Solved File recovery virus -- Zeroaccess (max++)

G

Grady Lenamond

Posts: 13   +0
Hello, I am looking for help to repair my computer. I am running Windows 7 32 bit. It started a couple of days ago. The majority of my information was hidden and I was recieving alerts from file recovery. I followed a plan outlined on majorgeeks.com. Recieved zeroaccess (max++) warning from roguekiller. After completing plan I reran scans and they were not finding anything and things seemed fine. I then downloaded Avasti, Comodo firewall, and spywareblaster to help protect my computer. Today I am having problems with homegroup networking ( after changing settings they revert back to previous settings) and I cannot access the windows firewall to make sure disabled. The requested logs follow.

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.10.12.08
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: NRMTJ3JB7 [administrator]
10/14/2012 4:17:34 PM
mbam-log-2012-10-14 (16-17-34).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245855
Time elapsed: 7 minute(s), 25 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
---------------------------------------------------------------------------------------------------------------------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-10-14 17:04:59
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000063 Hitachi_ rev.V54O
Running: en3g5rd1.exe; Driver: C:\Users\Owner\AppData\Local\Temp\axriqpow.sys

---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x925DF966]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
DDS (Ver_2012-10-14.05) - NTFS_x86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Owner at 17:16:35 on 2012-10-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2816.1336 [GMT -5:00]
.
AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Common Files\Comodo\launcher_service.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CSHelper.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\System32\SysMonitor.exe
C:\Program Files\microsoft office\Office12\GrooveMonitor.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHSA.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Comodo\GeekBuddy\unit.exe
C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files\Zune\ZuneNss.exe
C:\Program Files\Citrix\ICA Client\redirector.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.yahoo.com?fr=fp-comodo
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - c:\program files\epson software\e-web print\ewps_tb.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: CtxIEInterceptorBHO Class: {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - c:\program files\citrix\ica client\IEInterceptor.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\windows\system32\ActiveToolBand.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - c:\program files\epson software\e-web print\ewps_tb.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: E-Web Print: {A60C1DC7-64B3-4AD9-8E67-035D11B8B2B0} - c:\program files\epson software\e-web print\ewps_tb.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [RunSpySweeperScheduleAtStartup] "c:\windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{07A768E9-DA59-44AC-9026-2542CD1479CD}
uRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
uRun: [EPLTarget\P0000000000000000] c:\windows\system32\spool\drivers\w32x86\3\e_tatihsa.exe /ept "epltarget\P0000000000000000" /M "WorkForce 845"
mRun: [eDataSecurity Loader] "c:\acer\empowering technology\edatasecurity\eDSloader.exe"
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [Acer Empowering Technology Monitor] c:\windows\system32\SysMonitor.exe
mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [FUFAXRCV] "c:\program files\epson software\fax utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [tvncontrol] "c:\program files\common files\comodo\GeekBuddyRSP.exe" -controlservice -slave
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [*CA] "c:\program files\comodo\geekbuddy\launcher.exe" "unit_manager.exe" "lps-ca"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\startg~1.lnk - c:\program files\comodo\geekbuddy\launcher.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
TCP: NameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{49C3B646-9DDD-48CC-9F72-73B8A4DFDF00} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{49C3B646-9DDD-48CC-9F72-73B8A4DFDF00} : DHCPNameServer = 208.180.42.68 208.180.42.100
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: DfLogon - LogonDll.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-13 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-13 355632]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-10-5 494416]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-10-5 36072]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2012-2-14 67960]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-13 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-13 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-10-13 44808]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\common files\comodo\launcher_service.exe [2012-10-5 70352]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-9-1 266240]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\comodo\dragon\dragon_updater.exe [2012-10-11 1853584]
R2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\common files\epson\epw!3 ssrp\E_JT50RP.EXE [2012-4-9 130944]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600]
R2 GeekBuddyRSP;GeekBuddy Remote Screen Protocol;c:\program files\common files\comodo\GeekBuddyRSP.exe [2012-9-28 1815040]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-8-17 239648]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-27 135664]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-10-13 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-27 135664]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-6 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-6 1343400]
.
=============== Created Last 30 ================
.
2012-10-13 23:51:55 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-13 23:51:33 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-13 23:24:43 -------- d-----w- c:\program files\SpywareBlaster
2012-10-13 22:08:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-10-13 22:08:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-10-13 21:29:15 -------- d-----w- c:\users\owner\appdata\roaming\IObit
2012-10-13 21:29:08 -------- d-----w- c:\program files\IObit
2012-10-13 21:11:55 -------- d-----w- c:\program files\common files\Comodo
2012-10-13 21:11:46 -------- d-----w- c:\programdata\CPA_VA
2012-10-13 20:59:49 -------- d-----w- c:\programdata\Comodo
2012-10-13 20:59:30 -------- d-----w- c:\users\owner\appdata\local\Comodo
2012-10-13 20:59:24 45320 ----a-w- c:\windows\system32\certsentry.dll
2012-10-13 20:59:15 -------- d-----w- c:\program files\Comodo
2012-10-13 20:19:52 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-13 20:19:50 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-13 20:19:46 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-13 20:18:59 41224 ----a-w- c:\windows\avastSS.scr
2012-10-13 20:18:47 -------- d-----w- c:\programdata\AVAST Software
2012-10-13 20:18:47 -------- d-----w- c:\program files\AVAST Software
2012-10-13 19:37:25 -------- d-----w- c:\program files\CCleaner
2012-10-13 19:20:33 -------- d-----w- C:\MGtools
2012-10-13 19:20:16 1674318 ----a-w- C:\MGtools.exe
2012-10-13 19:14:57 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-10-13 05:07:15 -------- d-----w- c:\programdata\NtiDvdCopy
2012-10-13 00:00:55 -------- d-----w- c:\program files\HitmanPro
2012-10-13 00:00:17 -------- d-----w- c:\programdata\HitmanPro
2012-10-12 23:09:20 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-10-12 23:06:29 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
2012-10-12 23:05:55 -------- d-----w- c:\programdata\Malwarebytes
2012-10-12 23:05:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-10 06:03:56 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 06:03:56 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 06:03:55 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-10-09 10:49:55 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bf0bef09-2023-4c2d-bab6-9c37d7d05a70}\mpengine.dll
2012-10-05 06:32:34 494416 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-10-05 06:32:34 36072 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-10-05 06:32:32 19632 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-10-05 06:32:14 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-10-05 06:32:12 301264 ----a-w- c:\windows\system32\guard32.dll
2012-09-26 12:40:07 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
==================== Find3M ====================
.
