Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Comodo Firewall Picked up QTtask.exe as .heur and I was sent here  (Read 18523 times)

0 Members and 1 Guest are viewing this topic.

cpbunch

    Topic Starter


    Rookie

    • Experience: Experienced
    • OS: Windows 7
    Comodo Firewall Picked up QTtask.exe as .heur and I was sent here
    « on: May 22, 2013, 07:40:18 PM »
    I've followed the instructions in the first steps post:

    Here are the log files:

    ------------------------
    # AdwCleaner v2.301 - Logfile created 05/22/2013 at 21:49:22
    # Updated 16/05/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : cpbunch - CPBUNCH-PC
    # Boot Mode : Normal
    # Running from : C:\Users\cpbunch\Desktop\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    Folder Found : C:\Program Files (x86)\ConduitEngine
    Folder Found : C:\ProgramData\Ask
    Folder Found : C:\Users\cpbunch\AppData\Local\Conduit
    Folder Found : C:\Users\cpbunch\AppData\Local\ConduitEngine

    ***** [Registry] *****

    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
    Key Found : HKCU\Software\YahooPartnerToolbar
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Value Found : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16576

    [OK] Registry is clean.

    -\\ Mozilla Firefox v21.0 (en-US)

    File : C:\Users\cpbunch\AppData\Roaming\Mozilla\Firefox\Profiles\d3cyc2fa.default-1351217900309\prefs.js

    [OK] File is clean.

    File : C:\Users\cpbunch\AppData\Roaming\Mozilla\Firefox\Profiles\rv4lc9iu.default\prefs.js

    Found : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Found : user_pref("CT2438727.CTID", "CT2438727");
    Found : user_pref("CT2438727.CurrentServerDate", "17-12-2010");
    Found : user_pref("CT2438727.DialogsAlignMode", "LTR");
    Found : user_pref("CT2438727.DownloadReferralCookieData", "");
    Found : user_pref("CT2438727.FirstServerDate", "9-11-2010");
    Found : user_pref("CT2438727.FirstTime", true);
    Found : user_pref("CT2438727.FirstTimeFF3", true);
    Found : user_pref("CT2438727.FirstTimeSettingsDone", true);
    Found : user_pref("CT2438727.FixPageNotFoundErrors", true);
    Found : user_pref("CT2438727.GroupingServerCheckInterval", 1440);
    Found : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Found : user_pref("CT2438727.Initialize", true);
    Found : user_pref("CT2438727.InitializeCommonPrefs", true);
    Found : user_pref("CT2438727.InstallationAndCookieDataSent Count", 3);
    Found : user_pref("CT2438727.InstalledDate", "Tue Nov 09 2010 12:31:18 GMT-0500 (Eastern Standard Time)");
    Found : user_pref("CT2438727.IsGrouping", false);
    Found : user_pref("CT2438727.IsMulticommunity", false);
    Found : user_pref("CT2438727.IsOpenThankYouPage", true);
    Found : user_pref("CT2438727.IsOpenUninstallPage", true);
    Found : user_pref("CT2438727.LanguagePackLastCheckTime", "Fri Dec 17 2010 09:12:04 GMT-0500 (Eastern Standar[...]
    Found : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);
    Found : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Found : user_pref("CT2438727.LastLogin_2.7.1.3", "Fri Dec 17 2010 09:12:03 GMT-0500 (Eastern Standard Time)"[...]
    Found : user_pref("CT2438727.LatestVersion", "2.7.1.3");
    Found : user_pref("CT2438727.Locale", "en");
    Found : user_pref("CT2438727.LoginCache", 4);
    Found : user_pref("CT2438727.MCDetectTooltipHeight", "83");
    Found : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    Found : user_pref("CT2438727.MCDetectTooltipWidth", "295");
    Found : user_pref("CT2438727.SHRINK_TOOLBAR", 1);
    Found : user_pref("CT2438727.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
    Found : user_pref("CT2438727.SearchFromAddressBarIsInit", true);
    Found : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
    Found : user_pref("CT2438727.SearchInNewTabEnabled", true);
    Found : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
    Found : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Fri Dec 17 2010 09:12:03 GMT-0500 (Eastern Stand[...]
    Found : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Found : user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
    Found : user_pref("CT2438727.SettingsCheckIntervalMin", 120);
    Found : user_pref("CT2438727.SettingsLastCheckTime", "Fri Dec 17 2010 09:12:02 GMT-0500 (Eastern Standard Ti[...]
    Found : user_pref("CT2438727.SettingsLastUpdate", "1287517459");
    Found : user_pref("CT2438727.ThirdPartyComponentsInterval", 504);
    Found : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Fri Dec 17 2010 09:12:02 GMT-0500 (Eastern Sta[...]
    Found : user_pref("CT2438727.ThirdPartyComponentsLastUpdat e", "1246790578");
    Found : user_pref("CT2438727.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
    Found : user_pref("CT2438727.Uninstall", true);
    Found : user_pref("CT2438727.UserID", "UN27942952635662126");
    Found : user_pref("CT2438727.ValidationData_Toolbar", 2);
    Found : user_pref("CT2438727.alertChannelId", "832836");
    Found : user_pref("CT2438727.clientLogIsEnabled", true);
    Found : user_pref("CT2438727.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
    Found : user_pref("CT2438727.myStuffEnabled", true);
    Found : user_pref("CT2438727.myStuffPublihserMinWidth", 400);
    Found : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Found : user_pref("CT2438727.myStuffServiceIntervalMM", 1440);
    Found : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Found : user_pref("CT2438727.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
    Found : user_pref("CommunityToolbar.SearchFromAddressBarSa vedUrl", "chrome://browser-region/locale/region.pr[...]
    Found : user_pref("CommunityToolbar.ToolbarsList", "CT2438727");
    Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727");
    Found : user_pref("CommunityToolbar.alert.alertInfoInterva l", 1440);
    Found : user_pref("CommunityToolbar.alert.alertInfoLastChe ckTime", "Mon Nov 29 2010 10:00:33 GMT-0500 (Easte[...]
    Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Found : user_pref("CommunityToolbar.alert.locale", "en");
    Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
    Found : user_pref("CommunityToolbar.alert.loginLastCheckTi me", "Sun Nov 28 2010 10:00:33 GMT-0500 (Eastern S[...]
    Found : user_pref("CommunityToolbar.alert.loginLastUpdateT ime", "1283688156");
    Found : user_pref("CommunityToolbar.alert.messageShowTimeS ec", 20);
    Found : user_pref("CommunityToolbar.alert.servicesServerUr l", "hxxp://alert.services.conduit.com");
    Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
    Found : user_pref("CommunityToolbar.alert.userCloseInterva lMin", 300);
    Found : user_pref("CommunityToolbar.alert.userId", "{15cf2ff3-b7ce-44de-bee1-9454424891ce}");

    File : C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\n8atlz4p.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v27.0.1453.93

    File : C:\Users\cpbunch\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [7942 octets] - [22/05/2013 21:49:22]

    ########## EOF - C:\AdwCleaner[R1].txt - [8002 octets] ##########

    ------------------------------------------------

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.05.22.10

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16576
    cpbunch :: CPBUNCH-PC [administrator]

    5/22/2013 9:53:32 PM
    mbam-log-2013-05-22 (21-53-32).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 248262
    Time elapsed: 6 minute(s), 22 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    ----------------------------------------

