ____C () C:\DelFix.txt 2015-02-11 10:18 - 2015-02-12 12:06 - 00000000 ___DC () C:\Program Files\Mozilla Firefox 2015-02-11 10:18 - 2015-02-11 10:18 - 00001077 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-02-11 10:18 - 2015-02-11 10:18 - 00001065 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-02-11 10:18 - 2015-02-11 10:18 - 00000000 ___DC () C:\Program Files\Mozilla Maintenance Service 2015-02-11 04:45 - 2015-02-11 04:45 - 00000000 ____D () C:\Windows\Sun 2015-02-11 04:36 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-02-11 04:36 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-02-11 04:36 - 2015-01-08 21:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-02-11 04:36 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-02-11 04:36 - 2015-01-08 21:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-02-11 01:53 - 2015-02-11 01:53 - 00000000 ____D () C:\ProgramData\Package Cache 2015-02-11 01:47 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-02-11 01:47 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-02-11 01:02 - 2015-02-11 01:02 - 00003989 ____C () C:\Users\Joe Collura\Desktop\GMER.log 2015-02-11 00:51 - 2015-02-11 00:51 - 00000000 ___HD () C:\Windows\PIF 2015-02-10 20:54 - 2015-01-15 02:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-02-10 20:54 - 2015-01-15 02:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-02-10 20:54 - 2015-01-15 02:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-02-10 20:54 - 2015-01-15 02:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-02-10 20:54 - 2015-01-15 02:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-02-10 20:54 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-02-10 20:54 - 2015-01-15 02:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-02-10 20:54 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-02-10 20:54 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-02-10 20:54 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-02-10 20:54 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-02-10 20:54 - 2015-01-14 23:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-02-10 20:54 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-10 20:54 - 2015-01-08 20:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-10 20:53 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-02-10 20:53 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-02-10 20:52 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-02-10 20:52 - 2015-01-11 20:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-02-10 20:52 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-02-10 20:52 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-02-10 20:52 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-02-10 20:52 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-02-10 20:52 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-02-10 20:52 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-02-10 20:52 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-02-10 20:52 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-02-10 20:52 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-10 20:51 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-02-10 20:51 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-10 20:51 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-02-10 20:51 - 2015-01-11 21:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-02-10 20:51 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-10 20:51 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-02-10 20:51 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-02-10 20:51 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-10 20:51 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-02-10 20:51 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-02-10 20:51 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-02-10 20:51 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-02-10 20:51 - 2015-01-11 20:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-02-10 20:51 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-10 20:51 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-02-10 20:51 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-10 20:51 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-02-10 20:51 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-10 20:51 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-10 20:51 - 2015-01-11 20:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-02-10 20:51 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-02-10 20:51 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-10 20:51 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-10 20:51 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-10 20:51 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-02-10 20:50 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-10 19:13 - 2014-05-14 18:37 - 03086040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys 2015-02-10 19:13 - 2014-05-14 16:00 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT 2015-02-10 19:13 - 2014-05-08 16:29 - 01728280 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO232.dll 2015-02-10 19:13 - 2014-04-30 11:34 - 00916696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll 2015-02-10 19:13 - 2014-04-28 15:48 - 02474200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO.dll 2015-02-10 19:13 - 2014-04-25 13:51 - 02566872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll 2015-02-10 19:13 - 2014-04-25 13:23 - 00782040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll 2015-02-10 19:13 - 2014-03-06 16:35 - 01892056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl 2015-02-10 19:13 - 2014-02-18 17:04 - 02421792 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll 2015-02-10 19:13 - 2014-01-08 15:25 - 00332568 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp32.dll 2015-02-10 19:13 - 2013-10-16 03:43 - 00182472 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll 2015-02-10 19:13 - 2013-10-11 12:47 - 00092584 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll 2015-02-10 19:13 - 2012-06-08 16:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO32.dll 2015-02-10 19:13 - 2012-03-08 11:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll 2015-02-10 19:13 - 2011-12-16 14:57 - 00054360 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld32.dll 2015-02-10 19:13 - 2011-11-22 16:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll 2015-02-10 19:13 - 2010-11-08 07:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll 2015-02-10 19:13 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll 2015-02-10 19:13 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll 2015-02-10 19:13 - 2010-11-08 07:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll 2015-02-10 19:13 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll 2015-02-10 19:13 - 2010-11-08 07:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll 2015-02-10 19:13 - 2009-11-24 09:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll 2015-02-10 19:13 - 2009-11-24 09:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll 2015-02-10 19:13 - 2009-11-18 07:13 - 00050776 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn32.dll 2015-02-06 19:33 - 2015-02-10 23:19 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-02-06 19:33 - 2015-02-10 23:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-02-05 15:10 - 2015-02-05 16:31 - 00018432 ____C () C:\Users\Joe Collura\Documents\2014 Med Appt Credit.xls 2015-02-03 18:19 - 2015-02-03 18:19 - 00000280 _____ () C:\Windows\system32\mbr.log 2015-02-03 10:44 - 2015-02-03 10:44 - 00000819 ____C () C:\Users\Joe Collura\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk 2015-01-30 21:12 - 2015-02-16 13:00 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\vlc 2015-01-30 20:41 - 2015-02-11 02:11 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-01-30 20:41 - 2015-01-30 20:41 - 00000984 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2015-01-29 15:25 - 2014-04-02 13:55 - 00106928 _____ (GEAR Software Inc.) C:\Windows\system32\GEARAspi.dll 2015-01-29 15:25 - 2014-04-02 13:55 - 00029224 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2015-01-29 15:24 - 2015-01-29 15:38 - 00000000 ____D () C:\ProgramData\GEAR Software DVD CDRom 2015-01-28 21:14 - 2015-01-28 21:14 - 00000000 ___DC () C:\Program Files\ESET 2015-01-28 01:56 - 2015-01-28 01:56 - 00198322 ____C () C:\Users\Joe Collura\Desktop\sfcdetails.txt 2015-01-28 01:18 - 2015-01-28 01:18 - 00000000 _____ () C:\Windows\system32\%userprofile 2015-01-28 01:14 - 2015-01-28 01:14 - 01044504 ____C () C:\Users\Joe Collura\Desktop\CBS 1-27-15.txt 2015-01-27 17:46 - 2015-01-27 17:46 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2015-01-27 17:46 - 2015-01-27 17:46 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2015-01-27 17:46 - 2015-01-27 17:46 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-01-27 17:46 - 2015-01-27 17:46 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-01-27 17:46 - 2015-01-27 17:46 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-01-27 17:46 - 2015-01-27 17:46 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-01-27 17:46 - 2015-01-27 17:46 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2015-01-27 17:46 - 2015-01-27 17:46 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2015-01-27 17:46 - 2015-01-27 17:46 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2015-01-27 17:46 - 2015-01-27 17:46 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2015-01-27 17:46 - 2015-01-27 17:46 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-01-27 17:46 - 2015-01-27 17:46 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-01-27 17:46 - 2015-01-27 17:46 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2015-01-27 17:46 - 2015-01-27 17:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2015-01-27 17:46 - 2015-01-27 17:46 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2015-01-27 17:46 - 2015-01-27 17:46 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2015-01-27 17:46 - 2015-01-27 17:46 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2015-01-27 17:46 - 2015-01-27 17:46 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2015-01-27 17:46 - 2015-01-27 17:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2015-01-27 17:46 - 2015-01-27 17:46 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2015-01-27 17:46 - 2015-01-27 17:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2015-01-27 17:46 - 2015-01-27 17:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-01-27 17:46 - 2015-01-27 17:46 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2015-01-27 17:46 - 2015-01-27 17:46 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2015-01-27 17:46 - 2015-01-27 17:46 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-01-27 17:46 - 2015-01-27 17:46 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-01-27 16:46 - 2015-01-27 16:46 - 00000000 ____D () C:\ProgramData\Sun 2015-01-26 23:15 - 2015-02-16 13:10 - 01559148 _____ () C:\Windows\WindowsUpdate.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-16 13:09 - 2011-09-03 15:45 - 00000000 ___DC () C:\Users\Joe Collura\Desktop\Tools 2015-02-16 13:07 - 2014-07-01 14:35 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-16 13:04 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-15 23:22 - 2013-04-07 13:40 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\Wise Registry Cleaner 2015-02-15 21:18 - 2014-11-01 11:31 - 00009712 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-15 21:18 - 2011-12-17 21:34 - 00009712 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-15 20:41 - 2014-01-18 14:07 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\Wise Disk Cleaner 2015-02-15 20:16 - 2009-08-14 08:21 - 00000000 ___DC () C:\Users\Joe Collura\Documents\Inbound Marketing 2015-02-15 20:04 - 2012-12-02 03:26 - 00114344 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT 2015-02-15 18:15 - 2010-11-20 16:01 - 00786558 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-15 17:20 - 2009-07-13 21:04 - 00000215 ____C () C:\Windows\system.ini 2015-02-15 16:47 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public 2015-02-15 16:46 - 2011-12-17 21:46 - 00000000 ___DC () C:\Users\Administrator 2015-02-15 16:44 - 2014-11-02 12:09 - 00000000 ____D () C:\Windows\erdnt 2015-02-15 15:52 - 2013-04-02 12:45 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\BitTorrent 2015-02-15 15:32 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\LogFiles 2015-02-15 13:46 - 2012-08-24 10:08 - 00000000 ___DC () C:\Program Files\SUPERAntiSpyware 2015-02-14 22:23 - 2011-12-17 21:46 - 00000000 ___DC () C:\Users\Joe Collura 2015-02-14 12:34 - 2014-02-07 20:26 - 00000000 ___DC () C:\Program Files\Media Cope 2015-02-13 13:18 - 2014-12-24 18:56 - 00002077 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-02-12 22:35 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache 2015-02-12 20:31 - 2006-11-02 05:23 - 00000240 _____ () C:\Windows\win.ini 2015-02-12 20:05 - 2014-12-31 11:31 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Configuration Analyzer Tool 1.2 2015-02-12 20:05 - 2014-12-31 11:31 - 00000000 ___DC () C:\Program Files\Microsoft OffCAT 2015-02-12 19:39 - 2009-08-15 22:09 - 00000000 ___DC () C:\ProgramData\Apple 2015-02-12 19:33 - 2009-12-12 12:14 - 00000000 ___DC () C:\Program Files\Java 2015-02-12 11:15 - 2014-07-01 13:59 - 00082648 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-11 23:05 - 2012-08-22 11:51 - 00000000 ____D () C:\Windows\pss 2015-02-11 10:19 - 2009-11-08 18:00 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\Mozilla 2015-02-11 10:14 - 2014-10-29 17:23 - 00000000 ___DC () C:\Program Files\iTunes 2015-02-11 09:55 - 2011-02-21 18:02 - 00000000 ___DC () C:\Users\Joe Collura\Documents\Health Insurance 2015-02-11 09:44 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\tracing 2015-02-11 02:11 - 2012-01-01 00:26 - 00000000 ____D () C:\Windows\Minidump 2015-02-11 02:07 - 2013-07-13 09:32 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-11 01:57 - 2011-12-18 12:46 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-02-10 19:14 - 2014-12-21 15:43 - 00000000 __HDC () C:\Program Files\Temp 2015-02-10 19:14 - 2014-11-23 15:54 - 00000000 ____D () C:\Windows\system32\RTCOM 2015-02-05 11:58 - 2013-11-11 14:48 - 00000000 ___DC () C:\Users\Joe Collura\Documents\Personal Health 2015-02-04 11:16 - 2014-12-26 13:30 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2015-02-03 18:48 - 2009-08-15 13:24 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\Adobe 2015-02-03 18:06 - 2009-08-15 17:47 - 00000000 ___DC () C:\ProgramData\Adobe 2015-02-03 17:01 - 2009-08-17 11:44 - 00000376 _____ () C:\Windows\ODBC.INI 2015-02-03 14:55 - 2011-12-22 23:10 - 00000000 ___DC () C:\Program Files\Common Files\Adobe 2015-02-03 14:48 - 2009-08-15 17:47 - 00000000 ___DC () C:\Program Files\Adobe 2015-02-03 10:44 - 2015-01-04 14:40 - 00000839 ____C () C:\Users\Joe Collura\Desktop\BitTorrent.lnk 2015-02-02 15:52 - 2012-09-08 10:59 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\DVDVideoSoft 2015-01-30 20:40 - 2009-08-17 19:12 - 00000000 ___DC () C:\Program Files\VideoLAN 2015-01-28 01:40 - 2014-11-13 21:29 - 00042420 _____ () C:\Windows\system32\sfcdetails.txt 2015-01-27 23:12 - 2014-08-20 15:23 - 00000000 ___DC () C:\Program Files\7-Zip 2015-01-27 19:47 - 2010-11-05 23:59 - 00000925 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2015-01-27 19:47 - 2009-08-31 19:47 - 00000000 ___DC () C:\Program Files\CCleaner 2015-01-27 17:22 - 2011-12-18 12:11 - 00001373 ____C () C:\Users\Joe Collura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-27 16:49 - 2009-08-13 17:15 - 00000000 ___DC () C:\ProgramData\NVIDIA 2015-01-27 16:48 - 2014-04-26 19:20 - 00000000 ____D () C:\ProgramData\Oracle 2015-01-27 16:45 - 2014-10-29 20:25 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll ==================== Files in the root of some directories ======= 2014-10-23 21:56 - 2014-10-23 21:57 - 0000165 ____C () C:\Users\Joe Collura\AppData\Roaming\settings.xml 2011-12-19 00:41 - 2014-10-17 22:13 - 0046080 _____ () C:\Users\Joe Collura\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-12-23 17:11 - 2015-02-13 16:01 - 0007626 _____ () C:\Users\Joe Collura\AppData\Local\resmon.resmoncfg ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2012-08-27 09:31 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-02-2015 Ran by Joe Collura at 2015-02-16 13:11:30 Running from C:\Users\Joe Collura\Desktop\Tools Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.38 beta (HKLM\...\7-Zip) (Version: - ) Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.) Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software) BitTorrent (HKU\S-1-5-21-382782190-1362263433-3942239974-1000\...\BitTorrent) (Version: 7.9.2.38657 - BitTorrent Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) GEAR driver installer 4.021.1 (HKLM\...\{872C52AE-306E-4A0A-8544-CB3388F1F13B}) (Version: 4.021.1 - GEAR Software) HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro) Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Media Cope 4.0 (HKLM\...\Media Cope_is1) (Version: - Media Cope) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Configuration Analyzer Tool 1.2 (HKLM\...\{57164560-615C-4C9F-A75E-865B2A56310C}) (Version: 1.2.2 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Publisher 2007 (HKLM\...\PUBLISHERR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla) NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9713 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) QuickBooks Pro 2013 (HKLM\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4008.2305 - Intuit Inc.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.) SeaTools for Windows (HKLM\...\SeaTools for Windows) (Version: - Seagate Technology) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.5.1012 - SUPERAntiSpyware.com) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Wise Disk Cleaner 8.41 (HKLM\...\Wise Disk Cleaner_is1) (Version: 8.41 - WiseCleaner.com, Inc.) Wise Registry Cleaner 8.31 (HKLM\...\Wise Registry Cleaner_is1) (Version: 8.31 - WiseCleaner.com, Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{23CEE673-F947-4d94-9D54-F4BA00C8B73D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{3CDEA288-D759-4C3B-B07F-7AFBCC842D98}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) ==================== Restore Points ========================= 05-02-2015 03:25:09 Created by Wise Disk Cleaner 10-02-2015 01:41:49 Windows Update 13-02-2015 14:37:31 Windows Update 15-02-2015 14:05:42 Removed Windows Resource Kit Tools - SubInAcl.exe 15-02-2015 14:57:20 Installed HiJackThis ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 05:23 - 2015-02-15 17:19 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0EB26E28-CDA5-499D-A482-1B88A2A9670F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {3A950610-5351-4CF3-89BD-526A7E64AA8B} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs Task: {4CE6FBC9-9ABD-4C45-AE4B-6A0FDCAA4862} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-24] (AVAST Software) Task: {72CDF776-B79F-4ADF-88A4-33D3BC1E653D} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs Task: {B409D564-DC66-4F82-907B-EBA261056F13} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {D57FADC6-76ED-4795-84EF-38045E8C990E} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Loaded Modules (whitelisted) ============== 2015-02-16 10:28 - 2015-02-16 10:28 - 02911744 ____C () C:\Program Files\AVAST Software\Avast\defs\15021600\algo.dll 2014-12-24 18:54 - 2014-12-24 18:54 - 38562088 ____C () C:\Program Files\AVAST Software\Avast\libcef.dll 2009-08-05 09:45 - 2009-08-05 09:45 - 00106312 ____C () C:\Program Files\Microsoft Office\OFFICE11\OUTLCTL.DLL ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-382782190-1362263433-3942239974-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Joe Collura\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: SwitchBoard => 3 MSCONFIG\Services: Zoho Assist => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HDD Password Tool.lnk => C:\Windows\pss\HDD Password Tool.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\Windows\pss\Intuit Data Protect.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Joe Collura^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk.Startup MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR MSCONFIG\startupreg: HP Deskjet 3050A J611 series (NET) => "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN14S4C90K05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1 MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide ==================== Accounts: ============================= Administrator (S-1-5-21-382782190-1362263433-3942239974-500 - Administrator - Enabled) => C:\Users\Administrator Guest (S-1-5-21-382782190-1362263433-3942239974-501 - Limited - Disabled) Joe Collura (S-1-5-21-382782190-1362263433-3942239974-1000 - Administrator - Enabled) => C:\Users\Joe Collura UpdatusUser (S-1-5-21-382782190-1362263433-3942239974-1056 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/16/2015 01:06:59 PM) (Source: ESENT) (EventID: 455) (User: ) Description: DllHost (2412) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Joe Collura\AppData\Local\Microsoft\Windows\WebCache\V01.log. System errors: ============= Error: (02/16/2015 01:05:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: hcfdkkag Error: (02/16/2015 01:05:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: %%1068 Error: (02/16/2015 01:05:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: %%1058 Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: AMD Athlon™ 64 X2 Dual Core Processor 4000+ Percentage of memory in use: 30% Total physical RAM: 3518.49 MB Available physical RAM: 2453.8 MB Total Pagefile: 4158.49 MB Available Pagefile: 2523.81 MB Total Virtual: 2047.88 MB Available Virtual: 1913.23 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:445.7 GB) (Free:279.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (RECOVERY) (Fixed) (Total:20.01 GB) (Free:16.28 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F0F57708) Partition 1: (Not Active) - (Size=55 MB) - (Type=DE) Partition 2: (Not Active) - (Size=20 GB) - (Type=07 NTFS) Partition 3: (Active) - (Size=445.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================