2012-10-13 23:51:19 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 17:18:09 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-24 16:57:48 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 15:33:28 6144 ----a-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ----a-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ----a-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ----a-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-02 16:57:20 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 17:16:50.08 ===============
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

I still need Attach.txt part of DDS.
 
Sorry about that. I had to check the box for that one.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-14.05)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/25/2009 12:18:47 AM
System Uptime: 10/14/2012 1:40:34 PM (5 hours ago)
.
Motherboard: Acer | | EM61SM/EM61PM
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket M2 | 2200/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 146 GiB total, 73.733 GiB free.
D: is FIXED (NTFS) - 145 GiB total, 144.473 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: netlimiter
Device ID: ROOT\LEGACY_NETLIMITER\0000
Manufacturer:
Name: netlimiter
PNP Device ID: ROOT\LEGACY_NETLIMITER\0000
Service: netlimiter
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SM/xD-Picture
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.00#20021111153705700&1#
Manufacturer: Generic-
Name: G:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.00#20021111153705700&1#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Storage
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_EPSON&PROD_STORAGE&REV_1.00#7&B532571&0&504B46593036363290&0#
Manufacturer: EPSON
Name: J:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_EPSON&PROD_STORAGE&REV_1.00#7&B532571&0&504B46593036363290&0#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Compact Flash
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#20021111153705700&0#
Manufacturer: Generic-
Name: F:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#20021111153705700&0#
Service: WUDFRd
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: osaio
Device ID: ROOT\LEGACY_OSAIO\0000
Manufacturer:
Name: osaio
PNP Device ID: ROOT\LEGACY_OSAIO\0000
Service: osaio
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: MS/MS-Pro
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.00#20021111153705700&3#
Manufacturer: Generic-
Name: I:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.00#20021111153705700&3#
Service: WUDFRd
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: UBHelper
Device ID: ROOT\LEGACY_UBHELPER\0000
Manufacturer:
Name: UBHelper
PNP Device ID: ROOT\LEGACY_UBHELPER\0000
Service: UBHelper
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SD/MMC
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20021111153705700&2#
Manufacturer: Generic-
Name: H:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20021111153705700&2#
Service: WUDFRd
.
==== System Restore Points ===================
.
RP247: 10/9/2012 5:49:30 AM - Windows Update
RP248: 10/10/2012 3:00:22 AM - Windows Update
RP249: 10/13/2012 12:30:15 PM - Removed HP Photosmart Essential
RP250: 10/13/2012 3:18:34 PM - avast! Free Antivirus Setup
RP251: 10/13/2012 4:01:49 PM - Device Driver Package Install: COMODO Network Service
RP252: 10/13/2012 6:40:05 PM - Removed Java(TM) 6 Update 2
RP253: 10/13/2012 6:41:18 PM - Removed Java(TM) 6 Update 5
RP254: 10/13/2012 6:41:45 PM - Removed Java(TM) 6 Update 5
RP255: 10/13/2012 6:42:35 PM - Removed Java(TM) 6 Update 30
RP256: 10/13/2012 6:51:02 PM - Installed Java 7 Update 7
RP257: 10/14/2012 2:03:17 PM - Installed Microsoft Fix it 50123
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Acer Assist
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePerformance Management
Acer Picture Slide DVD
Acer Plug and Record
Acer Registration
Acer ScreenSaver
Acer Tour
Acer Zone MagicDirector
Acer Zone Main Page
Acer Zone MakeDisk
Acer Zone SoftDMA
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.2
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression
Ask Toolbar
avast! Free Antivirus
Battlefield 1942
Bonjour
BPD_Scan
BPDSoftware_Ini
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
Comodo Dragon
COMODO Internet Security
Download Navigator
Epson Connect
Epson Connect Printer Setup
Epson Customer Participation
Epson E-Web Print
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Printer Finder
EPSON Printer Software
EPSON Scan
EPSON WorkForce 845 Series Printer Uninstall
ffdshow [rev 2527] [2008-12-19]
GeekBuddy
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HitmanPro 3.6
HP Update
HPSSupply
iTunes
Java 7 Update 7
Java Auto Updater
LG United Mobile Drivers
LightScribe 1.4.124.1
Logitech Harmony Remote Software
Logitech Harmony Remote Software 7
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Easy Assist v2
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MPM
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netflix Movie Viewer
NTI CD & DVD-Maker
NVIDIA Drivers
NVIDIA Stereoscopic 3D Driver
OGA Notifier 2.0.0048.0
Online Plug-in
QuickTime
Realtek High Definition Audio Driver
Remote Control USB Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Self-service Plug-in
Spybot - Search & Destroy
SpywareBlaster 4.6
swMSM
System Requirements Lab
TroopMaster
TroopMaster 2010
Uninstall 1.0.0.1
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vivitar Experience Image Manager
Windows 7 Upgrade Advisor
Windows Movie Maker 2.6
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)
.
==== Event Viewer Messages From Past Week ========
.
10/9/2012 5:50:37 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user NRMTJ3JB7\Owner SID (S-1-5-21-1904182780-2584462688-3666631873-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/9/2012 5:50:13 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user NRMTJ3JB7\Owner SID (S-1-5-21-1904182780-2584462688-3666631873-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/9/2012 5:50:13 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user NRMTJ3JB7\Owner SID (S-1-5-21-1904182780-2584462688-3666631873-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/14/2012 5:37:39 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
10/14/2012 5:37:39 PM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.