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.21.2
    Run by cpbunch at 22:00:52 on 2013-05-22
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3894.2001 [GMT -4:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    C:\Program Files\Tablet\Pen\WacomHost.exe
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [AdobeBridge] <no file>
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
    mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    StartupFolder: C:\Users\cpbunch\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
    IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
    IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
    IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
       If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{D401A8EE-A10B-42A4-971D-CEA359C6C38E} : DHCPNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{D401A8EE-A10B-42A4-971D-CEA359C6C38E}\24F626546716E637055726C69636 : DHCPNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{D401A8EE-A10B-42A4-971D-CEA359C6C38E}\251646963737F6E6023456C6562627164796F6E6 : DHCPNameServer = 216.199.46.11 216.199.0.132
    TCP: Interfaces\{D401A8EE-A10B-42A4-971D-CEA359C6C38E}\4796666696E6C6962627162797 : DHCPNameServer = 192.168.0.10 192.168.0.79
    TCP: Interfaces\{D401A8EE-A10B-42A4-971D-CEA359C6C38E}\E4544574541425 : DHCPNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= 
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
    x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    .
    INFO: x64-HKLM has more than 50 listed domains.
       If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    Hosts: 127.0.0.1   www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\cpbunch\AppData\Roaming\Mozilla\Firefox\Profiles\rv4lc9iu.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Career Step\Footpedal Plugin\nppedal.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
    FF - plugin: C:\Users\cpbunch\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
    FF - plugin: C:\Users\cpbunch\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\cpbunch\AppData\Roaming\Mozilla\Firefox\Profiles\rv4lc9iu.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
    FF - plugin: C:\Users\cpbunch\AppData\Roaming\Mozilla\Firefox\Profiles\rv4lc9iu.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npPitPlugin.dll
    FF - plugin: C:\Users\cpbunch\AppData\Roaming\Mozilla\Firefox\Profiles\rv4lc9iu.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
    FF - plugin: C:\Users\cpbunch\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\cpbunch\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Users\cpbunch\AppData\Roaming\Mozilla\plugins\npo1d.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
    FF - ExtSQL: 2013-03-24 19:10; feedly@devhd; C:\Users\cpbunch\AppData\Roaming\Mozilla\Firefox\Profiles\rv4lc9iu.default\extensions\[email protected]
    FF - ExtSQL: 2013-03-25 01:38; [email protected]; C:\Users\cpbunch\AppData\Roaming\Mozilla\Firefox\Profiles\rv4lc9iu.default\extensions\[email protected]
    FF - ExtSQL: !HIDDEN! 2010-08-07 12:28; [email protected]; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-8 65336]
    R0 pavboot;Panda Boot Driver;C:\Windows\System32\drivers\pavboot64.sys [2010-8-21 33800]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-1-21 55856]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-11-20 1025808]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-11-20 377920]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2011-5-2 584056]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2011-5-2 38144]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
    R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-11-20 33400]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-11-20 80816]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-8 45248]
    R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-5-1 181544]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-17 92216]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-8-9 38608]
    R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-4-12 3560288]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-4-20 2320920]
    R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2013-5-16 619904]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-2-22 317440]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2013-4-11 251496]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-2-22 708200]
    R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2011-9-8 1225832]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
    S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-8 178624]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-11-11 57856]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
    S3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2013-5-16 13728]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2013-2-22 16152]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-25 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2013-5-16 81824]
    S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2013-5-16 15776]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-4 1255736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    S4 lxcy_device;lxcy_device;C:\Windows\System32\lxcycoms.exe -service --> C:\Windows\System32\lxcycoms.exe -service [?]
    .
    =============== File Associations ===============
    .
    FileExt: .js: JSFile=C:\Windows\System32\WScript.exe "%1" %* [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2013-05-23 00:11:38   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
    2013-05-23 00:11:38   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
    2013-05-23 00:11:38   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
    2013-05-23 00:11:38   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
    2013-05-23 00:11:37   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
    2013-05-18 15:26:04   --------   d-----w-   C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-05-18 15:26:04   --------   d-----w-   C:\Program Files\iTunes
    2013-05-17 02:57:20   --------   d-----w-   C:\Users\cpbunch\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
    2013-05-17 02:57:03   --------   d-----w-   C:\Users\cpbunch\AppData\Roaming\Wacom
    2013-05-17 02:56:33   --------   d-----w-   C:\ProgramData\Wacom
    2013-05-17 02:55:53   --------   d-----w-   C:\Program Files (x86)\Bamboo Dock
    2013-05-17 02:12:29   --------   d-----w-   C:\Users\cpbunch\AppData\Roaming\WTablet
    2013-05-17 02:12:13   --------   d-----w-   C:\Program Files (x86)\TabletPlugins
    2013-05-17 02:12:12   --------   d-----w-   C:\Program Files\TabletPlugins
    2013-05-17 02:11:49   15776   ----a-w-   C:\Windows\System32\drivers\wacomrouterfilter.sys
    2013-05-17 02:11:01   81824   ----a-w-   C:\Windows\System32\drivers\wachidrouter.sys
    2013-05-17 02:11:01   13728   ----a-w-   C:\Windows\System32\drivers\hidkmdf.sys
    2013-05-17 02:10:51   1974144   ----a-w-   C:\Windows\System32\Pen_Touch_Tablet.dll
    2013-05-17 02:10:51   1840000   ----a-w-   C:\Windows\System32\WacomMT.dll
    2013-05-17 02:10:51   1621888   ----a-w-   C:\Windows\SysWow64\Pen_Touch_Tablet.dll
    2013-05-17 02:10:51   1509760   ----a-w-   C:\Windows\SysWow64\Wintab32.dll
    2013-05-17 02:10:51   1505664   ----a-w-   C:\Windows\SysWow64\WacomMT.dll
    2013-05-17 02:10:50   1843584   ----a-w-   C:\Windows\System32\Wintab32.dll
    2013-05-17 02:10:50   1628544   ----a-w-   C:\Windows\SysWow64\Pen_Tablet.dll
    2013-05-17 02:10:49   1981312   ----a-w-   C:\Windows\System32\Pen_Tablet.dll
    2013-05-17 02:10:42   --------   d-----w-   C:\Program Files\Tablet
    2013-05-17 01:56:33   --------   d-----w-   C:\Users\cpbunch\AppData\Roaming\com.adobe.DC3Module.AdobeADC
    2013-05-15 20:28:09   983400   ----a-w-   C:\Windows\System32\drivers\dxgkrnl.sys
    2013-05-15 20:28:08   265064   ----a-w-   C:\Windows\System32\drivers\dxgmms1.sys
    2013-05-15 20:28:08   144384   ----a-w-   C:\Windows\System32\cdd.dll
    2013-05-15 20:28:03   3153920   ----a-w-   C:\Windows\System32\win32k.sys
    2013-05-15 20:28:02   48640   ----a-w-   C:\Windows\System32\wwanprotdim.dll
    2013-05-15 20:28:02   230400   ----a-w-   C:\Windows\System32\wwansvc.dll
    2013-05-15 20:27:51   1930752   ----a-w-   C:\Windows\System32\authui.dll
    2013-05-15 20:27:46   1796096   ----a-w-   C:\Windows\SysWow64\authui.dll
    2013-05-15 20:27:46   111448   ----a-w-   C:\Windows\System32\consent.exe
    2013-05-15 20:27:44   70144   ----a-w-   C:\Windows\System32\appinfo.dll
    2013-05-11 10:37:28   209472   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2013-05-01 07:59:12   94208   ----a-w-   C:\Windows\SysWow64\QuickTimeVR.qtx
    2013-05-01 07:59:12   69632   ----a-w-   C:\Windows\SysWow64\QuickTime.qts
    2013-04-23 23:10:53   1656680   ----a-w-   C:\Windows\System32\drivers\ntfs.sys
    2013-04-23 23:09:55   95648   ----a-w-   C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-04-23 23:05:45   861088   ----a-w-   C:\Windows\SysWow64\npDeployJava1.dll
    .
    ==================== Find3M  ====================
    .
    2013-05-23 00:27:59   16152   ----a-w-   C:\Windows\System32\drivers\SWDUMon.sys
    2013-05-14 20:49:27   71048   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-05-14 20:49:27   692104   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-04-13 05:49:23   135168   ----a-w-   C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49:19   350208   ----a-w-   C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49:19   308736   ----a-w-   C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49:19   111104   ----a-w-   C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45:16   474624   ----a-w-   C:\Windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45:15   2176512   ----a-w-   C:\Windows\apppatch\AcGenral.dll
    2013-04-11 12:30:29   348160   ----a-w-   C:\Windows\SysWow64\msvcr71.dll
    2013-04-04 18:50:32   25928   ----a-w-   C:\Windows\System32\drivers\mbam.sys
    2013-04-02 14:09:52   4550656   ----a-w-   C:\Windows\SysWow64\GPhotos.scr
    2013-03-19 06:04:06   5550424   ----a-w-   C:\Windows\System32\ntoskrnl.exe
    2013-03-19 05:46:56   43520   ----a-w-   C:\Windows\System32\csrsrv.dll
    2013-03-19 05:04:13   3968856   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
    2013-03-19 05:04:10   3913560   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
    2013-03-19 04:47:50   6656   ----a-w-   C:\Windows\SysWow64\apisetschema.dll
    2013-03-19 03:06:33   112640   ----a-w-   C:\Windows\System32\smss.exe
    2013-03-13 16:57:27   782240   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
    2013-03-06 23:33:21   70992   ----a-w-   C:\Windows\System32\drivers\aswRdr2.sys
    2013-03-06 23:33:21   65336   ----a-w-   C:\Windows\System32\drivers\aswRvrt.sys
    2013-03-06 23:33:21   178624   ----a-w-   C:\Windows\System32\drivers\aswVmm.sys
    2013-03-06 23:33:21   1025808   ----a-w-   C:\Windows\System32\drivers\aswSnx.sys
    2013-03-06 23:33:20   80816   ----a-w-   C:\Windows\System32\drivers\aswMonFlt.sys
    2013-03-06 23:32:51   41664   ----a-w-   C:\Windows\avastSS.scr
    .
    ============= FINISH: 22:02:23.35 ===============