#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:24 AM

Posted 16 February 2015 - 03:05 PM

Can you please repost all logs that they are readable? :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 fjrules

fjrules
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 16 February 2015 - 03:20 PM

Sorry, I think I had my javascript turned off before...

 

AdwCleaner, MB,and JRT all clean. I did not fix anything in the FRST logs.

 

Will making fixes with FRST solve any of the problems that were found in the GMER, RogueKiller, and ComboFix logs I posted earlier?

 

Also, re: RogueKiller, some of the registry corrections apparently didn't take so I did them manually except for the ones related to desktop icons which I'm not sure how to make.  As an example:

 

[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-382782190-1362263433-3942239974-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Replaced (0)

 

Should I simply change 59031A47-3F72-44A7-89C5-5595FE6B30EE to 0? Is that all there is to it?

 

Thank you again!

 

 

# AdwCleaner v4.110 - Logfile created 16/02/2015 at 13:02:20
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : Joe Collura - JOECOLLURA-PC
# Running from : C:\Users\Joe Collura\Desktop\Tools\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


*************************

AdwCleaner[R2].txt - [770 bytes] - [16/02/2015 10:44:49]
AdwCleaner[R3].txt - [828 bytes] - [16/02/2015 12:52:03]
AdwCleaner[S0].txt - [756 bytes] - [16/02/2015 13:02:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [814  bytes] ##########

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/16/2015
Scan Time: 11:02:35 AM
Logfile: MB.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.16.05
Rootkit Database: v2015.02.03.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Joe Collura