10/14/2012 5:37:39 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
10/14/2012 5:18:34 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
10/14/2012 1:41:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: UBHelper
10/14/2012 1:41:15 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
10/14/2012 1:41:15 PM, Error: Service Control Manager [7000] - The osaio service failed to start due to the following error: The system cannot find the file specified.
10/14/2012 1:41:13 PM, Error: Service Control Manager [7000] - The netlimiter service failed to start due to the following error: The system cannot find the file specified.
10/14/2012 1:41:12 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
10/14/2012 1:40:35 PM, Error: Application Popup [875] - Driver UBHelper.SYS has been blocked from loading.
10/14/2012 1:17:24 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
10/13/2012 4:30:49 PM, Error: Service Control Manager [7000] - The UrlFilter service failed to start due to the following error: There are no more endpoints available from the endpoint mapper.
10/13/2012 4:06:04 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/13/2012 4:06:04 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
10/12/2012 7:09:18 PM, Error: Service Control Manager [7024] - The HitmanPro 3.6 Crusader (Boot) service terminated with service-specific error The operation completed successfully..
10/12/2012 7:09:14 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
10/12/2012 7:07:52 PM, Error: Service Control Manager [7000] - The Trend Micro WFP Callout Driver service failed to start due to the following error: There are no more endpoints available from the endpoint mapper.
10/12/2012 7:07:52 PM, Error: Service Control Manager [7000] - The tmcomm service failed to start due to the following error: The revision level is unknown.
10/12/2012 7:07:52 PM, Error: Service Control Manager [7000] - The 5762 service failed to start due to the following error: The system cannot find the file specified.
10/12/2012 6:05:19 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
10/12/2012 6:03:35 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/12/2012 5:32:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
10/12/2012 5:32:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
10/12/2012 5:31:56 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
10/12/2012 5:30:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/12/2012 5:30:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/12/2012 5:30:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/12/2012 5:30:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/12/2012 5:29:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ctxusbm discache spldr tmtdi UBHelper Wanarpv6
10/12/2012 5:29:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
10/11/2012 11:51:21 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/11/2012 11:51:21 PM, Error: Service Control Manager [7038] - The TermService service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/11/2012 11:51:21 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/11/2012 11:51:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
10/11/2012 11:51:21 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/11/2012 11:51:21 PM, Error: Service Control Manager [7000] - The Remote Desktop Services service failed to start due to the following error: The service did not start due to a logon failure.
10/11/2012 11:51:21 PM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.
10/11/2012 11:51:21 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
10/11/2012 11:51:21 PM, Error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: A system shutdown is in progress.
10/11/2012 11:51:21 PM, Error: Service Control Manager [7000] - The Human Interface Device Access service failed to start due to the following error: A system shutdown is in progress.
10/11/2012 11:51:21 PM, Error: Service Control Manager [7000] - The hpqcxs08 service failed to start due to the following error: A system shutdown is in progress.
10/11/2012 11:51:21 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
.
==== End Of File ===========================
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

=====================================

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

==============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
While I was getting the text to paste I noticed in the C drive that the folder labeled documents and settings is locked and when I try to access it I get a message that I am not authorized. The requested logs follow.

18:34:45.0405 2320 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
18:34:45.0795 2320 ============================================================
18:34:45.0795 2320 Current date / time: 2012/10/14 18:34:45.0795
18:34:45.0795 2320 SystemInfo:
18:34:45.0795 2320
18:34:45.0795 2320 OS Version: 6.1.7601 ServicePack: 1.0
18:34:45.0795 2320 Product type: Workstation
18:34:45.0795 2320 ComputerName: NRMTJ3JB7
18:34:45.0795 2320 UserName: Owner
18:34:45.0795 2320 Windows directory: C:\Windows
18:34:45.0795 2320 System windows directory: C:\Windows
18:34:45.0795 2320 Processor architecture: Intel x86
18:34:45.0795 2320 Number of processors: 2
18:34:45.0795 2320 Page size: 0x1000
18:34:45.0795 2320 Boot type: Normal boot
18:34:45.0795 2320 ============================================================
18:34:46.0665 2320 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:34:46.0835 2320 ============================================================
18:34:46.0835 2320 \Device\Harddisk0\DR0:
18:34:46.0835 2320 MBR partitions:
18:34:46.0835 2320 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0xDAA87C, BlocksNum 0x12399B19
18:34:46.0835 2320 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13144395, BlocksNum 0x122E2F1B
18:34:46.0835 2320 ============================================================
18:34:46.0855 2320 C: <-> \Device\Harddisk0\DR0\Partition1
18:34:46.0895 2320 D: <-> \Device\Harddisk0\DR0\Partition2
18:34:46.0895 2320 ============================================================
18:34:46.0895 2320 Initialize success
18:34:46.0895 2320 ============================================================
18:34:51.0132 5552 ============================================================
18:34:51.0132 5552 Scan started
18:34:51.0132 5552 Mode: Manual;
18:34:51.0132 5552 ============================================================
18:34:52.0527 5552 ================ Scan system memory ========================
18:34:52.0527 5552 System memory - ok
18:34:52.0527 5552 ================ Scan services =============================
18:34:52.0683 5552 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:34:52.0683 5552 1394ohci - ok
18:34:52.0730 5552 [ 23A1768E026A0FE499363E60151939B7 ] AcerMemUsageCheckService C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
18:34:52.0746 5552 AcerMemUsageCheckService - ok
18:34:52.0777 5552 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:34:52.0792 5552 ACPI - ok
18:34:52.0824 5552 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:34:52.0824 5552 AcpiPmi - ok
18:34:52.0870 5552 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:34:52.0886 5552 adp94xx - ok
18:34:52.0917 5552 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:34:52.0933 5552 adpahci - ok