    -----------------------------------------
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/3/2010 4:39:26 PM
    System Uptime: 5/22/2013 8:25:18 PM (2 hours ago)
    .
    Motherboard: Hewlett-Packard |  | 1425
    Processor: Intel(R) Core(TM) i3 CPU       M 350  @ 2.27GHz | CPU | 1450/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 284 GiB total, 68.729 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 2.292 GiB free.
    E: is FIXED (FAT32) - 0 GiB total, 0.093 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Virtual WiFi Miniport Adapter
    Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1F480225&0&01
    Manufacturer: Microsoft
    Name: Microsoft Virtual WiFi Miniport Adapter
    PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1F480225&0&01
    Service: vwifimp
    .
    ==== System Restore Points ===================
    .
    RP605: 5/11/2013 3:18:19 PM - Scheduled Checkpoint
    RP606: 5/12/2013 7:15:01 PM - Installed Evernote v. 4.6.5
    RP607: 5/16/2013 3:00:47 PM - Windows Update
    RP608: 5/18/2013 11:20:46 AM - Installed iTunes
    RP609: 5/21/2013 3:00:16 PM - Windows Update
    RP610: 5/22/2013 9:42:00 AM - Installed DirectX
    RP611: 5/22/2013 8:34:02 PM - Removed Motorola Device Manager
    .
    ==== Installed Programs ======================
    .
    64 Bit HP CIO Components Installer
    7-Zip 9.20
    Acrobat.com
    Adobe Acrobat X Pro - English, Français, Deutsch
    Adobe AIR
    Adobe Community Help
    Adobe Content Viewer
    Adobe Creative Suite 5.5 Design Premium
    Adobe Creative Suite 5.5 Design Standard
    Adobe Download Assistant
    Adobe Edge Animate
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Photoshop Elements 9
    Adobe Photoshop.com Inspiration Browser
    Adobe Premiere Elements 9
    Adobe Reader XI (11.0.03)
    Adobe Shockwave Player
    Adobe Shockwave Player 12.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    avast! Free Antivirus
    Bamboo Dock
    BarTender 9.4
    Bejeweled 2 Deluxe
    Blackhawk Striker 2
    Blasterball 3
    BlogBridge
    Bonjour
    BufferChm
    Build-a-lot 2
    Cake Mania
    Career Step Foot Pedal Software (remove only)
    CCleaner
    Chuzzle Deluxe
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    COMODO Internet Security
    Compatibility Pack for the 2007 Office system
    ConvertHelper 2.2
    Core FTP LE
    Corel PaintShop Photo Pro X3
    Cricut DesignStudio
    CricutSync
    CyberLink DVD Suite
    CyberLink MediaShow
    CyberLink PowerDVD 9
    D3DX10
    D6100_D7100_D7300_Help
    D7100
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DeviceDiscovery
    Diner Dash 2 Restaurant Rescue
    Dora's Carnival Adventure
    Dropbox
    Elements 9 Organizer
    Elements STI Installer
    Escape Rosecliff Island
    ESU for Microsoft Windows 7
    Evernote v. 4.6.5
    Express Dictate
    Express Scribe
    Faerie Solitaire
    FATE
    FileHippo.com Update Checker
    FileZilla Client 3.6.0.2
    GIMP 2.6.10
    Google Chrome
    Google Earth
    Google Talk Plugin
    Google Update Helper
    GoToMeeting 5.4.0.1082
    GPBaseService2
    HP Advisor
    HP Battery Check
    HP Customer Experience Enhancements
    HP Customer Participation Program 13.0
    HP Deskjet & Photosmart Printer Driver Software 13.0 Rel. A
    HP Game Console
    HP Games
    HP Imaging Device Functions 13.0
    HP Photosmart Essential 3.5
    HP Product Detection
    HP Setup
    HP Smart Web Printing 4.60
    HP Software Framework
    HP Solution Center 13.0
    HP Update
    HP User Guides 0183
    HP Wireless Assistant
    HPPhotoGadget
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    ICA
    Inkscape 0.48.0
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel® Matrix Storage Manager
    IPM_PSP_CL
    IPM_PSP_COM
    iTunes
    Java 7 Update 21
    Java Auto Updater
    Jewel Quest 3
    Jewel Quest Solitaire 2
    join.me
    Junk Mail filter update
    LabelPrint
    LightScribe System Software
    Macromedia Dreamweaver MX
    Macromedia Extension Manager
    Make The Cut!
    Malwarebytes Anti-Malware version 1.75.0.1300
    MarketResearch
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Live Search Toolbar
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2010
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    Microsoft Silverlight
    Microsoft SkyDrive
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    Microsoft Works
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFC_x86_x64
    Microsoft_VC90_MFCLOC_x86
    Microsoft_VC90_MFCLOC_x86_x64
    Movie Maker
    Movies
    Mozilla Firefox 21.0 (x86 en-US)
    Mozilla Maintenance Service
    Mozilla Thunderbird 17.0.6 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    MSVCRT110
    MSVCRT110_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2758694)
    muvee Reveal
    Mystery P.I. - The New York Fortune
    OpenOffice.org 3.4.1
    Panda ActiveScan 2.0
    Panda Cloud Cleaner
    PDF Settings CS5
    Penguins!
    Philips PC Camera
    Photo Common
    Photo Gallery
    Picasa 3
    Pidgin
    Plants vs. Zombies
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PowerDirector
    QuickTime
    RealDownloader
    Realtek Ethernet Controller All-In-One Windows Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    REALTEK Wireless LAN Software
    Recovery Manager
    Seagate Manager Installer
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
    Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
    Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    SF_CDA_ProductContext
    SF_CDA_Software
    Shop for HP Supplies
    Skype™ 6.3
    SlimDrivers
    SmartSound Quicktracks for Premiere Elements 9.0
    SmartWebPrinting
    SocialBro
    SolutionCenter
    Spotify
    SpywareBlaster 5.0
    Status
    SUPERAntiSpyware
    swMSM
    Synaptics Pointing Device Driver
    TeamViewer 8
    TextTwist 2
    Toolbox
    TrayApp
    TweetDeck
    Unity Web Player
    UnloadSupport
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    Virtual Families
    Virtual Villagers - The Secret City
    Wacom
    WebReg
    WebTablet FB Plugin 32 bit
    WebTablet FB Plugin 64 bit
    Wheel of Fortune 2
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    Yahoo! Messenger
    Zuma's Revenge
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/22/2013 7:50:57 AM, Error: Service Control Manager [7043]  - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
    5/22/2013 1:31:40 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    5/21/2013 6:48:18 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
    5/21/2013 6:48:17 AM, Error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The pipe has been ended.
    5/21/2013 6:46:45 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TeamViewer8 service.
    5/20/2013 6:45:58 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Motorola Device Manager service.
    5/18/2013 11:20:33 AM, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================


    Logged

    SuperDave

    • Malware Removal Specialist


      • Genius
      • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Comodo Firewall Picked up QTtask.exe as .heur and I was sent here
    « Reply #1 on: May 23, 2013, 12:29:19 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    Remove the Adware:
    • Please close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
    **********************************************
    I see you are running Poker Stars. Poker Stars has a history of distributing spyware in their products. However, security experts still question this program as good or bad. I recommend to remove it to prevent spyware, but it is up to you to decide if you want to keep it.

    If you would like to uninstall it, do so as follows:

    Press Start, and navigate to the Control Panel. When in the control panel enter Add or Remove programs. Search for and locate PokerStars, and either click Change/Remove or Remove.
    ***************************************
    Please download Junkware Removal Tool to your desktop.

    Warning! Once the scan is complete JRT will shut down your browser with NO warning.

    Shut down your protection software now to avoid potential conflicts.

    •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

    •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

    •The tool will open and start scanning your system.

    •Please be patient as this can take a while to complete depending on your system's specifications.

    •On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

    •Copy and Paste the JRT.txt log into your next message.
    ****************************************
    Download Combofix from any of the links below, and save it to your DESKTOP
    If your version of Windows defaults to you download folder you will need to copy it to your desktop.

    Link 1
    Link 2
    Link 3

    To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
    • Close any open windows and double click ComboFix.exe to run it.

      You will see the following image:


    Click I Agree to start the program.

    ComboFix will then extract the necessary files and you will see this:



    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

    It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

    If you did not have it installed, you will see the prompt below. Choose YES.



    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



    Click on Yes, to continue scanning for malware.

    When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

    Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
    Logged
    Windows 8 and Windows 10 dual boot with two SSD's

    cpbunch

      Topic Starter


      Rookie

      • Experience: Experienced
      • OS: Windows 7
      Re: Comodo Firewall Picked up QTtask.exe as .heur and I was sent here
      « Reply #2 on: May 24, 2013, 04:42:47 AM »
      Thank you so much for the quick response. I wasn't aware that those games were on this computer. I found them in my start menu under HP Games and then in the control panel under HP Games. It doesn't look like I can uninstall just one game though. Should I go ahead and uninstall them all?  I don't play them so it is not a problem. Just didn't want to proceed since without asking since my setup was a little different.

      I believe I've followed the instructions correctly.