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331836
Time Elapsed: 28 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Ultimate x86
Ran by Joe Collura on Mon 02/16/2015 at 12:51:31.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/16/2015 at 13:01:30.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by Joe Collura (administrator) on JOECOLLURA-PC on 16-02-2015 13:09:16
Running from C:\Users\Joe Collura\Desktop\Tools
Loaded Profiles: Joe Collura (Available profiles: Joe Collura & UpdatusUser & Administrator)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-05-09] (Realtek Semiconductor)
HKU\S-1-5-21-382782190-1362263433-3942239974-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-382782190-1362263433-3942239974-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-382782190-1362263433-3942239974-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-382782190-1362263433-3942239974-1000 -> {7093ECD2-F738-69D1-D9E0-6F52B4A88621} URL = https://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2015-01-27] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Joe Collura\AppData\Roaming\Mozilla\Firefox\Profiles\mg7t097r.default-1423650162737
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=Google
FF SearchEngineOrder.US.1: data:text/plain,browser.search.order.US.1=Google
FF Homepage: https://www.google.com/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Joe Collura\AppData\Roaming\Mozilla\Firefox\Profiles\mg7t097r.default-1423650162737\Extensions\artur.dubovoy@gmail.com [2015-02-15]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Joe Collura\AppData\Roaming\Mozilla\Firefox\Profiles\mg7t097r.default-1423650162737\Extensions\adblockpopups@jessehakanen.net.xpi [2015-02-11]
FF Extension: NoScript - C:\Users\Joe Collura\AppData\Roaming\Mozilla\Firefox\Profiles\mg7t097r.default-1423650162737\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-11]
FF Extension: Fasterfox - C:\Users\Joe Collura\AppData\Roaming\Mozilla\Firefox\Profiles\mg7t097r.default-1423650162737\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2015-02-11]
FF Extension: Adblock Plus - C:\Users\Joe Collura\AppData\Roaming\Mozilla\Firefox\Profiles\mg7t097r.default-1423650162737\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-24]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-02-13]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-20] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-24] (AVAST Software)
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-01-16] (Intuit) [File not signed]
S4 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2013-06-19] (Intuit Inc.) [File not signed]
S4 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-06-19] (Intuit Inc.) [File not signed]
S4 TosExtSvc; C:\Program Files\TOSHIBA\HDD Password Tool\TosExtSvc.exe [1630512 2013-03-07] (TOSHIBA CORPORATION)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S3 HPSLPSVC; C:\Users\Joe Collura\AppData\Local\Temp\7zS6A13\hpslpsvc32.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-12-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-12-24] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-12-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-12-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-12-24] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-24] ()
R3 dg_ksudbus; C:\Windows\System32\DRIVERS\ksudbus.sys [75776 2011-03-25] (Microsoft Corporation) [File not signed]
S3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2014-03-18] (Logitech, Inc.)
S3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2014-03-18] (Logitech, Inc.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [82648 2015-02-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF32.sys [108544 2011-08-15] (Matrox Graphics Inc.) [File not signed]
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [822272 2009-11-16] (Ralink Technology Corp.) [File not signed]
R0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [24680 2009-11-24] (NVIDIA Corporation)
S3 NVNET; C:\Windows\System32\DRIVERS\nvmf6232.sys [291456 2012-02-28] (NVIDIA Corporation) [File not signed]
R3 pimou; C:\Windows\System32\DRIVERS\pimou.sys [21432 2013-11-30] (Christian Gulden)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 TosExt; C:\Windows\system32\Drivers\TosExt.sys [23344 2013-03-07] (TOSHIBA Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-15] ()
S3 dc3d; system32\DRIVERS\dc3d.sys [X]
S0 hcfdkkag; System32\drivers\qwfrch.sys [X]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X]
S3 mferkdk; system32\drivers\mferkdk.sys [X]
S3 mfesmfk; system32\drivers\mfesmfk.sys [X]
S3 NuidFltr; system32\DRIVERS\NuidFltr.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 13:06 - 2015-02-16 13:06 - 00000893 ____C () C:\Users\Joe Collura\Desktop\AdwCleaner[S0].txt
2015-02-16 13:04 - 2015-02-16 13:07 - 03820624 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-16 13:04 - 2015-02-16 13:04 - 00009643 _____ () C:\Windows\setupact.log
2015-02-16 13:04 - 2015-02-16 13:04 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-16 13:03 - 2015-02-16 13:03 - 00004842 _____ () C:\Windows\PFRO.log
2015-02-16 13:02 - 2015-02-16 13:02 - 00000635 ____C () C:\Users\Joe Collura\Documents\JRT 2.txt
2015-02-16 13:01 - 2015-02-16 13:01 - 00000635 ____C () C:\Users\Joe Collura\Desktop\JRT.txt
2015-02-16 12:15 - 2015-02-16 12:50 - 427777593 _____ () C:\Users\Joe Collura\Downloads\vv15.zip.002
2015-02-16 11:38 - 2015-02-16 11:38 - 00001059 ____C () C:\Users\Joe Collura\Desktop\MB.txt
2015-02-16 11:27 - 2015-02-16 12:46 - 00000000 ___DC () C:\Users\Joe Collura\Downloads\Mandy A
2015-02-16 11:23 - 2015-02-16 11:23 - 00000000 ___DC () C:\Users\Joe Collura\Downloads\Kearsley
2015-02-16 10:44 - 2015-02-16 13:02 - 00000000 ___DC () C:\AdwCleaner
2015-02-16 10:28 - 2014-03-06 15:26 - 1046239149 ____C () C:\Users\Joe Collura\Downloads\POVD - Alexis Adams - Footballing.mp4
2015-02-15 20:08 - 2015-02-15 19:50 - 00000543 ____C () C:\Users\Joe Collura\Desktop\aswBoot.txt
2015-02-15 17:43 - 2015-02-15 18:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-15 17:24 - 2015-02-15 17:24 - 00017453 ____C () C:\ComboFix.txt
2015-02-15 16:46 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-15 16:46 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-15 16:46 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-15 16:46 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-15 16:46 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-15 16:46 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-15 16:46 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-15 16:46 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-15 16:45 - 2015-02-15 17:24 - 00000000 ___DC () C:\Qoobox
2015-02-15 16:45 - 2015-02-15 17:24 - 00000000 ___DC () C:\ComboFix
2015-02-15 16:11 - 2015-02-15 16:21 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-15 16:11 - 2015-02-15 16:11 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-15 15:54 - 2015-02-15 16:01 - 00002462 ____C () C:\Users\Joe Collura\Desktop\Rkill.txt
2015-02-15 15:06 - 2015-02-15 15:06 - 00002933 ____C () C:\Users\Joe Collura\Desktop\hijackthis.log
2015-02-15 14:58 - 2015-02-15 14:58 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2015-02-15 14:58 - 2015-02-15 14:58 - 00000000 ___DC () C:\Program Files\Trend Micro
2015-02-14 12:34 - 2015-02-14 12:34 - 00000949 ____C () C:\Users\Joe Collura\Desktop\Media Cope.lnk
2015-02-14 12:34 - 2015-02-14 12:34 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Cope
2015-02-14 12:34 - 2010-09-10 16:38 - 00211456 _____ (Media Cope) C:\Windows\system32\MediaCopeShellM.dll
2015-02-14 12:34 - 2010-09-10 16:37 - 00211456 _____ (Media Cope) C:\Windows\system32\MediaCopeShellS.dll
2015-02-13 14:26 - 2015-02-13 14:26 - 00000000 ___DC () C:\Program Files\Windows Resource Kits
2015-02-13 13:17 - 2014-12-24 18:54 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-02-13 00:09 - 2015-02-13 00:10 - 00040772 ____C () C:\Users\Joe Collura\Desktop\Addition.txt
2015-02-13 00:07 - 2015-02-13 00:10 - 00035769 ____C () C:\Users\Joe Collura\Desktop\FRST.txt
2015-02-13 00:06 - 2015-02-16 13:09 - 00000000 ___DC () C:\FRST
2015-02-12 19:10 - 2015-02-12 19:10 - 00000544 ____C () C:\DelFix.txt
2015-02-11 10:18 - 2015-02-12 12:06 - 00000000 ___DC () C:\Program Files\Mozilla Firefox
2015-02-11 10:18 - 2015-02-11 10:18 - 00001077 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-11 10:18 - 2015-02-11 10:18 - 00001065 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-11 10:18 - 2015-02-11 10:18 - 00000000 ___DC () C:\Program Files\Mozilla Maintenance Service
2015-02-11 04:45 - 2015-02-11 04:45 - 00000000 ____D () C:\Windows\Sun
2015-02-11 04:36 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 04:36 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 04:36 - 2015-01-08 21:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-11 04:36 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-11 04:36 - 2015-01-08 21:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-11 01:53 - 2015-02-11 01:53 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 01:47 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 01:47 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 01:02 - 2015-02-11 01:02 - 00003989 ____C () C:\Users\Joe Collura\Desktop\GMER.log
2015-02-11 00:51 - 2015-02-11 00:51 - 00000000 ___HD () C:\Windows\PIF
2015-02-10 20:54 - 2015-01-15 02:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 20:54 - 2015-01-15 02:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 20:54 - 2015-01-15 02:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 20:54 - 2015-01-15 02:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 20:54 - 2015-01-15 02:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 20:54 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 20:54 - 2015-01-15 02:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 20:54 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 20:54 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 20:54 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 20:54 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 20:54 - 2015-01-14 23:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 20:54 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 20:54 - 2015-01-08 20:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 20:53 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-10 20:53 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 20:52 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 20:52 - 2015-01-11 20:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 20:52 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 20:52 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 20:52 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 20:52 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 20:52 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 20:52 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 20:52 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 20:52 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 20:52 