18:34:52.0948 5552 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:34:52.0948 5552 adpu320 - ok
18:34:52.0995 5552 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:34:52.0995 5552 AeLookupSvc - ok
18:34:53.0042 5552 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
18:34:53.0042 5552 AFD - ok
18:34:53.0073 5552 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
18:34:53.0089 5552 agp440 - ok
18:34:53.0120 5552 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
18:34:53.0136 5552 aic78xx - ok
18:34:53.0167 5552 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
18:34:53.0167 5552 ALG - ok
18:34:53.0198 5552 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
18:34:53.0198 5552 aliide - ok
18:34:53.0229 5552 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:34:53.0229 5552 amdagp - ok
18:34:53.0260 5552 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
18:34:53.0260 5552 amdide - ok
18:34:53.0307 5552 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:34:53.0307 5552 AmdK8 - ok
18:34:53.0323 5552 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:34:53.0323 5552 AmdPPM - ok
18:34:53.0354 5552 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:34:53.0354 5552 amdsata - ok
18:34:53.0370 5552 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:34:53.0370 5552 amdsbs - ok
18:34:53.0401 5552 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:34:53.0401 5552 amdxata - ok
18:34:53.0448 5552 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
18:34:53.0448 5552 AppID - ok
18:34:53.0479 5552 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:34:53.0479 5552 AppIDSvc - ok
18:34:53.0510 5552 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
18:34:53.0526 5552 Appinfo - ok
18:34:53.0728 5552 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:34:53.0728 5552 Apple Mobile Device - ok
18:34:53.0775 5552 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
18:34:53.0775 5552 arc - ok
18:34:53.0791 5552 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:34:53.0791 5552 arcsas - ok
18:34:53.0853 5552 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
18:34:53.0853 5552 aswFsBlk - ok
18:34:53.0900 5552 [ F76E51561562AC4105DBBE53FC99BC10 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
18:34:53.0900 5552 aswMonFlt - ok
18:34:53.0916 5552 [ 924819669AFD0EDF5C067193D371FAB0 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
18:34:53.0916 5552 aswRdr - ok
18:34:53.0947 5552 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
18:34:53.0962 5552 aswSnx - ok
18:34:53.0978 5552 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\Windows\system32\drivers\aswSP.sys
18:34:53.0994 5552 aswSP - ok
18:34:54.0009 5552 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
18:34:54.0009 5552 aswTdi - ok
18:34:54.0040 5552 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:34:54.0040 5552 AsyncMac - ok
18:34:54.0072 5552 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
18:34:54.0087 5552 atapi - ok
18:34:54.0134 5552 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:34:54.0150 5552 AudioEndpointBuilder - ok
18:34:54.0165 5552 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:34:54.0165 5552 Audiosrv - ok
18:34:54.0212 5552 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:34:54.0212 5552 avast! Antivirus - ok
18:34:54.0259 5552 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:34:54.0259 5552 AxInstSV - ok
18:34:54.0306 5552 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
18:34:54.0306 5552 b06bdrv - ok
18:34:54.0337 5552 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
18:34:54.0337 5552 b57nd60x - ok
18:34:54.0384 5552 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
18:34:54.0384 5552 BDESVC - ok
18:34:54.0399 5552 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
18:34:54.0399 5552 Beep - ok
18:34:54.0493 5552 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
18:34:54.0493 5552 BFE - ok
18:34:54.0524 5552 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:34:54.0524 5552 blbdrive - ok
18:34:54.0602 5552 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:34:54.0602 5552 Bonjour Service - ok
18:34:54.0633 5552 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:34:54.0633 5552 bowser - ok
18:34:54.0664 5552 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:34:54.0664 5552 BrFiltLo - ok
18:34:54.0696 5552 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:34:54.0696 5552 BrFiltUp - ok
18:34:54.0727 5552 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
18:34:54.0727 5552 Browser - ok
18:34:54.0758 5552 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:34:54.0774 5552 Brserid - ok
18:34:54.0789 5552 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:34:54.0789 5552 BrSerWdm - ok
18:34:54.0805 5552 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:34:54.0805 5552 BrUsbMdm - ok
18:34:54.0820 5552 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:34:54.0820 5552 BrUsbSer - ok
18:34:54.0852 5552 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:34:54.0852 5552 BTHMODEM - ok
18:34:54.0898 5552 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
18:34:54.0898 5552 bthserv - ok
18:34:54.0930 5552 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:34:54.0930 5552 cdfs - ok
18:34:54.0992 5552 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:34:54.0992 5552 cdrom - ok
18:34:55.0023 5552 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
18:34:55.0023 5552 CertPropSvc - ok
18:34:55.0054 5552 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:34:55.0054 5552 circlass - ok
18:34:55.0086 5552 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
18:34:55.0086 5552 CLFS - ok
18:34:55.0132 5552 [ BB3FFA5E5FDC5892CE88D65AA3FEB47E ] CLPSLauncher C:\Program Files\Common Files\Comodo\launcher_service.exe
18:34:55.0148 5552 CLPSLauncher - ok
18:34:55.0226 5552 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:34:55.0226 5552 clr_optimization_v2.0.50727_32 - ok
18:34:55.0273 5552 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:34:55.0273 5552 clr_optimization_v4.0.30319_32 - ok
18:34:55.0304 5552 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:34:55.0304 5552 CmBatt - ok
18:34:55.0413 5552 [ 33BB8CAE8C960454F8D9031FA11003EB ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
18:34:55.0429 5552 cmdAgent - ok
18:34:55.0460 5552 [ 0698E3D45516E63B46C6A1C1B198C054 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
18:34:55.0460 5552 cmdGuard - ok
18:34:55.0491 5552 [ ECF6FFDEA7345A80AC524C491C02B866 ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
18:34:55.0507 5552 cmdHlp - ok
18:34:55.0538 5552 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:34:55.0538 5552 cmdide - ok
18:34:55.0569 5552 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
18:34:55.0569 5552 CNG - ok
18:34:55.0600 5552 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:34:55.0600 5552 Compbatt - ok
18:34:55.0647 5552 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:34:55.0647 5552 CompositeBus - ok
18:34:55.0663 5552 COMSysApp - ok
18:34:55.0694 5552 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:34:55.0694 5552 crcdisk - ok
18:34:55.0741 5552 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:34:55.0741 5552 CryptSvc - ok
18:34:55.0803 5552 [ AEFB8558199BD5212B268B09BFA1D71A ] CSHelper C:\Windows\system32\CSHelper.exe