      Thanks!
      Michele

      Here are my logs:

      JRT Log

      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Thisisu
      Version: 4.9.4 (05.06.2013:1)
      OS: Windows 7 Home Premium x64
      Ran by cpbunch on Fri 05/24/2013 at  3:35:35.14
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




      ~~~ Services



      ~~~ Registry Values



      ~~~ Registry Keys



      ~~~ Files

      Successfully deleted: [File] C:\eula.1028.txt
      Successfully deleted: [File] C:\eula.1031.txt
      Successfully deleted: [File] C:\eula.1033.txt
      Successfully deleted: [File] C:\eula.1036.txt
      Successfully deleted: [File] C:\eula.1040.txt
      Successfully deleted: [File] C:\eula.1041.txt
      Successfully deleted: [File] C:\eula.1042.txt
      Successfully deleted: [File] C:\eula.2052.txt
      Successfully deleted: [File] C:\install.res.1028.dll
      Successfully deleted: [File] C:\install.res.1031.dll
      Successfully deleted: [File] C:\install.res.1033.dll
      Successfully deleted: [File] C:\install.res.1036.dll
      Successfully deleted: [File] C:\install.res.1040.dll
      Successfully deleted: [File] C:\install.res.1041.dll
      Successfully deleted: [File] C:\install.res.1042.dll
      Successfully deleted: [File] C:\install.res.2052.dll
      Successfully deleted: [File] C:\install.res.3082.dll



      ~~~ Folders

      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{01745E97-667D-4461-8629-69D6120AD07E}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{04D97D4E-3060-4702-9017-C089A0ADC6B1}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{055AF91E-37DC-4A71-893F-B3EA54487487}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{0618AAB5-9716-4944-8263-6796DD424511}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{08770506-B9A3-42D7-B27A-31F687525C67}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{0A014A42-09BA-455F-B9E5-0B2FCAAD2A2A}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{0BCA901D-CBA1-4C44-9CAB-5426B5D6F707}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{1147A5F0-3805-41AF-B613-4235206E907F}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{163F9CEC-B662-4B1C-AAC3-A27DAB94C74D}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{1664746A-1B95-438D-8E91-1005FA43EF94}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{16C63604-2E87-476E-A048-AC2C0F91434D}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{1B323C6D-8EEC-4C65-8A1C-5D2B314B707A}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{1D169B4C-2195-44F9-A5C9-FD3E4391855B}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{21DBF3A7-790E-4C22-82ED-E04A5B815D83}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{230CF2FB-7C23-40A6-9E0D-26BD97E3543C}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{257C121F-CF13-4788-9313-9B4AC8932BD5}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{2EC1EBFD-698A-4F74-A86E-1BD25268844B}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{30EA99BC-B137-427D-9CD5-8A5B16F020D0}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{32C1DE13-97CC-45E1-B426-AD90152F1DC4}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{37176F3F-2DBB-4517-920A-2D5B1926A710}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{38BACB10-FADA-4D5C-822B-796D9F65EEAB}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{396DFDF3-747D-41A3-9326-A067A7FFA975}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{398F792F-B121-463A-87B3-6031E3555A3F}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{3B83B25F-294C-4324-BD3C-D6DBE2A6DD4C}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{3C4A14CC-99D5-48DF-9BDE-3D7B81F8F36A}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{3D27CAE7-A5AE-41F1-941F-C4838E5FDA2E}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{4200DF7E-D8DE-43DB-98B6-7DCB4B17EE5C}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{42584426-CBDB-4069-AF84-4704C2B1FAEF}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{425CA71F-6B5F-4171-85AC-4D18B465FD3A}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{44F9C032-EC05-4C90-993F-90005A6EB132}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{4665CBB6-5A0B-4CC0-9911-1673FA5587F1}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{504508E1-2D15-4CE1-BF3F-7AE77C255515}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{50892F8E-534C-4449-92BD-D271B3A008AE}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{5157E3AF-D9AE-4BBB-8ACB-4D4B2613C057}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{53C8F9AF-93F8-4DE0-8ADF-94DC121E9DFD}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{53D7E3BB-E198-42C9-AC69-7673C4A73DE3}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{5450E1C6-3E3C-47C4-A542-1E67DEC5CA18}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{5461DB06-6590-4873-97E3-F205808AC4CC}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{58C2361B-94B3-4676-A96A-99DC35AD2820}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{58F6047E-569B-48F5-A3FA-40BB37F45DAA}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{5964392C-3A1B-4D1B-A652-6331F478B7B7}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{59A8F0B4-494E-4190-A85D-7FBACB481E9E}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{5A6819DF-DB3A-4618-8D1E-1B682AE1659B}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{5F880055-C053-4864-BFDE-0A5A034989A4}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{61BC3319-3408-4EDC-90FD-127E7C97CCFA}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{61F7A1FC-C4B2-45EA-B7A9-DF517582344F}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{625F8210-D637-4DAA-8B4B-A8FB88127666}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{630213D4-6698-4F26-AD84-18A43675555C}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{64DCC4A0-F647-49F8-8BCE-30FCBBC2AC50}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{6567BD46-FF15-445B-A637-D17BFF828D7E}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{6858F74A-89C7-4959-A330-EA8698A310C2}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{6A75E37F-4EBA-4893-B515-751B347C499B}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{6E9978E7-AA95-4878-A860-38104E5A8C8B}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{73F03967-DEE6-424F-ADBE-C0F383375DE4}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{742ADD61-897E-419F-A41C-8DC2279C9BFB}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{7692BDF2-BF08-431E-B755-BD560DD173CE}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{76C7356F-E6FA-49C8-BA4A-AE225F772DD2}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{76EA1611-BCBB-4028-BB07-390D65458456}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{77275D9A-968B-459E-953D-4AC7D632465D}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{7746545E-A6C9-4ED5-89FA-7AA177B770A1}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{77AFBD7B-56F5-4A66-BA00-65B7282F5B36}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{78D8B2CC-5C2D-4F91-BC3B-D106E4DBAC27}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{78E11F1B-BFF7-4EC1-993A-58CF3F28F365}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{7980D047-72BD-4943-8489-21F1CF763C92}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{7C2D533C-B50F-44F8-9BA3-49FDB6489E2F}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{7C48DF0B-209D-4BA5-95BC-582BB44CE4A7}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{80E18A3B-F956-4F47-81A6-5BB6B4722AA3}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{83C08032-BB32-41A3-A577-363C7C5784F7}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{83F5C9AA-3A44-4BA3-85E6-5E3FCCC8914A}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{83F89F9B-EFA1-423E-9B3C-BB8B4DE5716A}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{84087354-67EC-49FA-819F-188E505C8E10}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{87ED8936-4F89-4842-9B11-8395E37A847F}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{88DE0262-1890-435D-AC4D-4A885E7FDFAB}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{8CB3D28F-9E8E-4727-9716-58C5165112A3}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{8D6D9865-0D66-4891-AF72-E8DD1A756A92}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{8FB89379-26C6-42EB-B0E2-D86E47D70B64}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{91D95211-1091-402F-8FBA-2DA883A9A743}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{91ED8A14-2B44-4A1A-91E0-75BACE552D3F}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{93837B1B-47B8-44A0-8E6E-099B66417CB9}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{941A1583-D020-4603-B8C8-B4981557F32D}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{97B528BF-B5F4-492D-B9C2-4559A6C5DFD8}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{99EE2766-9392-4BE0-B306-B96BED2C8BC3}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{A1B3D0B9-D9D2-4E4C-A91F-F97B6F9972AF}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{A39FBF1A-CFDA-4F16-9A7F-D37B5A27D53D}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{A70700A9-C99B-4F95-9E1F-2CDD2EDF6FB5}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{A929122F-0B4F-4483-925F-598004CDCFD1}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{A935630E-F88E-423B-9508-F8C9F8107152}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{AD199063-E61C-4C03-B789-77CAC7CC4146}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{AD306FF5-C542-48F5-A0EB-F8CC4C60FA53}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{AE95F62A-C38A-44E2-9A9D-124458436F23}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{AFA3E0C2-EBAD-43DB-AB8B-A918EDC07C03}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{AFD04A17-9BAA-4854-A919-7E5DAAAB0F13}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{B04A6C2D-FFF5-4AE5-9AFA-87BBE9DE586E}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{B19B20C4-9647-44A3-8CC0-A2AA3E270035}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{B1DF1F35-199E-4217-A40B-D8279DF1D06E}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{B37C935D-5AD3-430A-AD71-BE06F14A64ED}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{B7AC5E15-EE64-44EB-958A-688E27556DA8}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{BA05D834-7347-4A21-A1F7-48E1C55765B2}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{BC8C1304-B691-4125-B8D1-79F925768A3A}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{BE5D434D-E97D-4C7F-A898-D2D3844E7B6F}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{BEEEA544-CC3D-435C-897D-D13145047815}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{BF41785A-1793-4764-9FE4-78A1D023E038}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{C004EE9F-8614-4940-9315-590536E43E23}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{C1D33A80-45AD-4DEF-A402-5696C4ED9AA4}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{C2147E39-38C4-4FFA-A1C0-E9DFD8017BAC}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{C24ABF30-EB69-4A7C-A08E-5509DCDAFF9B}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{C24CECB0-6EA7-45E9-B1C2-272F1BB4697A}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{C3D22EE6-4E11-4C00-B485-485E85287DDA}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{C47E0F24-E8B8-4D8B-AD44-A2C6BE0D320E}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{C4B06EEE-BDDC-4915-8758-5C8638158F76}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{C4C9B6A0-E872-48DF-B7F6-0B3A51407A28}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{C68F0901-51B5-4078-B462-C839D00644EB}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{C89B399C-D552-43F8-BD48-36DA30D87506}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{CA0E62A0-58AD-402C-8E08-52A5CF447E20}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{CA0FC4C9-6D8D-4034-9660-F6E6E518ADE7}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{CA4B9EFE-887D-4CCE-A83D-6DB5AA7B1E83}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{CACC05FD-CF08-4B4E-B042-4FE8AE63EB50}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{CE1E52E0-E949-4464-B1E2-F29D0FA48733}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{CEBD5C33-16AE-4000-BF9F-65B8DB66811D}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{CF7F1C71-5B9C-4EFF-9EBB-2C374A4269A4}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{D65EA061-D5D5-4589-A166-0F4C4AB89096}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{D97BE2D6-66D6-4012-838C-5E81E31A26C5}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{DBBAB9C5-8DB2-4896-B8F3-E23020C3DD84}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{DBCE1920-5CFC-4C52-99C3-D39172A5EB9E}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{DE0F1E0B-E9C6-4E57-BCC2-F841F7CE5539}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{E3CE6B4C-EF5C-450A-AC64-BE7D0A94685F}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{E6EAD699-181A-4179-A497-FE734AB88478}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{E713834B-B879-4E34-A049-17E1791AB6B9}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{E9D62BA9-B3BF-4923-9DD4-30BF04A52819}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{EA59E293-59FD-4136-BA2E-88120CF6B3CE}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{EA5F0E23-9AA0-4277-A1B6-124DBD92FB46}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{F1BB977E-9AEE-4C13-8AE6-B2F60E2F8F70}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{F58FFE7E-BB70-42F0-BF79-71440D8C1254}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{F5F0CE70-34DE-46EF-87BC-920427F688CC}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{F610F6FA-26F7-4163-8003-DFFDFE76B8D1}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{F78B3613-8387-4A06-B44C-E4EF3C3A9850}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{F8086424-7541-44E1-9248-680A7EDA2CC8}
      Successfully deleted: [Empty Folder] C:\Users\cpbunch\appdata\local\{FDF43500-DB25-430B-9DC9-DC0FF49D4ABB}