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 20:51 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 20:51 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 20:51 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 20:51 - 2015-01-11 21:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 20:51 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 20:51 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 20:51 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 20:51 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 20:51 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 20:51 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 20:51 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 20:51 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 20:51 - 2015-01-11 20:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 20:51 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 20:51 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 20:51 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 20:51 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 20:51 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 20:51 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 20:51 - 2015-01-11 20:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 20:51 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 20:51 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 20:51 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 20:51 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 20:51 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 20:50 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 19:13 - 2014-05-14 18:37 - 03086040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2015-02-10 19:13 - 2014-05-14 16:00 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-02-10 19:13 - 2014-05-08 16:29 - 01728280 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO232.dll
2015-02-10 19:13 - 2014-04-30 11:34 - 00916696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2015-02-10 19:13 - 2014-04-28 15:48 - 02474200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO.dll
2015-02-10 19:13 - 2014-04-25 13:51 - 02566872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2015-02-10 19:13 - 2014-04-25 13:23 - 00782040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2015-02-10 19:13 - 2014-03-06 16:35 - 01892056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2015-02-10 19:13 - 2014-02-18 17:04 - 02421792 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2015-02-10 19:13 - 2014-01-08 15:25 - 00332568 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp32.dll
2015-02-10 19:13 - 2013-10-16 03:43 - 00182472 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2015-02-10 19:13 - 2013-10-11 12:47 - 00092584 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-02-10 19:13 - 2012-06-08 16:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO32.dll
2015-02-10 19:13 - 2012-03-08 11:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2015-02-10 19:13 - 2011-12-16 14:57 - 00054360 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld32.dll
2015-02-10 19:13 - 2011-11-22 16:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2015-02-10 19:13 - 2010-11-08 07:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2015-02-10 19:13 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2015-02-10 19:13 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2015-02-10 19:13 - 2010-11-08 07:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2015-02-10 19:13 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2015-02-10 19:13 - 2010-11-08 07:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2015-02-10 19:13 - 2009-11-24 09:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2015-02-10 19:13 - 2009-11-24 09:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2015-02-10 19:13 - 2009-11-18 07:13 - 00050776 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn32.dll
2015-02-06 19:33 - 2015-02-10 23:19 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-06 19:33 - 2015-02-10 23:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-05 15:10 - 2015-02-05 16:31 - 00018432 ____C () C:\Users\Joe Collura\Documents\2014 Med Appt Credit.xls
2015-02-03 18:19 - 2015-02-03 18:19 - 00000280 _____ () C:\Windows\system32\mbr.log
2015-02-03 10:44 - 2015-02-03 10:44 - 00000819 ____C () C:\Users\Joe Collura\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2015-01-30 21:12 - 2015-02-16 13:00 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\vlc
2015-01-30 20:41 - 2015-02-11 02:11 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-30 20:41 - 2015-01-30 20:41 - 00000984 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-29 15:25 - 2014-04-02 13:55 - 00106928 _____ (GEAR Software Inc.) C:\Windows\system32\GEARAspi.dll
2015-01-29 15:25 - 2014-04-02 13:55 - 00029224 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-01-29 15:24 - 2015-01-29 15:38 - 00000000 ____D () C:\ProgramData\GEAR Software DVD CDRom
2015-01-28 21:14 - 2015-01-28 21:14 - 00000000 ___DC () C:\Program Files\ESET
2015-01-28 01:56 - 2015-01-28 01:56 - 00198322 ____C () C:\Users\Joe Collura\Desktop\sfcdetails.txt
2015-01-28 01:18 - 2015-01-28 01:18 - 00000000 _____ () C:\Windows\system32\%userprofile
2015-01-28 01:14 - 2015-01-28 01:14 - 01044504 ____C () C:\Users\Joe Collura\Desktop\CBS 1-27-15.txt
2015-01-27 17:46 - 2015-01-27 17:46 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-01-27 17:46 - 2015-01-27 17:46 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-01-27 17:46 - 2015-01-27 17:46 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-01-27 17:46 - 2015-01-27 17:46 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-01-27 17:46 - 2015-01-27 17:46 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-01-27 17:46 - 2015-01-27 17:46 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-01-27 17:46 - 2015-01-27 17:46 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-01-27 17:46 - 2015-01-27 17:46 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-01-27 17:46 - 2015-01-27 17:46 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-01-27 16:46 - 2015-01-27 16:46 - 00000000 ____D () C:\ProgramData\Sun
2015-01-26 23:15 - 2015-02-16 13:10 - 01559148 _____ () C:\Windows\WindowsUpdate.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 13:09 - 2011-09-03 15:45 - 00000000 ___DC () C:\Users\Joe Collura\Desktop\Tools
2015-02-16 13:07 - 2014-07-01 14:35 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-16 13:04 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-15 23:22 - 2013-04-07 13:40 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\Wise Registry Cleaner
2015-02-15 21:18 - 2014-11-01 11:31 - 00009712 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-15 21:18 - 2011-12-17 21:34 - 00009712 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-15 20:41 - 2014-01-18 14:07 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\Wise Disk Cleaner
2015-02-15 20:16 - 2009-08-14 08:21 - 00000000 ___DC () C:\Users\Joe Collura\Documents\Inbound Marketing
2015-02-15 20:04 - 2012-12-02 03:26 - 00114344 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-02-15 18:15 - 2010-11-20 16:01 - 00786558 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-15 17:20 - 2009-07-13 21:04 - 00000215 ____C () C:\Windows\system.ini
2015-02-15 16:47 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public
2015-02-15 16:46 - 2011-12-17 21:46 - 00000000 ___DC () C:\Users\Administrator
2015-02-15 16:44 - 2014-11-02 12:09 - 00000000 ____D () C:\Windows\erdnt
2015-02-15 15:52 - 2013-04-02 12:45 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\BitTorrent
2015-02-15 15:32 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-02-15 13:46 - 2012-08-24 10:08 - 00000000 ___DC () C:\Program Files\SUPERAntiSpyware
2015-02-14 22:23 - 2011-12-17 21:46 - 00000000 ___DC () C:\Users\Joe Collura
2015-02-14 12:34 - 2014-02-07 20:26 - 00000000 ___DC () C:\Program Files\Media Cope
2015-02-13 13:18 - 2014-12-24 18:56 - 00002077 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-12 22:35 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2015-02-12 20:31 - 2006-11-02 05:23 - 00000240 _____ () C:\Windows\win.ini
2015-02-12 20:05 - 2014-12-31 11:31 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Configuration Analyzer Tool 1.2
2015-02-12 20:05 - 2014-12-31 11:31 - 00000000 ___DC () C:\Program Files\Microsoft OffCAT
2015-02-12 19:39 - 2009-08-15 22:09 - 00000000 ___DC () C:\ProgramData\Apple
2015-02-12 19:33 - 2009-12-12 12:14 - 00000000 ___DC () C:\Program Files\Java
2015-02-12 11:15 - 2014-07-01 13:59 - 00082648 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-11 23:05 - 2012-08-22 11:51 - 00000000 ____D () C:\Windows\pss
2015-02-11 10:19 - 2009-11-08 18:00 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\Mozilla
2015-02-11 10:14 - 2014-10-29 17:23 - 00000000 ___DC () C:\Program Files\iTunes
2015-02-11 09:55 - 2011-02-21 18:02 - 00000000 ___DC () C:\Users\Joe Collura\Documents\Health Insurance
2015-02-11 09:44 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\tracing
2015-02-11 02:11 - 2012-01-01 00:26 - 00000000 ____D () C:\Windows\Minidump
2015-02-11 02:07 - 2013-07-13 09:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 01:57 - 2011-12-18 12:46 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 19:14 - 2014-12-21 15:43 - 00000000 __HDC () C:\Program Files\Temp
2015-02-10 19:14 - 2014-11-23 15:54 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-02-05 11:58 - 2013-11-11 14:48 - 00000000 ___DC () C:\Users\Joe Collura\Documents\Personal Health
2015-02-04 11:16 - 2014-12-26 13:30 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-02-03 18:48 - 2009-08-15 13:24 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\Adobe
2015-02-03 18:06 - 2009-08-15 17:47 - 00000000 ___DC () C:\ProgramData\Adobe
2015-02-03 17:01 - 2009-08-17 11:44 - 00000376 _____ () C:\Windows\ODBC.INI
2015-02-03 14:55 - 2011-12-22 23:10 - 00000000 ___DC () C:\Program Files\Common Files\Adobe
2015-02-03 14:48 - 2009-08-15 17:47 - 00000000 ___DC () C:\Program Files\Adobe
2015-02-03 10:44 - 2015-01-04 14:40 - 00000839 ____C () C:\Users\Joe Collura\Desktop\BitTorrent.lnk
2015-02-02 15:52 - 2012-09-08 10:59 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\DVDVideoSoft
2015-01-30 20:40 - 2009-08-17 19:12 - 00000000 ___DC () C:\Program Files\VideoLAN
2015-01-28 01:40 - 2014-11-13 21:29 - 00042420 _____ () C:\Windows\system32\sfcdetails.txt
2015-01-27 23:12 - 2014-08-20 15:23 - 00000000 ___DC () C:\Program Files\7-Zip
2015-01-27 19:47 - 2010-11-05 23:59 - 00000925 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-27 19:47 - 2009-08-31 19:47 - 00000000 ___DC () C:\Program Files\CCleaner
2015-01-27 17:22 - 2011-12-18 12:11 - 00001373 ____C () C:\Users\Joe Collura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-27 16:49 - 2009-08-13 17:15 - 00000000 ___DC () C:\ProgramData\NVIDIA
2015-01-27 16:48 - 2014-04-26 19:20 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-27 16:45 - 2014-10-29 20:25 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