18:34:55.0803 5552 CSHelper - ok
18:34:55.0850 5552 [ FFC5377AA2C1A3F5B18F359F661E76C8 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
18:34:55.0850 5552 ctxusbm - ok
18:34:55.0897 5552 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
18:34:55.0897 5552 DcomLaunch - ok
18:34:55.0928 5552 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
18:34:55.0944 5552 defragsvc - ok
18:34:55.0990 5552 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:34:55.0990 5552 DfsC - ok
18:34:56.0037 5552 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
18:34:56.0037 5552 Dhcp - ok
18:34:56.0068 5552 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
18:34:56.0068 5552 discache - ok
18:34:56.0100 5552 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:34:56.0115 5552 Disk - ok
18:34:56.0146 5552 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:34:56.0146 5552 Dnscache - ok
18:34:56.0178 5552 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
18:34:56.0178 5552 dot3svc - ok
18:34:56.0224 5552 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
18:34:56.0224 5552 Dot4 - ok
18:34:56.0271 5552 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
18:34:56.0271 5552 Dot4Print - ok
18:34:56.0287 5552 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
18:34:56.0287 5552 dot4usb - ok
18:34:56.0334 5552 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
18:34:56.0334 5552 DPS - ok
18:34:56.0490 5552 [ 28A88BB61B6B4A352729BA22BD2D2604 ] DragonUpdater C:\Program Files\Comodo\Dragon\dragon_updater.exe
18:34:56.0505 5552 DragonUpdater - ok
18:34:56.0552 5552 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:34:56.0552 5552 drmkaud - ok
18:34:56.0583 5552 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:34:56.0599 5552 DXGKrnl - ok
18:34:56.0630 5552 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
18:34:56.0630 5552 EapHost - ok
18:34:56.0739 5552 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
18:34:56.0770 5552 ebdrv - ok
18:34:56.0800 5552 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
18:34:56.0810 5552 EFS - ok
18:34:56.0880 5552 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:34:56.0890 5552 ehRecvr - ok
18:34:56.0920 5552 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
18:34:56.0920 5552 ehSched - ok
18:34:56.0970 5552 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:34:56.0970 5552 elxstor - ok
18:34:57.0050 5552 [ B78436CA173FF723A1EACE5CD4900375 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
18:34:57.0060 5552 EpsonCustomerParticipation - ok
18:34:57.0090 5552 [ CEF06A8DF4BA42673F3297759FD62E80 ] EPSON_PM_RPCV4_05 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
18:34:57.0090 5552 EPSON_PM_RPCV4_05 - ok
18:34:57.0120 5552 [ F841F6ED752CC5F346039D5551931A7B ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
18:34:57.0120 5552 eRecoveryService - ok
18:34:57.0160 5552 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:34:57.0160 5552 ErrDev - ok
18:34:57.0210 5552 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
18:34:57.0220 5552 EventSystem - ok
18:34:57.0250 5552 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
18:34:57.0250 5552 exfat - ok
18:34:57.0270 5552 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:34:57.0270 5552 fastfat - ok
18:34:57.0320 5552 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
18:34:57.0320 5552 Fax - ok
18:34:57.0340 5552 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:34:57.0340 5552 fdc - ok
18:34:57.0380 5552 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
18:34:57.0380 5552 fdPHost - ok
18:34:57.0400 5552 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
18:34:57.0400 5552 FDResPub - ok
18:34:57.0420 5552 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:34:57.0420 5552 FileInfo - ok
18:34:57.0440 5552 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:34:57.0440 5552 Filetrace - ok
18:34:57.0470 5552 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:34:57.0480 5552 flpydisk - ok
18:34:57.0500 5552 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:34:57.0510 5552 FltMgr - ok
18:34:57.0550 5552 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
18:34:57.0570 5552 FontCache - ok
18:34:57.0610 5552 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:34:57.0620 5552 FontCache3.0.0.0 - ok
18:34:57.0640 5552 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:34:57.0650 5552 FsDepends - ok
18:34:57.0670 5552 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:34:57.0670 5552 Fs_Rec - ok
18:34:57.0720 5552 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:34:57.0720 5552 fvevol - ok
18:34:57.0750 5552 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:34:57.0750 5552 gagp30kx - ok
18:34:57.0790 5552 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:34:57.0790 5552 GEARAspiWDM - ok
18:34:57.0850 5552 [ 9FB6B93950281CF67538873B32CB727E ] GeekBuddyRSP C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe
18:34:57.0880 5552 GeekBuddyRSP - ok
18:34:57.0920 5552 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
18:34:57.0930 5552 gpsvc - ok
18:34:57.0990 5552 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:34:57.0990 5552 gupdate - ok
18:34:58.0011 5552 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:34:58.0011 5552 gupdatem - ok
18:34:58.0041 5552 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:34:58.0041 5552 gusvc - ok
18:34:58.0071 5552 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:34:58.0071 5552 hcw85cir - ok
18:34:58.0101 5552 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:34:58.0101 5552 HDAudBus - ok
18:34:58.0121 5552 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:34:58.0121 5552 HidBatt - ok
18:34:58.0141 5552 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:34:58.0141 5552 HidBth - ok
18:34:58.0161 5552 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:34:58.0161 5552 HidIr - ok
18:34:58.0201 5552 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
18:34:58.0201 5552 hidserv - ok
18:34:58.0231 5552 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:34:58.0231 5552 HidUsb - ok
18:34:58.0271 5552 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:34:58.0271 5552 hkmsvc - ok
18:34:58.0311 5552 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:34:58.0321 5552 HomeGroupListener - ok
18:34:58.0361 5552 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:34:58.0361 5552 HomeGroupProvider - ok
18:34:58.0401 5552 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:34:58.0401 5552 HpSAMD - ok
18:34:58.0461 5552 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:34:58.0471 5552 HTTP - ok
18:34:58.0501 5552 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:34:58.0501 5552 hwpolicy - ok
18:34:58.0551 5552 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:34:58.0551 5552 i8042prt - ok
18:34:58.0581 5552 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:34:58.0591 5552 iaStorV - ok
18:34:58.0671 5552 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:34:58.0681 5552 idsvc - ok
18:34:58.0731 5552 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:34:58.0731 5552 iirsp - ok
18:34:58.0781 5552 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
18:34:58.0791 5552 IKEEXT - ok
18:34:58.0831 5552 [ D8A904B5F55C27277826BFA17271398B ] inspect C:\Windows\system32\DRIVERS\inspect.sys