      ~~~ Event Viewer Logs were cleared





      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Scan was completed on Fri 05/24/2013 at  3:40:57.52
      End of JRT log
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       

      Combofix Log:

      ComboFix 13-05-24.01 - cpbunch 05/24/2013   6:50.1.4 - x64
      Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3894.2155 [GMT -4:00]
      Running from: c:\users\cpbunch\Desktop\ComboFix.exe
      AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
      FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
      SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      .
      (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\programdata\652DBF535C.sys
      c:\programdata\SPL1746.tmp
      c:\users\cpbunch\g2mdlhlpx.exe
      .
      .
      (((((((((((((((((((((((((   Files Created from 2013-04-24 to 2013-05-24  )))))))))))))))))))))))))))))))
      .
      .
      2013-05-24 11:04 . 2013-05-24 11:04   --------   d-----w-   c:\users\Public\AppData\Local\temp
      2013-05-24 07:35 . 2013-05-24 07:35   --------   d-----w-   c:\windows\ERUNT
      2013-05-24 07:35 . 2013-05-24 07:35   --------   d-----w-   C:\JRT
      2013-05-23 00:11 . 2013-05-23 00:11   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
      2013-05-23 00:11 . 2013-05-23 00:11   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
      2013-05-23 00:11 . 2013-05-23 00:11   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
      2013-05-23 00:11 . 2013-05-23 00:11   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
      2013-05-23 00:11 . 2013-05-23 00:11   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin.dll
      2013-05-23 00:11 . 2013-05-23 00:11   --------   d-----w-   c:\program files (x86)\QuickTime
      2013-05-18 15:26 . 2013-05-18 15:27   --------   d-----w-   c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
      2013-05-18 15:26 . 2013-05-18 15:27   --------   d-----w-   c:\program files\iTunes
      2013-05-17 02:57 . 2013-05-17 02:57   --------   d-----w-   c:\users\cpbunch\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
      2013-05-17 02:57 . 2013-05-17 02:57   --------   d-----w-   c:\users\cpbunch\AppData\Roaming\Wacom
      2013-05-17 02:56 . 2013-05-17 02:57   --------   d-----w-   c:\programdata\Wacom
      2013-05-17 02:55 . 2013-05-17 02:56   --------   d-----w-   c:\program files (x86)\Bamboo Dock
      2013-05-17 02:12 . 2013-05-17 02:13   --------   d-----w-   c:\users\cpbunch\AppData\Roaming\WTablet
      2013-05-17 02:12 . 2013-05-17 02:12   --------   d-----w-   c:\program files (x86)\TabletPlugins
      2013-05-17 02:11 . 2012-11-15 13:41   15776   ----a-w-   c:\windows\system32\drivers\wacomrouterfilter.sys
      2013-05-17 02:11 . 2012-12-03 20:36   81824   ----a-w-   c:\windows\system32\drivers\wachidrouter.sys
      2013-05-17 02:11 . 2012-12-03 20:36   13728   ----a-w-   c:\windows\system32\drivers\hidkmdf.sys
      2013-05-17 02:10 . 2012-12-11 17:07   1974144   ----a-w-   c:\windows\system32\Pen_Touch_Tablet.dll
      2013-05-17 02:10 . 2012-12-11 17:07   1840000   ----a-w-   c:\windows\system32\WacomMT.dll
      2013-05-17 02:10 . 2012-12-11 17:07   1621888   ----a-w-   c:\windows\SysWow64\Pen_Touch_Tablet.dll
      2013-05-17 02:10 . 2012-12-11 17:07   1509760   ----a-w-   c:\windows\SysWow64\Wintab32.dll
      2013-05-17 02:10 . 2012-12-11 17:07   1505664   ----a-w-   c:\windows\SysWow64\WacomMT.dll
      2013-05-17 02:10 . 2012-12-11 17:07   1843584   ----a-w-   c:\windows\system32\Wintab32.dll
      2013-05-17 02:10 . 2012-12-11 17:07   1628544   ----a-w-   c:\windows\SysWow64\Pen_Tablet.dll
      2013-05-17 02:10 . 2012-12-11 17:07   1981312   ----a-w-   c:\windows\system32\Pen_Tablet.dll
      2013-05-17 02:10 . 2013-05-17 02:11   --------   d-----w-   c:\program files\Tablet
      2013-05-17 01:56 . 2013-05-17 01:56   --------   d-----w-   c:\users\cpbunch\AppData\Roaming\com.adobe.DC3Module.AdobeADC
      2013-05-15 20:28 . 2013-04-10 06:01   983400   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
      2013-05-15 20:28 . 2013-04-10 06:01   265064   ----a-w-   c:\windows\system32\drivers\dxgmms1.sys
      2013-05-15 20:28 . 2011-02-03 11:25   144384   ----a-w-   c:\windows\system32\cdd.dll
      2013-05-15 20:28 . 2013-04-10 03:30   3153920   ----a-w-   c:\windows\system32\win32k.sys
      2013-05-15 20:28 . 2013-03-19 05:53   48640   ----a-w-   c:\windows\system32\wwanprotdim.dll
      2013-05-15 20:28 . 2013-03-19 05:53   230400   ----a-w-   c:\windows\system32\wwansvc.dll
      2013-05-15 20:27 . 2013-02-27 05:52   14172672   ----a-w-   c:\windows\system32\shell32.dll
      2013-05-15 20:27 . 2013-02-27 05:48   1930752   ----a-w-   c:\windows\system32\authui.dll
      2013-05-15 20:27 . 2013-02-27 05:52   197120   ----a-w-   c:\windows\system32\shdocvw.dll
      2013-05-15 20:27 . 2013-02-27 06:02   111448   ----a-w-   c:\windows\system32\consent.exe
      2013-05-15 20:27 . 2013-02-27 04:49   1796096   ----a-w-   c:\windows\SysWow64\authui.dll
      2013-05-15 20:27 . 2013-02-27 05:47   70144   ----a-w-   c:\windows\system32\appinfo.dll
      2013-05-11 10:37 . 2013-05-11 10:37   209472   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
      2013-05-01 07:59 . 2013-05-01 07:59   94208   ----a-w-   c:\windows\SysWow64\QuickTimeVR.qtx
      2013-05-01 07:59 . 2013-05-01 07:59   69632   ----a-w-   c:\windows\SysWow64\QuickTime.qts
      .
      .
      .
      ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2013-05-18 00:35 . 2012-07-17 19:37   22240   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
      2013-05-16 19:22 . 2010-08-04 11:44   75016696   ----a-w-   c:\windows\system32\MRT.exe
      2013-05-14 20:49 . 2012-04-10 17:03   692104   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
      2013-05-14 20:49 . 2011-10-21 22:20   71048   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      2013-04-13 05:49 . 2013-05-15 20:28   135168   ----a-w-   c:\windows\apppatch\AppPatch64\AcXtrnal.dll
      2013-04-13 05:49 . 2013-05-15 20:28   350208   ----a-w-   c:\windows\apppatch\AppPatch64\AcLayers.dll
      2013-04-13 05:49 . 2013-05-15 20:28   308736   ----a-w-   c:\windows\apppatch\AppPatch64\AcGenral.dll
      2013-04-13 05:49 . 2013-05-15 20:28   111104   ----a-w-   c:\windows\apppatch\AppPatch64\acspecfc.dll
      2013-04-13 04:45 . 2013-05-15 20:28   474624   ----a-w-   c:\windows\apppatch\AcSpecfc.dll
      2013-04-13 04:45 . 2013-05-15 20:28   2176512   ----a-w-   c:\windows\apppatch\AcGenral.dll
      2013-04-12 14:45 . 2013-04-23 23:10   1656680   ----a-w-   c:\windows\system32\drivers\ntfs.sys
      2013-04-11 12:30 . 2013-04-11 12:30   348160   ----a-w-   c:\windows\SysWow64\msvcr71.dll
      2013-04-04 18:50 . 2012-11-28 17:24   25928   ----a-w-   c:\windows\system32\drivers\mbam.sys
      2013-04-04 09:35 . 2013-04-23 23:09   95648   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
      2013-04-02 14:09 . 2013-04-02 14:09   4550656   ----a-w-   c:\windows\SysWow64\GPhotos.scr
      2013-03-19 06:04 . 2013-04-10 18:13   5550424   ----a-w-   c:\windows\system32\ntoskrnl.exe
      2013-03-19 05:46 . 2013-04-10 18:12   43520   ----a-w-   c:\windows\system32\csrsrv.dll
      2013-03-19 05:04 . 2013-04-10 18:12   3968856   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
      2013-03-19 05:04 . 2013-04-10 18:12   3913560   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
      2013-03-19 04:47 . 2013-04-10 18:12   6656   ----a-w-   c:\windows\SysWow64\apisetschema.dll
      2013-03-19 03:06 . 2013-04-10 18:12   112640   ----a-w-   c:\windows\system32\smss.exe
      2013-03-13 16:57 . 2013-04-23 23:05   861088   ----a-w-   c:\windows\SysWow64\npDeployJava1.dll
      2013-03-13 16:57 . 2010-08-03 21:02   782240   ----a-w-   c:\windows\SysWow64\deployJava1.dll
      2013-03-06 23:33 . 2013-03-08 14:08   178624   ----a-w-   c:\windows\system32\drivers\aswVmm.sys
      2013-03-06 23:33 . 2013-03-08 14:08   65336   ----a-w-   c:\windows\system32\drivers\aswRvrt.sys
      2013-03-06 23:33 . 2012-11-20 18:05   377920   ----a-w-   c:\windows\system32\drivers\aswSP.sys
      2013-03-06 23:33 . 2012-11-20 18:05   70992   ----a-w-   c:\windows\system32\drivers\aswRdr2.sys
      2013-03-06 23:33 . 2012-11-20 18:05   68920   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
      2013-03-06 23:33 . 2012-11-20 18:05   1025808   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
      2013-03-06 23:33 . 2012-11-20 18:05   33400   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
      2013-03-06 23:33 . 2012-11-20 18:05   80816   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
      2013-03-06 23:32 . 2012-11-20 18:04   41664   ----a-w-   c:\windows\avastSS.scr
      2013-03-06 23:32 . 2011-06-29 18:11   287840   ----a-w-   c:\windows\system32\aswBoot.exe
      .
      .
      (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
      @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
      [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
      2012-11-11 23:27   220632   ----a-w-   c:\users\cpbunch\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
      @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
      [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
      2012-11-11 23:27   220632   ----a-w-   c:\users\cpbunch\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
      @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
      [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
      2012-11-11 23:27   220632   ----a-w-   c:\users\cpbunch\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
      2011-12-05 19:17   94208   ----a-w-   c:\users\cpbunch\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
      2011-12-05 19:17   94208   ----a-w-   c:\users\cpbunch\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
      2011-12-05 19:17   94208   ----a-w-   c:\users\cpbunch\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-16 5622512]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
      "MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
      "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
      "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
      "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
      "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
      "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
      "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
      "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
      "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
      .
      c:\users\cpbunch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-5-8 1089888]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 0 (0x0)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableUIADesktopToggle"= 0 (0x0)
      "PromptOnSecureDesktop"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
      "LoadAppInit_DLLs"=1 (0x1)
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
      BootExecute   REG_MULTI_SZ      autocheck autochk *\0sdnclean64.exe
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
      @=""
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
      @=""
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
      @=""
      .
      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
      R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
      R3 aswVmm;aswVmm;