==================== Files in the root of some directories =======

2014-10-23 21:56 - 2014-10-23 21:57 - 0000165 ____C () C:\Users\Joe Collura\AppData\Roaming\settings.xml
2011-12-19 00:41 - 2014-10-17 22:13 - 0046080 _____ () C:\Users\Joe Collura\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-23 17:11 - 2015-02-13 16:01 - 0007626 _____ () C:\Users\Joe Collura\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2012-08-27 09:31

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-02-2015
Ran by Joe Collura at 2015-02-16 13:11:30
Running from C:\Users\Joe Collura\Desktop\Tools
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.38 beta (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
BitTorrent (HKU\S-1-5-21-382782190-1362263433-3942239974-1000\...\BitTorrent) (Version: 7.9.2.38657 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
GEAR driver installer 4.021.1 (HKLM\...\{872C52AE-306E-4A0A-8544-CB3388F1F13B}) (Version: 4.021.1 - GEAR Software)
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Media Cope 4.0 (HKLM\...\Media Cope_is1) (Version:  - Media Cope)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Configuration Analyzer Tool 1.2 (HKLM\...\{57164560-615C-4C9F-A75E-865B2A56310C}) (Version: 1.2.2 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Publisher 2007 (HKLM\...\PUBLISHERR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9713 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
QuickBooks Pro 2013 (HKLM\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4008.2305 - Intuit Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
SeaTools for Windows (HKLM\...\SeaTools for Windows) (Version:  - Seagate Technology)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.5.1012 - SUPERAntiSpyware.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Wise Disk Cleaner 8.41 (HKLM\...\Wise Disk Cleaner_is1) (Version: 8.41 - WiseCleaner.com, Inc.)
Wise Registry Cleaner 8.31 (HKLM\...\Wise Registry Cleaner_is1) (Version: 8.31 - WiseCleaner.com, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{23CEE673-F947-4d94-9D54-F4BA00C8B73D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{3CDEA288-D759-4C3B-B07F-7AFBCC842D98}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-382782190-1362263433-3942239974-1000_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

==================== Restore Points  =========================

05-02-2015 03:25:09 Created by Wise Disk Cleaner
10-02-2015 01:41:49 Windows Update
13-02-2015 14:37:31 Windows Update
15-02-2015 14:05:42 Removed Windows Resource Kit Tools - SubInAcl.exe
15-02-2015 14:57:20 Installed HiJackThis

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2015-02-15 17:19 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0EB26E28-CDA5-499D-A482-1B88A2A9670F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3A950610-5351-4CF3-89BD-526A7E64AA8B} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {4CE6FBC9-9ABD-4C45-AE4B-6A0FDCAA4862} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-24] (AVAST Software)
Task: {72CDF776-B79F-4ADF-88A4-33D3BC1E653D} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {B409D564-DC66-4F82-907B-EBA261056F13} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {D57FADC6-76ED-4795-84EF-38045E8C990E} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) ==============

2015-02-16 10:28 - 2015-02-16 10:28 - 02911744 ____C () C:\Program Files\AVAST Software\Avast\defs\15021600\algo.dll
2014-12-24 18:54 - 2014-12-24 18:54 - 38562088 ____C () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-08-05 09:45 - 2009-08-05 09:45 - 00106312 ____C () C:\Program Files\Microsoft Office\OFFICE11\OUTLCTL.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-382782190-1362263433-3942239974-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Joe Collura\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: Zoho Assist => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HDD Password Tool.lnk => C:\Windows\pss\HDD Password Tool.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\Windows\pss\Intuit Data Protect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Joe Collura^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: HP Deskjet 3050A J611 series (NET) => "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN14S4C90K05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== Accounts: =============================

Administrator (S-1-5-21-382782190-1362263433-3942239974-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-382782190-1362263433-3942239974-501 - Limited - Disabled)
Joe Collura (S-1-5-21-382782190-1362263433-3942239974-1000 - Administrator - Enabled) => C:\Users\Joe Collura
UpdatusUser (S-1-5-21-382782190-1362263433-3942239974-1056 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/16/2015 01:06:59 PM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost (2412) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Joe Collura\AppData\Local\Microsoft\Windows\WebCache\V01.log.


System errors:
=============
Error: (02/16/2015 01:05:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
hcfdkkag

Error: (02/16/2015 01:05:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error:
%%1068

Error: (02/16/2015 01:05:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 4000+
Percentage of memory in use: 30%
Total physical RAM: 3518.49 MB
Available physical RAM: 2453.8 MB
Total Pagefile: 4158.49 MB
Available Pagefile: 2523.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:445.7 GB) (Free:279.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:20.01 GB) (Free:16.28 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F0F57708)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=445.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:24 AM

Posted 17 February 2015 - 04:39 AM

Will making fixes with FRST solve any of the problems that were found in the GMER, RogueKiller, and ComboFix logs I posted earlier?

We will fix entries that I see in the FRST log. :)


Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKU\S-1-5-21-382782190-1362263433-3942239974-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - No Path
    S3 HPSLPSVC; C:\Users\Joe Collura\AppData\Local\Temp\7zS6A13\hpslpsvc32.dll [X]
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 fjrules

fjrules
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 18 February 2015 - 12:20 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-02-2015
Ran by Joe Collura at 2015-02-17 20:05:10 Run:1
Running from C:\Users\Joe Collura\Desktop
Loaded Profiles: Joe Collura (Available profiles: Joe Collura & UpdatusUser & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-382782190-1362263433-3942239974-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - No Path
S3 HPSLPSVC; C:\Users\Joe Collura\AppData\Local\Temp\7zS6A13\hpslpsvc32.dll [X]
EmptyTemp:
*****************

"HKU\S-1-5-21-382782190-1362263433-3942239974-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007 => Key not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => Key not found.
HPSLPSVC => Service deleted successfully.
EmptyTemp: => Removed 1.9 GB temporary data.