18:34:58.0831 5552 inspect - ok
18:34:58.0861 5552 [ 9D64201C9E5AC8D1F088762BA00FF3AB ] int15 C:\Acer\Empowering Technology\eRecovery\int15.sys
18:34:58.0861 5552 int15 - ok
18:34:58.0941 5552 [ A47B2875680AD67B35C6150BD0203056 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:34:58.0961 5552 IntcAzAudAddService - ok
18:34:59.0001 5552 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
18:34:59.0001 5552 intelide - ok
18:34:59.0041 5552 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:34:59.0041 5552 intelppm - ok
18:34:59.0071 5552 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:34:59.0081 5552 IPBusEnum - ok
18:34:59.0091 5552 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:34:59.0091 5552 IpFilterDriver - ok
18:34:59.0121 5552 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:34:59.0131 5552 IPMIDRV - ok
18:34:59.0151 5552 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:34:59.0161 5552 IPNAT - ok
18:34:59.0221 5552 [ 178FE38B7740F598391EB2F51AE4CCAC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:34:59.0241 5552 iPod Service - ok
18:34:59.0261 5552 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:34:59.0261 5552 IRENUM - ok
18:34:59.0291 5552 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:34:59.0291 5552 isapnp - ok
18:34:59.0321 5552 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:34:59.0331 5552 iScsiPrt - ok
18:34:59.0371 5552 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
18:34:59.0371 5552 kbdclass - ok
18:34:59.0411 5552 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:34:59.0411 5552 kbdhid - ok
18:34:59.0431 5552 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
18:34:59.0431 5552 KeyIso - ok
18:34:59.0461 5552 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:34:59.0471 5552 KSecDD - ok
18:34:59.0491 5552 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:34:59.0491 5552 KSecPkg - ok
18:34:59.0531 5552 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
18:34:59.0541 5552 KtmRm - ok
18:34:59.0591 5552 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
18:34:59.0601 5552 LanmanServer - ok
18:34:59.0621 5552 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:34:59.0631 5552 LanmanWorkstation - ok
18:34:59.0691 5552 [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:34:59.0691 5552 LightScribeService - ok
18:34:59.0731 5552 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:34:59.0731 5552 lltdio - ok
18:34:59.0771 5552 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:34:59.0781 5552 lltdsvc - ok
18:34:59.0801 5552 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
18:34:59.0801 5552 lmhosts - ok
18:34:59.0831 5552 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:34:59.0831 5552 LSI_FC - ok
18:34:59.0851 5552 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:34:59.0851 5552 LSI_SAS - ok
18:34:59.0871 5552 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:34:59.0871 5552 LSI_SAS2 - ok
18:34:59.0901 5552 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:34:59.0911 5552 LSI_SCSI - ok
18:34:59.0931 5552 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
18:34:59.0931 5552 luafv - ok
18:34:59.0971 5552 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:34:59.0981 5552 Mcx2Svc - ok
18:34:59.0991 5552 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:35:00.0001 5552 megasas - ok
18:35:00.0022 5552 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:35:00.0022 5552 MegaSR - ok
18:35:00.0082 5552 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
18:35:00.0082 5552 Microsoft Office Groove Audit Service - ok
18:35:00.0122 5552 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
18:35:00.0122 5552 MMCSS - ok
18:35:00.0132 5552 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
18:35:00.0142 5552 Modem - ok
18:35:00.0182 5552 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:35:00.0182 5552 monitor - ok
18:35:00.0222 5552 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
18:35:00.0222 5552 mouclass - ok
18:35:00.0242 5552 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:35:00.0242 5552 mouhid - ok
18:35:00.0282 5552 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:35:00.0292 5552 mountmgr - ok
18:35:00.0322 5552 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
18:35:00.0322 5552 mpio - ok
18:35:00.0362 5552 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:35:00.0362 5552 mpsdrv - ok
18:35:00.0422 5552 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:35:00.0432 5552 MpsSvc - ok
18:35:00.0472 5552 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:35:00.0472 5552 MRxDAV - ok
18:35:00.0522 5552 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:35:00.0522 5552 mrxsmb - ok
18:35:00.0552 5552 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:35:00.0552 5552 mrxsmb10 - ok
18:35:00.0562 5552 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:35:00.0572 5552 mrxsmb20 - ok
18:35:00.0602 5552 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
18:35:00.0602 5552 msahci - ok
18:35:00.0632 5552 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:35:00.0642 5552 msdsm - ok
18:35:00.0662 5552 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
18:35:00.0672 5552 MSDTC - ok
18:35:00.0712 5552 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:35:00.0712 5552 Msfs - ok
18:35:00.0732 5552 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:35:00.0732 5552 mshidkmdf - ok
18:35:00.0772 5552 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:35:00.0772 5552 msisadrv - ok
18:35:00.0812 5552 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:35:00.0822 5552 MSiSCSI - ok
18:35:00.0832 5552 msiserver - ok
18:35:00.0868 5552 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:35:00.0868 5552 MSKSSRV - ok
18:35:00.0899 5552 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:35:00.0899 5552 MSPCLOCK - ok
18:35:00.0915 5552 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:35:00.0915 5552 MSPQM - ok
18:35:00.0946 5552 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:35:00.0946 5552 MsRPC - ok
18:35:00.0993 5552 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:35:00.0993 5552 mssmbios - ok
18:35:01.0008 5552 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:35:01.0008 5552 MSTEE - ok
18:35:01.0024 5552 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:35:01.0040 5552 MTConfig - ok
18:35:01.0055 5552 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
18:35:01.0055 5552 Mup - ok
18:35:01.0102 5552 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
18:35:01.0102 5552 napagent - ok
18:35:01.0149 5552 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:35:01.0149 5552 NativeWifiP - ok
18:35:01.0196 5552 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:35:01.0211 5552 NDIS - ok
18:35:01.0242 5552 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:35:01.0242 5552 NdisCap - ok
18:35:01.0274 5552 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:35:01.0274 5552 NdisTapi - ok
18:35:01.0320 5552 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:35:01.0320 5552 Ndisuio - ok
18:35:01.0352 5552 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:35:01.0352 5552 NdisWan - ok
18:35:01.0367 5552 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:35:01.0367 5552 NDProxy - ok