      R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys

      R3 fdrawcmd;Low-level Floppy Driver;c:\windows\system32\drivers\fdrawcmd.sys

      R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-12-03 13728]
      R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys

      R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys

      R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys

      R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
      R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
      R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
      R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
      R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
      R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
      R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-12-03 81824]
      R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-11-15 15776]
      R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-04 1255736]
      R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
      R4 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe [2006-11-29 566192]
      S0 aswRvrt;aswRvrt;

      S0 pavboot;Panda Boot Driver;c:\windows\system32\drivers\pavboot64.sys [2009-06-30 33800]
      S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
      S1 aswSnx;aswSnx;

      S1 aswSP;aswSP;

      S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-11-07 584056]
      S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-11-07 38144]
      S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
      S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
      S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
      S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
      S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
      S2 aswFsBlk;aswFsBlk;

      S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
      S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-05-01 181544]
      S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-17 92216]
      S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-08-09 38608]
      S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-03-06 3560288]
      S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
      S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe [2012-12-11 619904]
      S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
      S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2000-01-01 317440]
      S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2000-01-01 251496]
      S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2000-01-01 708200]
      S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2011-09-08 1225832]
      .
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
      hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
      2010-11-22 18:18   451872   ----a-w-   c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2013-05-24 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 20:49]
      .
      2013-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-24 07:35]
      .
      2013-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-24 07:35]
      .
      2013-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1395426734-179329943-99327526-1001Core.job
      - c:\users\cpbunch\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-14 07:35]
      .
      2013-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1395426734-179329943-99327526-1001UA.job
      - c:\users\cpbunch\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-14 07:35]
      .
      2013-05-09 c:\windows\Tasks\HPCeeScheduleForCPBUNCH-PC$.job
      - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
      .
      2013-05-09 c:\windows\Tasks\HPCeeScheduleForcpbunch.job
      - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
      .
      2013-05-23 c:\windows\Tasks\scribeShakeIcon.job
      - c:\program files (x86)\NCH Swift Sound\Scribe\scribe.exe [2010-09-23 13:02]
      .
      2013-05-24 c:\windows\Tasks\SlimDrivers Startup.job
      - c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2013-04-24 18:12]
      .
      2013-05-24 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 2d5127f2-c0aa-4dbe-9a15-112cde9d92c4.job
      - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
      .
      2013-05-19 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 7f32436f-c749-45b8-9acb-4590fa7595af.job
      - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
      .
      .
      --------- X64 Entries -----------
      .
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
      @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
      [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
      2012-11-11 23:27   244696   ----a-w-   c:\users\cpbunch\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
      @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
      [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
      2012-11-11 23:27   244696   ----a-w-   c:\users\cpbunch\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
      @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
      [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
      2012-11-11 23:27   244696   ----a-w-   c:\users\cpbunch\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
      @="{472083B0-C522-11CF-8763-00608CC02F24}"
      [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
      2013-03-06 23:32   133840   ----a-w-   c:\program files\AVAST Software\Avast\ashShA64.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
      2012-11-13 23:32   162552   ----a-w-   c:\users\cpbunch\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
      2012-11-13 23:32   162552   ----a-w-   c:\users\cpbunch\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
      2012-11-13 23:32   162552   ----a-w-   c:\users\cpbunch\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
      @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
      2012-11-13 23:32   162552   ----a-w-   c:\users\cpbunch\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
      "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 9577680]
      "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2000-01-01 167744]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2000-01-01 392512]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2000-01-01 417088]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLs"=c:\windows\System32\guard64.dll
      .
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
      FontCache
      .
      ------- Supplementary Scan -------
      .
      uStart Page = about:blank
      uLocal Page = c:\windows\system32\blank.htm
      uDefault_Search_URL = hxxp://www.google.com/ie
      mLocal Page = c:\windows\SysWOW64\blank.htm
      uInternet Settings,ProxyOverride = *.local;192.168.*.*
      uSearchAssistant = hxxp://www.google.com/ie
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
      IE: Clip Image - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
      IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
      IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
      IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
      IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
      IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
      IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
      TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
      FF - ProfilePath - c:\users\cpbunch\AppData\Roaming\Mozilla\Firefox\Profiles\rv4lc9iu.default\
      FF - prefs.js: browser.search.selectedEngine - Google
      FF - prefs.js: network.proxy.type - 0
      FF - ExtSQL: 2013-03-24 19:10; feedly@devhd; c:\users\cpbunch\AppData\Roaming\Mozilla\Firefox\Profiles\rv4lc9iu.default\extensions\[email protected]
      FF - ExtSQL: 2013-03-25 01:38; [email protected]; c:\users\cpbunch\AppData\Roaming\Mozilla\Firefox\Profiles\rv4lc9iu.default\extensions\[email protected]
      FF - ExtSQL: !HIDDEN! 2010-08-07 12:28; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
      .
      - - - - ORPHANS REMOVED - - - -
      .
      Wow6432Node-HKCU-Run-AdobeBridge - (no file)
      Wow6432Node-HKLM-Run-<NO NAME> - (no file)
      HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
      HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
      .
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.11"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
      @Denied: (A) (Everyone)
      "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
      .
      [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
      @Denied: (A) (Everyone)
      .
      [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
      "Key"="ActionsPane3"
      "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      Completion time: 2013-05-24  07:11:04
      ComboFix-quarantined-files.txt  2013-05-24 11:11
      .
      Pre-Run: 70,446,948,352 bytes free
      Post-Run: 69,895,180,288 bytes free
      .
      - - End Of File - - 42B23957811DDC8D74A8F2EDAB7DD5FB
      Logged