The system needed a reboot.

==== End of Fixlog 20:05:38 ====

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by Joe Collura (administrator) on JOECOLLURA-PC on 17-02-2015 20:19:49
Running from C:\Users\Joe Collura\Desktop
Loaded Profiles: Joe Collura (Available profiles: Joe Collura & UpdatusUser & Administrator)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-05-09] (Realtek Semiconductor)
HKU\S-1-5-21-382782190-1362263433-3942239974-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKU\S-1-5-21-382782190-1362263433-3942239974-1000 -> {7093ECD2-F738-69D1-D9E0-6F52B4A88621} URL = https://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2015-01-27] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Joe Collura\AppData\Roaming\Mozilla\Firefox\Profiles\mg7t097r.default-1423650162737
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=Google
FF SearchEngineOrder.US.1: data:text/plain,browser.search.order.US.1=Google
FF Homepage: https://www.google.com/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Joe Collura\AppData\Roaming\Mozilla\Firefox\Profiles\mg7t097r.default-1423650162737\Extensions\artur.dubovoy@gmail.com [2015-02-15]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Joe Collura\AppData\Roaming\Mozilla\Firefox\Profiles\mg7t097r.default-1423650162737\Extensions\adblockpopups@jessehakanen.net.xpi [2015-02-11]
FF Extension: NoScript - C:\Users\Joe Collura\AppData\Roaming\Mozilla\Firefox\Profiles\mg7t097r.default-1423650162737\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-11]
FF Extension: Fasterfox - C:\Users\Joe Collura\AppData\Roaming\Mozilla\Firefox\Profiles\mg7t097r.default-1423650162737\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2015-02-11]
FF Extension: Adblock Plus - C:\Users\Joe Collura\AppData\Roaming\Mozilla\Firefox\Profiles\mg7t097r.default-1423650162737\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-24]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-20] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-24] (AVAST Software)
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-01-16] (Intuit) [File not signed]
S4 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2013-06-19] (Intuit Inc.) [File not signed]
S4 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-06-19] (Intuit Inc.) [File not signed]
S4 TosExtSvc; C:\Program Files\TOSHIBA\HDD Password Tool\TosExtSvc.exe [1630512 2013-03-07] (TOSHIBA CORPORATION)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-12-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-12-24] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-12-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-12-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-12-24] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-24] ()
R3 dg_ksudbus; C:\Windows\System32\DRIVERS\ksudbus.sys [75776 2011-03-25] (Microsoft Corporation) [File not signed]
S3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2014-03-18] (Logitech, Inc.)
S3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2014-03-18] (Logitech, Inc.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [82648 2015-02-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF32.sys [108544 2011-08-15] (Matrox Graphics Inc.) [File not signed]
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [822272 2009-11-16] (Ralink Technology Corp.) [File not signed]
R0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [24680 2009-11-24] (NVIDIA Corporation)
S3 NVNET; C:\Windows\System32\DRIVERS\nvmf6232.sys [291456 2012-02-28] (NVIDIA Corporation) [File not signed]
R3 pimou; C:\Windows\System32\DRIVERS\pimou.sys [21432 2013-11-30] (Christian Gulden)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 TosExt; C:\Windows\system32\Drivers\TosExt.sys [23344 2013-03-07] (TOSHIBA Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-15] ()
S3 dc3d; system32\DRIVERS\dc3d.sys [X]
S0 hcfdkkag; System32\drivers\qwfrch.sys [X]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X]
S3 mferkdk; system32\drivers\mferkdk.sys [X]
S3 mfesmfk; system32\drivers\mfesmfk.sys [X]
S3 NuidFltr; system32\DRIVERS\NuidFltr.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 20:19 - 2015-02-17 20:19 - 00010607 ____C () C:\Users\Joe Collura\Desktop\FRST.txt
2015-02-17 11:32 - 2015-02-17 20:08 - 00019286 _____ () C:\Windows\setupact.log
2015-02-17 11:32 - 2015-02-17 11:35 - 03820624 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-17 11:32 - 2015-02-17 11:32 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-17 11:31 - 2015-02-17 20:07 - 00007318 _____ () C:\Windows\PFRO.log
2015-02-16 18:24 - 2015-02-16 18:30 - 00001204 _____ () C:\Users\Public\Desktop\Free Video Cutter.lnk
2015-02-16 18:24 - 2015-02-16 18:24 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeVideoCutter
2015-02-16 18:24 - 2015-02-16 18:24 - 00000000 ___DC () C:\Program Files\Tomatosoft
2015-02-16 14:10 - 2015-02-16 14:10 - 00000000 ____D () C:\Users\Joe Collura\AppData\Local\Apps\2.0
2015-02-16 13:06 - 2015-02-16 13:06 - 00000893 ____C () C:\Users\Joe Collura\Desktop\AdwCleaner[S0].txt
2015-02-16 13:02 - 2015-02-16 13:02 - 00000635 ____C () C:\Users\Joe Collura\Documents\JRT 2.txt
2015-02-16 13:01 - 2015-02-16 13:01 - 00000635 ____C () C:\Users\Joe Collura\Desktop\JRT.txt
2015-02-16 11:38 - 2015-02-16 11:38 - 00001059 ____C () C:\Users\Joe Collura\Desktop\MB.txt
2015-02-16 10:44 - 2015-02-16 13:02 - 00000000 ___DC () C:\AdwCleaner
2015-02-15 20:08 - 2015-02-15 19:50 - 00000543 ____C () C:\Users\Joe Collura\Desktop\aswBoot.txt
2015-02-15 17:43 - 2015-02-15 18:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-15 17:24 - 2015-02-15 17:24 - 00017453 ____C () C:\ComboFix.txt
2015-02-15 16:46 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-15 16:46 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-15 16:46 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-15 16:46 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-15 16:46 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-15 16:46 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-15 16:46 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-15 16:46 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-15 16:45 - 2015-02-15 17:24 - 00000000 ___DC () C:\Qoobox
2015-02-15 16:45 - 2015-02-15 17:24 - 00000000 ___DC () C:\ComboFix
2015-02-15 16:11 - 2015-02-15 16:21 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-15 16:11 - 2015-02-15 16:11 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-15 15:54 - 2015-02-16 14:14 - 00002336 ____C () C:\Users\Joe Collura\Desktop\Rkill.txt
2015-02-15 15:06 - 2015-02-15 15:06 - 00002933 ____C () C:\Users\Joe Collura\Desktop\hijackthis.log
2015-02-15 14:58 - 2015-02-15 14:58 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2015-02-15 14:58 - 2015-02-15 14:58 - 00000000 ___DC () C:\Program Files\Trend Micro
2015-02-14 12:34 - 2015-02-14 12:34 - 00000949 ____C () C:\Users\Joe Collura\Desktop\Media Cope.lnk
2015-02-14 12:34 - 2015-02-14 12:34 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Cope
2015-02-14 12:34 - 2010-09-10 16:38 - 00211456 _____ (Media Cope) C:\Windows\system32\MediaCopeShellM.dll
2015-02-14 12:34 - 2010-09-10 16:37 - 00211456 _____ (Media Cope) C:\Windows\system32\MediaCopeShellS.dll
2015-02-13 13:17 - 2014-12-24 18:54 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-02-13 00:09 - 2015-02-13 00:10 - 00040772 ____C () C:\Users\Joe Collura\Desktop\Addition.txt
2015-02-13 00:06 - 2015-02-17 20:19 - 00000000 ___DC () C:\FRST
2015-02-13 00:05 - 2015-02-16 13:08 - 01125888 ____C (Farbar) C:\Users\Joe Collura\Desktop\FRST.exe
2015-02-12 19:10 - 2015-02-12 19:10 - 00000544 ____C () C:\DelFix.txt
2015-02-11 10:18 - 2015-02-12 12:06 - 00000000 ___DC () C:\Program Files\Mozilla Firefox
2015-02-11 10:18 - 2015-02-11 10:18 - 00001077 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-11 10:18 - 2015-02-11 10:18 - 00001065 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-11 10:18 - 2015-02-11 10:18 - 00000000 ___DC () C:\Program Files\Mozilla Maintenance Service
2015-02-11 04:45 - 2015-02-11 04:45 - 00000000 ____D () C:\Windows\Sun
2015-02-11 04:36 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 04:36 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 04:36 - 2015-01-08 21:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-11 04:36 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-11 04:36 - 2015-01-08 21:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-11 01:53 - 2015-02-11 01:53 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 01:47 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 01:47 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 01:02 - 2015-02-11 01:02 - 00003989 ____C () C:\Users\Joe Collura\Desktop\GMER.log
2015-02-11 00:51 - 2015-02-11 00:51 - 00000000 ___HD () C:\Windows\PIF
2015-02-10 20:54 - 2015-01-15 02:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 20:54 - 2015-01-15 02:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 20:54 - 2015-01-15 02:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 20:54 - 2015-01-15 02:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 20:54 - 2015-01-15 02:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 20:54 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 20:54 - 2015-01-15 02:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 20:54 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 20:54 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 20:54 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 20:54 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 20:54 - 2015-01-14 23:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 20:54 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 20:54 - 2015-01-08 20:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 20:53 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-10 20:53 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 20:52 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 20:52 - 2015-01-11 20:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 20:52 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 20:52 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 20:52 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 20:52 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 20:52 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 20:52 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 20:52 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 20:52 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 20:52 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 20:51 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 20:51 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 20:51 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 20:51 - 2015-01-11 21:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 20:51 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 20:51 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 20:51 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 20:51 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 20:51 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 20:51 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 20:51 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 20:51 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 20:51 - 2015-01-11 20:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 20:51 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 20:51 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 20:51 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 20:51 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 20:51 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 20:51 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 20:51 - 2015-01-11 20:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 20:51 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 20:51 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 20:51 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 20:51 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 20:51 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 20:50 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 19:13 - 2014-05-14 18:37 - 03086040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2015-02-10 19:13 - 2014-05-14 16:00 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-02-10 19:13 - 2014-05-08 16:29 - 01728280 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO232.dll