18:35:01.0414 5552 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
18:35:01.0414 5552 Net Driver HPZ12 - ok
18:35:01.0445 5552 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:35:01.0461 5552 NetBIOS - ok
18:35:01.0492 5552 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:35:01.0492 5552 NetBT - ok
18:35:01.0508 5552 netlimiter - ok
18:35:01.0539 5552 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
18:35:01.0539 5552 Netlogon - ok
18:35:01.0586 5552 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
18:35:01.0586 5552 Netman - ok
18:35:01.0617 5552 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
18:35:01.0632 5552 netprofm - ok
18:35:01.0664 5552 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:35:01.0664 5552 NetTcpPortSharing - ok
18:35:01.0695 5552 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:35:01.0695 5552 nfrd960 - ok
18:35:01.0742 5552 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:35:01.0742 5552 NlaSvc - ok
18:35:01.0773 5552 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:35:01.0773 5552 Npfs - ok
18:35:01.0804 5552 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
18:35:01.0804 5552 nsi - ok
18:35:01.0820 5552 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:35:01.0820 5552 nsiproxy - ok
18:35:01.0882 5552 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:35:01.0898 5552 Ntfs - ok
18:35:01.0913 5552 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
18:35:01.0913 5552 NTIDrvr - ok
18:35:01.0944 5552 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
18:35:01.0944 5552 Null - ok
18:35:02.0192 5552 [ B0881DDA5A8160422561FFAB7F0008B1 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:35:02.0382 5552 nvlddmkm - ok
18:35:02.0422 5552 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:35:02.0422 5552 nvraid - ok
18:35:02.0442 5552 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:35:02.0442 5552 nvstor - ok
18:35:02.0472 5552 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:35:02.0472 5552 nv_agp - ok
18:35:02.0532 5552 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:35:02.0542 5552 odserv - ok
18:35:02.0572 5552 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:35:02.0572 5552 ohci1394 - ok
18:35:02.0592 5552 osaio - ok
18:35:02.0632 5552 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:35:02.0642 5552 ose - ok
18:35:02.0672 5552 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:35:02.0682 5552 p2pimsvc - ok
18:35:02.0712 5552 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
18:35:02.0722 5552 p2psvc - ok
18:35:02.0762 5552 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:35:02.0762 5552 Parport - ok
18:35:02.0802 5552 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:35:02.0802 5552 partmgr - ok
18:35:02.0812 5552 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
18:35:02.0822 5552 Parvdm - ok
18:35:02.0852 5552 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:35:02.0852 5552 PcaSvc - ok
18:35:02.0892 5552 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
18:35:02.0892 5552 pci - ok
18:35:02.0922 5552 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
18:35:02.0922 5552 pciide - ok
18:35:02.0962 5552 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:35:02.0972 5552 pcmcia - ok
18:35:02.0982 5552 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
18:35:02.0982 5552 pcw - ok
18:35:03.0012 5552 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:35:03.0022 5552 PEAUTH - ok
18:35:03.0112 5552 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
18:35:03.0132 5552 pla - ok
18:35:03.0172 5552 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:35:03.0182 5552 PlugPlay - ok
18:35:03.0212 5552 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
18:35:03.0222 5552 Pml Driver HPZ12 - ok
18:35:03.0242 5552 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:35:03.0252 5552 PNRPAutoReg - ok
18:35:03.0272 5552 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:35:03.0272 5552 PNRPsvc - ok
18:35:03.0312 5552 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:35:03.0322 5552 PolicyAgent - ok
18:35:03.0362 5552 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
18:35:03.0372 5552 Power - ok
18:35:03.0402 5552 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:35:03.0402 5552 PptpMiniport - ok
18:35:03.0422 5552 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:35:03.0422 5552 Processor - ok
18:35:03.0472 5552 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
18:35:03.0472 5552 ProfSvc - ok
18:35:03.0492 5552 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:35:03.0492 5552 ProtectedStorage - ok
18:35:03.0522 5552 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:35:03.0522 5552 Psched - ok
18:35:03.0542 5552 [ 88B72D2A800300EB05C69F3C6C3180F2 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys
18:35:03.0542 5552 PSDFilter - ok
18:35:03.0562 5552 [ 9649E11FC5459BF6B2C9E8E327E45C3A ] PSDNServ C:\Windows\system32\drivers\PSDNServ.sys
18:35:03.0562 5552 PSDNServ - ok
18:35:03.0592 5552 [ 3D0BE1373B9DFE9FC7B64F090E4D59E3 ] psdvdisk C:\Windows\system32\drivers\psdvdisk.sys
18:35:03.0592 5552 psdvdisk - ok
18:35:03.0652 5552 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:35:03.0672 5552 ql2300 - ok
18:35:03.0692 5552 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:35:03.0692 5552 ql40xx - ok
18:35:03.0732 5552 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
18:35:03.0732 5552 QWAVE - ok
18:35:03.0762 5552 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:35:03.0772 5552 QWAVEdrv - ok
18:35:03.0792 5552 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:35:03.0802 5552 RasAcd - ok
18:35:03.0842 5552 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:35:03.0842 5552 RasAgileVpn - ok
18:35:03.0862 5552 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
18:35:03.0862 5552 RasAuto - ok
18:35:03.0882 5552 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:35:03.0892 5552 Rasl2tp - ok
18:35:03.0932 5552 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
18:35:03.0942 5552 RasMan - ok
18:35:03.0952 5552 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:35:03.0962 5552 RasPppoe - ok
18:35:04.0002 5552 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:35:04.0002 5552 RasSstp - ok
18:35:04.0022 5552 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:35:04.0032 5552 rdbss - ok
18:35:04.0043 5552 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:35:04.0053 5552 rdpbus - ok
18:35:04.0083 5552 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:35:04.0083 5552 RDPCDD - ok
18:35:04.0103 5552 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:35:04.0103 5552 RDPENCDD - ok
18:35:04.0133 5552 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:35:04.0143 5552 RDPREFMP - ok
18:35:04.0173 5552 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:35:04.0183 5552 RDPWD - ok
18:35:04.0213 5552 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:35:04.0223 5552 rdyboost - ok
18:35:04.0263 5552 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
18:35:04.0263 5552 RemoteAccess - ok
18:35:04.0303 5552 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:35:04.0313 5552 RemoteRegistry - ok
18:35:04.0363 5552 [ A76CDDB6D1F25797843E2557A2118E2E ] RichVideo C:\Program Files\CyberLink\Shared
 
Here is the remainder.