      SuperDave

      • Malware Removal Specialist


        • Genius
        • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Re: Comodo Firewall Picked up QTtask.exe as .heur and I was sent here
      « Reply #3 on: May 24, 2013, 11:14:36 AM »
      Quote
      I found them in my start menu under HP Games and then in the control panel under HP Games. It doesn't look like I can uninstall just one game though. Should I go ahead and uninstall them all?
      I've noticed that HP and other computer mfgr's include them in their computer. The choice is yours. I just wanted to pass along that information.

      Remove the Adware:
      • Please close all open programs and internet browsers.
      • Double click on adwcleaner.exe to run the tool.
      • Click on Delete.
      • Confirm each time with OK
      • Your computer will be rebooted automatically. A text file will open after the restart.
      • Please post the content of that logfile in your reply.
      • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
      *****************************************
      Please download Rooter and Save it to your desktop.
      • Double click it to start the tool.Vista and Windows7 run as administrator.
      • Click Scan.
      • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
      ****************************************
      • Download RogueKiller on the desktop
      • Close all the running programs
      • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
      • Otherwise just double-click on RogueKiller.exe
      • Pre-scan will start. Let it finish.
      • Click on SCAN button.
      • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
      • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
      Logged
      Windows 8 and Windows 10 dual boot with two SSD's

      cpbunch

        Topic Starter


        Rookie

        • Experience: Experienced
        • OS: Windows 7
        Re: Comodo Firewall Picked up QTtask.exe as .heur and I was sent here
        « Reply #4 on: May 25, 2013, 09:34:13 AM »
        Hi and thanks! I went ahead and uninstalled the games after I ran all the reports.

        Thanks so much!

        Here they are:

        AdwCleaner Report

        # AdwCleaner v2.301 - Logfile created 05/25/2013 at 11:29:25
        # Updated 16/05/2013 by Xplode
        # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
        # User : cpbunch - CPBUNCH-PC
        # Boot Mode : Normal
        # Running from : C:\Users\cpbunch\Desktop\adwcleaner.exe
        # Option [Delete]


        ***** [Services] *****


        ***** [Files / Folders] *****


        ***** [Registry] *****


        ***** [Internet Browsers] *****

        -\\ Internet Explorer v10.0.9200.16576

        [OK] Registry is clean.

        -\\ Mozilla Firefox v21.0 (en-US)

        File : C:\Users\cpbunch\AppData\Roaming\Mozilla\Firefox\Profiles\d3cyc2fa.default-1351217900309\prefs.js

        [OK] File is clean.

        File : C:\Users\cpbunch\AppData\Roaming\Mozilla\Firefox\Profiles\rv4lc9iu.default\prefs.js

        [OK] File is clean.

        File : C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\n8atlz4p.default\prefs.js

        [OK] File is clean.

        -\\ Google Chrome v27.0.1453.94

        File : C:\Users\cpbunch\AppData\Local\Google\Chrome\User Data\Default\Preferences

        [OK] File is clean.

        *************************

        AdwCleaner[R1].txt - [8071 octets] - [22/05/2013 21:49:22]
        AdwCleaner[S1].txt - [8518 octets] - [24/05/2013 03:12:50]
        AdwCleaner[S2].txt - [1187 octets] - [25/05/2013 11:29:25]

        ########## EOF - C:\AdwCleaner[S2].txt - [1247 octets] ##########

        --------------------------------------------------------------------

        Rooter Report

        Rooter.exe (v1.0.2) by Eric_71
        .
        SeDebugPrivilege granted successfully ...
        .
        Windows 7 Home Edition (6.1.7601) Service Pack 1
        [32_bits] - Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
        .
        [wscsvc] (Security Center) RUNNING (state:4)
        [MpsSvc] RUNNING (state:4)
        Windows Firewall -> Disabled !
        Windows Defender -> Enabled
        User Account Control (UAC) -> Enabled
        .
        Internet Explorer 9.10.9200.16576
        Mozilla Firefox 21.0 (en-US)
        .
        C:\  [Fixed-NTFS] .. ( Total:283 Go - Free:69 Go )
        D:\  [Fixed-NTFS] .. ( Total:13 Go - Free:2 Go )
        E:\  [Fixed-FAT32] .. ( Total:0 Go - Free:0 Go )
        F:\  [CD_Rom]
        .
        Scan : 11:53.27
        Path : C:\Users\cpbunch\Desktop\Rooter.exe
        User : cpbunch ( Administrator -> YES )
        .
        ----------------------\\ Processes
        .
        Locked [System Process] (0)
        Locked System (4)
        ______ ???
        ?????? (400)
        ______ ???
        ?????? (560)
        ______ ???
        ?????? (604)
        ______ ???
        ?????? (628)
        ______ ???
        ?????? (684)
        ______ ???
        ?????? (720)
        ______ ???
        ?????? (732)
        ______ ???
        ?????? (740)
        ______ ???
        ?????? (848)
        ______ ???
        ?????? (940)
        ______ ???
        ?????? (488)
        ______ ???
        ?????? (616)
        ______ ???
        ?????? (520)
        ______ ???
        ?????? (1028)
        ______ ???
        ?????? (1064)
        ______ ???
        ?????? (1100)
        ______ ???
        ?????? (1336)
        ______ C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1464)
        ______ ???

        ----------------------------------------------------------

        RogueKiller Report

        RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
        mail : tigzyRK<at>gmail<dot>com
        Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
        Website : http://tigzy.geekstogo.com/roguekiller.php
        Blog : http://tigzyrk.blogspot.com/

        Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
        Started in : Normal mode
        User : cpbunch [Admin rights]
        Mode : Scan -- Date : 05/25/2013 12:03:58
        | ARK || FAK || MBR |

        ¤¤¤ Bad processes : 0 ¤¤¤

        ¤¤¤ Registry Entries : 10 ¤¤¤
        [TASK][SUSP PATH] HPSA Upgrade : C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe  [7] -> FOUND
        [HJPOL] HKCU\[...]\System : DisableTaskmgr (0) -> FOUND
        [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
        [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
        [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
        [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
        [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
        [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
        [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
        [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

        ¤¤¤ Particular Files / Folders: ¤¤¤

        ¤¤¤ Driver : [NOT LOADED] ¤¤¤

        ¤¤¤ HOSTS File: ¤¤¤
        --> C:\Windows\system32\drivers\etc\hosts

        127.0.0.1       localhost


        ¤¤¤ MBR Check: ¤¤¤

        +++++ PhysicalDrive0: WDC WD3200BEVT-60A23T0 +++++
        --- User ---
        [MBR] a14f28bef26286da594a62a695f23ce0
        [BSP] bab09e273d3b5edb02b231ded4f6326b : Windows Vista/7/8 MBR Code
        Partition table:
        0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
        1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 290653 Mo
        2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 595666944 | Size: 14288 Mo
        3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo
        User = LL1 ... OK!
        User = LL2 ... OK!

        Finished : << RKreport[1]_S_05252013_02d1203.txt >>
        RKreport[1]_S_05252013_02d1203.txt






        Logged

        SuperDave

        • Malware Removal Specialist


          • Genius
          • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: Comodo Firewall Picked up QTtask.exe as .heur and I was sent here
        « Reply #5 on: May 25, 2013, 11:56:27 AM »
        Please run RogueKiller again and delete those items.

        Download Security Check by screen317 from one of the following links and save it to your desktop.

        Link 1
        Link 2

        * Double-click Security Check.bat
        * Follow the on-screen instructions inside of the black box.
        * A Notepad document should open automatically called checkup.txt
        * Post the contents of that document in your next reply.

        Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
        ***************************************************
        I'd like to scan your machine with ESET OnlineScan

        •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
        ESET OnlineScan

        •Click the button.
        •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
        • Click on to download the ESET Smart Installer. Save it to your desktop.
        • Double click on the icon on your desktop.
        •Check
        •Click the button.
        •Accept any security warnings from your browser.
        • Leave the check mark next to Remove found threats.
        •Check
        •Push the Start button.
        •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
        •When the scan completes, push
        •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
        •Push the button.
        •Push
        A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
        Logged
        Windows 8 and Windows 10 dual boot with two SSD's

        cpbunch

          Topic Starter


          Rookie

          • Experience: Experienced
          • OS: Windows 7
          Re: Comodo Firewall Picked up QTtask.exe as .heur and I was sent here
          « Reply #6 on: May 25, 2013, 03:14:22 PM »
          I'm trying to run the securitycheck.bat but my avast kicked about it and now it is just spinning the mouse cursor. No black box came up for me to follow instructions. Should I try running it again?

          Thanks!
          Michele
          Logged

          cpbunch

            Topic Starter


            Rookie

            • Experience: Experienced
            • OS: Windows 7
            Re: Comodo Firewall Picked up QTtask.exe as .heur and I was sent here
            « Reply #7 on: May 25, 2013, 03:32:42 PM »
            Okay I was able to get it running. Am running the last part of the post now and will post my results. Thanks again!
            Logged

            cpbunch

              Topic Starter


              Rookie

              • Experience: Experienced
              • OS: Windows 7
              Re: Comodo Firewall Picked up QTtask.exe as .heur and I was sent here
              « Reply #8 on: May 26, 2013, 05:54:24 AM »
              Okay that ESET scan took a very long time to run. Sorry for the delay.

              Oh also when my computer restarts my Comodo firewall is still warning about the Quicktime QTTask.exe program saying the .heur is detected. Just thought I would check on it.

              Here are the reports:

              RogueKiller

              RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
              mail : tigzyRK<at>gmail<dot>com
              Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
              Website : http://tigzy.geekstogo.com/roguekiller.php
              Blog : http://tigzyrk.blogspot.com/

              Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
              Started in : Normal mode
              User : cpbunch [Admin rights]
              Mode : Scan -- Date : 05/25/2013 17:23:07
              | ARK || FAK || MBR |

              ¤¤¤ Bad processes : 0 ¤¤¤

              ¤¤¤ Registry Entries : 0 ¤¤¤

              ¤¤¤ Particular Files / Folders: ¤¤¤

              ¤¤¤ Driver : [NOT LOADED] ¤¤¤

              ¤¤¤ HOSTS File: ¤¤¤
              --> C:\Windows\system32\drivers\etc\hosts

              127.0.0.1       localhost


              ¤¤¤ MBR Check: ¤¤¤

              +++++ PhysicalDrive0: WDC WD3200BEVT-60A23T0 +++++
              --- User ---
              [MBR] a14f28bef26286da594a62a695f23ce0
              [BSP] bab09e273d3b5edb02b231ded4f6326b : Windows Vista/7/8 MBR Code
              Partition table:
              0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
              1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 290653 Mo
              2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 595666944 | Size: 14288 Mo
              3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo
              User = LL1 ... OK!
              User = LL2 ... OK!

              Finished : << RKreport[4]_S_05252013_02d1723.txt >>
              RKreport[1]_S_05252013_02d1203.txt ; RKreport[2]_S_05252013_02d1718.txt ; RKreport[3]_D_05252013_02d1720.txt ; RKreport[4]_S_05252013_02d1723.txt

              ---------------------------------------------

              Screen 317

               Results of screen317's Security Check version 0.99.64 
               Windows 7 Service Pack 1 x64 (UAC is enabled) 
               Internet Explorer 10 
              ``````````````Antivirus/Firewall Check:``````````````[/u]
               Windows Firewall Enabled! 
               Windows Firewall Disabled! 
              avast! Antivirus   
               Antivirus up to date!   
              `````````Anti-malware/Other Utilities Check:`````````[/u]
               SpywareBlaster 5.0   
               Malwarebytes Anti-Malware version 1.75.0.1300 
               Panda Cloud Cleaner   
               Java 7 Update 21 
               Adobe Flash Player 11.7.700.202 
               Adobe Reader XI 
               Mozilla Firefox (21.0)
               Mozilla Thunderbird (17.0.6)
               Google Chrome 27.0.1453.93 
               Google Chrome 27.0.1453.94 
               Google Chrome plugins... 
              ````````Process Check: objlist.exe by Laurent````````[/u] 
               Comodo Firewall cmdagent.exe
               Comodo Firewall cfp.exe
               AVAST Software Avast AvastSvc.exe 
               AVAST Software Avast AvastUI.exe 
              `````````````````System Health check`````````````````[/u]
               Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
              ````````````````````End of Log``````````````````````[/u]


              ---------------------------------------------

              ESET

              ESETSmartInstaller@High as downloader log:
              all ok
              # version=8
              # OnlineScannerApp.exe=1.0.0.1
              # OnlineScanner.ocx=1.0.0.6920
              # api_version=3.0.2
              # EOSSerial=31e08dcc56745844a08c367da82f436c
              # engine=13915
              # end=finished
              # remove_checked=false
              # archives_checked=true
              # unwanted_checked=false
              # unsafe_checked=false
              # antistealth_checked=true
              # utc_time=2013-05-26 03:18:08
              # local_time=2013-05-25 11:18:08 (-0500, Eastern Daylight Time)
              # country="United States"
              # lang=1033
              # osver=6.1.7601 NT Service Pack 1
              # compatibility_mode=774 16777213 85 91 0 145326560 0 0
              # compatibility_mode=3074 16777213 100 100 16219076 70911070 0 0
              # compatibility_mode=5893 16776574 100 94 29719509 121081738 0 0
              # scanned=433447
              # found=0
              # cleaned=0
              # scan_time=17560






              Logged

              SuperDave

              • Malware Removal Specialist


                • Genius
                • Thanked: 1020
              • Certifications: List
              • Experience: Expert
              • OS: Windows 10
              Re: Comodo Firewall Picked up QTtask.exe as .heur and I was sent here
              « Reply #9 on: May 26, 2013, 10:45:07 AM »
              Please do not ignore this warning and defrag soon.(SSD means Solid State Drive)  Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
              The Security check shows that Windows Firewall is enabled and then it shows it disabled. If you indeed running the Comodo Firewall please make that the window Firewall is disabled otherwise, it will cause conflicts. As for that warning from Comodo. I don't know why it's telling you that. If anything, your AV should be giving you a warning. I ran Comodo for about 2 years and it gave me some very weird messages. All the scans have come up clean. How's your computer running now?
              Logged
              Windows 8 and Windows 10 dual boot with two SSD's

              cpbunch

                Topic Starter


                Rookie

                • Experience: Experienced
                • OS: Windows 7
                Re: Comodo Firewall Picked up QTtask.exe as .heur and I was sent here
                « Reply #10 on: May 27, 2013, 02:11:52 PM »
                Hi,

                I will run a defrag asap. My firewall show that it is off. When I try to go into advanced settings to make sure it asks if I will allow the program to make changes to my computer. Should I allow it to view it or just leave it? Do you recommend a different firewall? It's running a lot faster now and not lagging.

                Thanks!
                Michele
                Logged

                SuperDave

                • Malware Removal Specialist


                  • Genius
                  • Thanked: 1020
                • Certifications: List
                • Experience: Expert
                • OS: Windows 10
                Re: Comodo Firewall Picked up QTtask.exe as .heur and I was sent here
                « Reply #11 on: May 27, 2013, 03:55:22 PM »
                Quote
                Do you recommend a different firewall? It's running a lot faster now and not lagging.

                Remember only install ONE firewall

                1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
                2) Online Armor
                3) Agnitum Outpost
                4) PC Tools Firewall Plus
                5) ZoneAlarm Firewall

                If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
                **********************************
                I ran Comodo for about two years and it was two years of such messages and interruptions but I put up with it because I wanted the extra protection for my financial information.

                Let's do some cleanup.

                To uninstall ComboFix

                • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
                • In the field, type in ComboFix /uninstall


                (Note: Make sure there's a space between the word ComboFix and the forward-slash.)

                • Then, press Enter, or click OK.
                • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
                ************************************
                Click Start> Computer> right click the C Drive and choose Properties> enter
                Click Disk Cleanup from there.



                Click OK on the Disk Cleanup Screen.
                Click Yes on the Confirmation screen.



                This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
                **************************************
                Go to Microsoft Windows Update and get all critical updates.

                ----------

                I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

                SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
                * Using SpywareBlaster to protect your computer from Spyware and Malware
                * If you don't know what ActiveX controls are, see here

                Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

                Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

                Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
                Safe Surfing!
                Logged
                Windows 8 and Windows 10 dual boot with two SSD's
                Pages: [1]   Go Up
                « previous next »