2015-02-10 19:13 - 2014-04-30 11:34 - 00916696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2015-02-10 19:13 - 2014-04-28 15:48 - 02474200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO.dll
2015-02-10 19:13 - 2014-04-25 13:51 - 02566872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2015-02-10 19:13 - 2014-04-25 13:23 - 00782040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2015-02-10 19:13 - 2014-03-06 16:35 - 01892056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2015-02-10 19:13 - 2014-02-18 17:04 - 02421792 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2015-02-10 19:13 - 2014-01-08 15:25 - 00332568 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp32.dll
2015-02-10 19:13 - 2013-10-16 03:43 - 00182472 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2015-02-10 19:13 - 2013-10-11 12:47 - 00092584 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-02-10 19:13 - 2012-06-08 16:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO32.dll
2015-02-10 19:13 - 2012-03-08 11:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2015-02-10 19:13 - 2011-12-16 14:57 - 00054360 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld32.dll
2015-02-10 19:13 - 2011-11-22 16:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2015-02-10 19:13 - 2010-11-08 07:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2015-02-10 19:13 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2015-02-10 19:13 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2015-02-10 19:13 - 2010-11-08 07:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2015-02-10 19:13 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2015-02-10 19:13 - 2010-11-08 07:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2015-02-10 19:13 - 2009-11-24 09:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2015-02-10 19:13 - 2009-11-24 09:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2015-02-10 19:13 - 2009-11-18 07:13 - 00050776 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn32.dll
2015-02-06 19:33 - 2015-02-10 23:19 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-06 19:33 - 2015-02-10 23:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-05 15:10 - 2015-02-05 16:31 - 00018432 ____C () C:\Users\Joe Collura\Documents\2014 Med Appt Credit.xls
2015-02-03 18:19 - 2015-02-03 18:19 - 00000280 _____ () C:\Windows\system32\mbr.log
2015-02-03 10:44 - 2015-02-03 10:44 - 00000819 ____C () C:\Users\Joe Collura\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2015-01-30 21:12 - 2015-02-17 19:36 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\vlc
2015-01-30 20:41 - 2015-02-11 02:11 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-30 20:41 - 2015-01-30 20:41 - 00000984 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-29 15:25 - 2014-04-02 13:55 - 00106928 _____ (GEAR Software Inc.) C:\Windows\system32\GEARAspi.dll
2015-01-29 15:25 - 2014-04-02 13:55 - 00029224 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-01-29 15:24 - 2015-01-29 15:38 - 00000000 ____D () C:\ProgramData\GEAR Software DVD CDRom
2015-01-28 21:14 - 2015-01-28 21:14 - 00000000 ___DC () C:\Program Files\ESET
2015-01-28 01:56 - 2015-01-28 01:56 - 00198322 ____C () C:\Users\Joe Collura\Desktop\sfcdetails.txt
2015-01-28 01:18 - 2015-01-28 01:18 - 00000000 _____ () C:\Windows\system32\%userprofile
2015-01-28 01:14 - 2015-01-28 01:14 - 01044504 ____C () C:\Users\Joe Collura\Desktop\CBS 1-27-15.txt
2015-01-27 17:46 - 2015-01-27 17:46 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-01-27 17:46 - 2015-01-27 17:46 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-01-27 17:46 - 2015-01-27 17:46 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-01-27 17:46 - 2015-01-27 17:46 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-01-27 17:46 - 2015-01-27 17:46 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-01-27 17:46 - 2015-01-27 17:46 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-01-27 17:46 - 2015-01-27 17:46 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-01-27 17:46 - 2015-01-27 17:46 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-01-27 17:46 - 2015-01-27 17:46 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-01-27 17:46 - 2015-01-27 17:46 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-01-27 16:46 - 2015-01-27 16:46 - 00000000 ____D () C:\ProgramData\Sun
2015-01-26 23:15 - 2015-02-17 20:11 - 01797949 _____ () C:\Windows\WindowsUpdate.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 20:16 - 2014-07-01 14:35 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-17 20:15 - 2014-11-01 11:31 - 00009712 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-17 20:15 - 2011-12-17 21:34 - 00009712 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-17 20:08 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-17 20:00 - 2013-04-02 12:45 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\BitTorrent
2015-02-17 19:36 - 2011-09-03 15:45 - 00000000 ___DC () C:\Users\Joe Collura\Desktop\Tools
2015-02-17 19:18 - 2013-11-11 14:48 - 00000000 ___DC () C:\Users\Joe Collura\Documents\Personal Health
2015-02-17 19:13 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-02-16 23:39 - 2013-04-07 13:40 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\Wise Registry Cleaner
2015-02-16 22:57 - 2012-08-24 10:08 - 00000000 ___DC () C:\Program Files\SUPERAntiSpyware
2015-02-16 22:56 - 2014-01-18 14:07 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\Wise Disk Cleaner
2015-02-16 21:47 - 2010-11-20 16:01 - 00786558 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-15 20:16 - 2009-08-14 08:21 - 00000000 ___DC () C:\Users\Joe Collura\Documents\Inbound Marketing
2015-02-15 20:04 - 2012-12-02 03:26 - 00114344 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-02-15 17:20 - 2009-07-13 21:04 - 00000215 ____C () C:\Windows\system.ini
2015-02-15 16:47 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public
2015-02-15 16:46 - 2011-12-17 21:46 - 00000000 ___DC () C:\Users\Administrator
2015-02-15 16:44 - 2014-11-02 12:09 - 00000000 ____D () C:\Windows\erdnt
2015-02-14 22:23 - 2011-12-17 21:46 - 00000000 ___DC () C:\Users\Joe Collura
2015-02-14 12:34 - 2014-02-07 20:26 - 00000000 ___DC () C:\Program Files\Media Cope
2015-02-13 13:18 - 2014-12-24 18:56 - 00002077 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-12 22:35 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2015-02-12 20:31 - 2006-11-02 05:23 - 00000240 _____ () C:\Windows\win.ini
2015-02-12 20:05 - 2014-12-31 11:31 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Configuration Analyzer Tool 1.2
2015-02-12 20:05 - 2014-12-31 11:31 - 00000000 ___DC () C:\Program Files\Microsoft OffCAT
2015-02-12 19:39 - 2009-08-15 22:09 - 00000000 ___DC () C:\ProgramData\Apple
2015-02-12 19:33 - 2009-12-12 12:14 - 00000000 ___DC () C:\Program Files\Java
2015-02-12 11:15 - 2014-07-01 13:59 - 00082648 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-11 23:05 - 2012-08-22 11:51 - 00000000 ____D () C:\Windows\pss
2015-02-11 10:19 - 2009-11-08 18:00 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\Mozilla
2015-02-11 10:14 - 2014-10-29 17:23 - 00000000 ___DC () C:\Program Files\iTunes
2015-02-11 09:55 - 2011-02-21 18:02 - 00000000 ___DC () C:\Users\Joe Collura\Documents\Health Insurance
2015-02-11 09:44 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\tracing
2015-02-11 02:11 - 2012-01-01 00:26 - 00000000 ____D () C:\Windows\Minidump
2015-02-11 02:07 - 2013-07-13 09:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 01:57 - 2011-12-18 12:46 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 19:14 - 2014-12-21 15:43 - 00000000 __HDC () C:\Program Files\Temp
2015-02-10 19:14 - 2014-11-23 15:54 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-02-04 11:16 - 2014-12-26 13:30 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-02-03 18:48 - 2009-08-15 13:24 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\Adobe
2015-02-03 18:06 - 2009-08-15 17:47 - 00000000 ___DC () C:\ProgramData\Adobe
2015-02-03 17:01 - 2009-08-17 11:44 - 00000376 _____ () C:\Windows\ODBC.INI
2015-02-03 14:55 - 2011-12-22 23:10 - 00000000 ___DC () C:\Program Files\Common Files\Adobe
2015-02-03 14:48 - 2009-08-15 17:47 - 00000000 ___DC () C:\Program Files\Adobe
2015-02-03 10:44 - 2015-01-04 14:40 - 00000839 ____C () C:\Users\Joe Collura\Desktop\BitTorrent.lnk
2015-02-02 15:52 - 2012-09-08 10:59 - 00000000 ___DC () C:\Users\Joe Collura\AppData\Roaming\DVDVideoSoft
2015-01-30 20:40 - 2009-08-17 19:12 - 00000000 ___DC () C:\Program Files\VideoLAN
2015-01-28 01:40 - 2014-11-13 21:29 - 00042420 _____ () C:\Windows\system32\sfcdetails.txt
2015-01-27 23:12 - 2014-08-20 15:23 - 00000000 ___DC () C:\Program Files\7-Zip
2015-01-27 19:47 - 2010-11-05 23:59 - 00000925 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-27 19:47 - 2009-08-31 19:47 - 00000000 ___DC () C:\Program Files\CCleaner
2015-01-27 17:22 - 2011-12-18 12:11 - 00001373 ____C () C:\Users\Joe Collura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-27 16:49 - 2009-08-13 17:15 - 00000000 ___DC () C:\ProgramData\NVIDIA
2015-01-27 16:48 - 2014-04-26 19:20 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-27 16:45 - 2014-10-29 20:25 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

==================== Files in the root of some directories =======

2014-10-23 21:56 - 2014-10-23 21:57 - 0000165 ____C () C:\Users\Joe Collura\AppData\Roaming\settings.xml
2011-12-19 00:41 - 2014-10-17 22:13 - 0046080 _____ () C:\Users\Joe Collura\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-23 17:11 - 2015-02-13 16:01 - 0007626 _____ () C:\Users\Joe Collura\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2012-08-27 09:31

 

=================== End Of Log ============================

 

Re: ESET - I ran it to your specs but when it completed, I wasn't given an option for a log file.  The scan found no infections. 

 

It appears the FRST fix did not totally work because, as you can see, my start page is www.msn.com in the registry when it should be IE.

 

I continue to experience slow start ups with both Firefox and IE and periodic hanging when browsing. 

 

The problems found by ComboFix and GMER in my very first post (logs were included) still remain.  These include (but are not limited to) locked registry keys with the presence of "Flashbroker" and a mysterious C/windows/CRC folder with files I cannot access.  When we get clean scans with FRST hopefully we can turn our attention to ComboFix and GMER.

 

Thanks, Machiavelli and please let me know the next steps. ;)



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:24 AM

Posted 18 February 2015 - 07:16 AM

Hey, :)

my start page is www.msn.com in the registry when it should be IE.

MSN.com is a normal start page by IE ... if you like to have another startpage just tell me.

The problems found by ComboFix and GMER in my very first post (logs were included) still remain

The things which these scanner found are OK. The entries which were found by CF are already in the quarantine, and the entries which were found by GMER are also OK.

These include (but are not limited to) locked registry keys with the presence of "Flashbroker" and a mysterious C/windows/CRC folder with files I cannot access.

What do you mean?

Cheers

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 fjrules

fjrules
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 18 February 2015 - 11:45 AM

"MSN.com is a normal start page by IE ... if you like to have another startpage just tell me."

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

 

I want my IE start page to be Google.  In this entry should I simply change "MSN" to "Google"? 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

"The things which these scanner (GMER and ComboFix) found are OK. The entries which were found by CF are already in the quarantine, and the entries which were found by GMER are also OK."  Thank you for the info about the locked keys found by CF.  I thought I read that Flashbroker was indicative of a virus but if you tell me those locked keys are fine, that's good enough for me.

 

1.  Can I safely delete the Qoobox folder and its contents? 

 

2.  As indicated in the GMER log, I am unable to delete the following two files: 

C:\Windows\CSC\v2.0.6\namespace and C:\Windows\CSC\v2.0.6\pq . It says they're currently in use by another program.  I was able to forcibly delete the other files in the CSC folder as well as the log files in System 32 that GMER found.  Can you advise me how to delete those two files?

 

3.  In RogueKiller, some of the registry corrections apparently didn't take so I did them manually except for the ones related to desktop icons which I'm not sure how to make.  As an example:

[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-382782190-1362263433-3942239974-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Replaced (0)

 

To manually make that change, should I delete the value {20D04FE0-3AEA-1069-A2D8-08002B30309D} entirely?   Or do I keep it and change the value data from 1 to 0? 

 

4.  Are there any remaining tests you feel I should run?  Should I use DelFix to remove my tools used?

 

You've been a great help!  I look forward to your next reply as we wrap things up.



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:24 AM

Posted 19 February 2015 - 04:30 AM

I want my IE start page to be Google. In this entry should I simply change "MSN" to "Google"?

Yes. :)

1. Can I safely delete the Qoobox folder and its contents?

Yes.

2. As indicated in the GMER log, I am unable to delete the following two files:
C:\Windows\CSC\v2.0.6\namespace and C:\Windows\CSC\v2.0.6\pq . It says they're currently in use by another program. I was able to forcibly delete the other files in the CSC folder as well as the log files in System 32 that GMER found. Can you advise me how to delete those two files?

This source: http://www.windowspage.de/tipps/022227.html (sadly in German) tells me that this folder is legit, so no need to delete the files in it. It is normal that you have no permissions for it. You have to grant permission for it before you can delete it.

. In RogueKiller, some of the registry corrections apparently didn't take so I did them manually except for the ones related to desktop icons which I'm not sure how to make. As an example:
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-382782190-1362263433-3942239974-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)

To manually make that change, should I delete the value {20D04FE0-3AEA-1069-A2D8-08002B30309D} entirely? Or do I keep it and change the value data from 1 to 0?

RogueKiller said that it has already set the value to 0. You can delete the value also.

4. Are there any remaining tests you feel I should run? Should I use DelFix to remove my tools used?

We will use Delfix now. :)

 

Hello,
in my opinion your PC is clean. :) My help is of course completely free of charge but if you would like to donate some money to me that I can buy some beer, then click on the button paypal.gif. I'd really appreciate it, my friend. :)


We need to remove the tools we've used during cleaning your machine.
  • Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 fjrules

fjrules
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 19 February 2015 - 06:29 PM

Hi Machiavelli,

 

First, thanks for your help so far and, yes, I'll be pleased to Paypal you some $ for beer. ;) 

 

But I'm not positive I'm out of the woods just yet.  Just to be extra safe, I reran a few scans.  Rogue Killer came back clean but the GMER log, although it didn't find many issues, what it DID find looks very weird and is entirely different from the GMER log I sent you in the beginning.  I should also mention that I had to run GMER in safe mode because it kept crashing my computer.  I don't know if that is indicative of lingering issues or not.  Anyway, here is the log:

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-02-19 16:52:42
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000067 WDC_WD50 rev.01.0 465.76GB
Running: gmer.exe; Driver: C:\Windows\TEMP\kwlcikow.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRequestWaitReplyPort + 1495  82C529E5 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2      82C8C312 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 2.1 ----

Device          \FileSystem\fastfat \Fat                    9334A130

AttachedDevice  \FileSystem\fastfat \Fat                    fltmgr.sys

---- EOF - GMER 2.1 ----

 

Can you tell me what, if any, the problems with the Kernel Codes and Devices are?  Do they indicate remaining rootkits?

 

GMER also has a tool called catchme.exe ( http://www2.gmer.net/catchme.htm ) .  I tried running this in both normal and safe mode and it wouldn't open.  It generated a log with the following message: 

 

disk not found C:\

please note that you need administrator rights to perform deep scan
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
 

I am the administrator and only user of the computer so I don't know if the catchme tool is dodgy or something in my computer is trying to block my admin rights.  Thoughts?

 

I have two more questions, if I may:

 

1.  Are the following Security Identifiers legitimate:  S-1-5-21-382782190-1362263433-3942239974-1000 and S-1-5-21-382782190-1362263433-3942239974-1000_classes ?

 

2.  I ran sfc /scannow and Windows Resource Protection found integrity violations.  Can I send you the SFC and CBS logs to review? 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:24 AM

Posted 20 February 2015 - 12:16 PM

Greetings fjrules,

Machiavelli will be unavailable to reply for a bit of time and since we don't want to delay addressing your concerns I will be coming in alongside to continue to address your issues. Please allow me a little bit of time to come up to speed.

Thanks for your understanding and patience,

Gary
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:24 AM

Posted 20 February 2015 - 02:46 PM

Greetings,

I would caution you regarding Peer 2 Peer downloads and the use of Registry Cleaners. Both can result in substantial damage to your computer if not handled properly.
 

Can you tell me what, if any, the problems with the Kernel Codes and Devices are? Do they indicate remaining rootkits?

There is nothing of concern there.

----------
 

Are the following Security Identifiers legitimate:

Yes

---------

It is not uncommon to get the sfc results you received and it is not always indicative of a problem.

----------

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
S3 HPSLPSVC; C:\Users\Joe Collura\AppData\Local\Temp\7zS6A13\hpslpsvc32.dll [X]
S3 dc3d; system32\DRIVERS\dc3d.sys [X]
S0 hcfdkkag; System32\drivers\qwfrch.sys [X]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X]
S3 mferkdk; system32\drivers\mferkdk.sys [X]
S3 mfesmfk; system32\drivers\mfesmfk.sys [X]
S3 NuidFltr; system32\DRIVERS\NuidFltr.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
cmd: dir C:\Windows\system32\%userprofile /s
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • aswMBR report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users