18:35:04.0393 5552 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:35:04.0403 5552 RpcEptMapper - ok
18:35:04.0433 5552 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
18:35:04.0433 5552 RpcLocator - ok
18:35:04.0465 5552 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
18:35:04.0465 5552 RpcSs - ok
18:35:04.0511 5552 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:35:04.0511 5552 rspndr - ok
18:35:04.0521 5552 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
18:35:04.0521 5552 SamSs - ok
18:35:04.0571 5552 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:35:04.0571 5552 sbp2port - ok
18:35:04.0641 5552 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
18:35:04.0651 5552 SBSDWSCService - ok
18:35:04.0691 5552 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:35:04.0701 5552 SCardSvr - ok
18:35:04.0711 5552 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:35:04.0711 5552 scfilter - ok
18:35:04.0761 5552 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
18:35:04.0771 5552 Schedule - ok
18:35:04.0801 5552 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:35:04.0801 5552 SCPolicySvc - ok
18:35:04.0841 5552 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:35:04.0851 5552 SDRSVC - ok
18:35:04.0881 5552 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:35:04.0891 5552 secdrv - ok
18:35:04.0921 5552 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
18:35:04.0921 5552 seclogon - ok
18:35:04.0941 5552 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
18:35:04.0951 5552 SENS - ok
18:35:04.0981 5552 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:35:04.0991 5552 SensrSvc - ok
18:35:05.0001 5552 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:35:05.0001 5552 Serenum - ok
18:35:05.0031 5552 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:35:05.0041 5552 Serial - ok
18:35:05.0062 5552 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:35:05.0072 5552 sermouse - ok
18:35:05.0122 5552 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
18:35:05.0132 5552 SessionEnv - ok
18:35:05.0162 5552 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:35:05.0162 5552 sffdisk - ok
18:35:05.0172 5552 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:35:05.0172 5552 sffp_mmc - ok
18:35:05.0182 5552 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:35:05.0182 5552 sffp_sd - ok
18:35:05.0212 5552 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:35:05.0212 5552 sfloppy - ok
18:35:05.0262 5552 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:35:05.0272 5552 ShellHWDetection - ok
18:35:05.0302 5552 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:35:05.0302 5552 sisagp - ok
18:35:05.0332 5552 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:35:05.0332 5552 SiSRaid2 - ok
18:35:05.0352 5552 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:35:05.0352 5552 SiSRaid4 - ok
18:35:05.0392 5552 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:35:05.0392 5552 Smb - ok
18:35:05.0462 5552 [ 19301C27F3425DC39F6C599F527E507D ] smserial C:\Windows\system32\DRIVERS\smserial.sys
18:35:05.0472 5552 smserial - ok
18:35:05.0542 5552 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:35:05.0552 5552 SNMPTRAP - ok
18:35:05.0582 5552 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
18:35:05.0582 5552 spldr - ok
18:35:05.0632 5552 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
18:35:05.0642 5552 Spooler - ok
18:35:05.0732 5552 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
18:35:05.0782 5552 sppsvc - ok
18:35:05.0812 5552 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:35:05.0822 5552 sppuinotify - ok
18:35:05.0852 5552 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:35:05.0862 5552 srv - ok
18:35:05.0882 5552 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:35:05.0882 5552 srv2 - ok
18:35:05.0912 5552 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:35:05.0912 5552 srvnet - ok
18:35:05.0952 5552 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:35:05.0962 5552 SSDPSRV - ok
18:35:05.0972 5552 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:35:05.0982 5552 SstpSvc - ok
18:35:06.0042 5552 [ 8BDDCE5A798B1150CDC5AB61D480B267 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:35:06.0052 5552 Stereo Service - ok
18:35:06.0082 5552 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:35:06.0082 5552 stexstor - ok
18:35:06.0132 5552 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
18:35:06.0152 5552 StiSvc - ok
18:35:06.0172 5552 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
18:35:06.0182 5552 swenum - ok
18:35:06.0212 5552 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
18:35:06.0222 5552 swprv - ok
18:35:06.0282 5552 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
18:35:06.0302 5552 SysMain - ok
18:35:06.0342 5552 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:35:06.0342 5552 TabletInputService - ok
18:35:06.0382 5552 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
18:35:06.0392 5552 TapiSrv - ok
18:35:06.0422 5552 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
18:35:06.0432 5552 TBS - ok
18:35:06.0502 5552 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:35:06.0512 5552 Tcpip - ok
18:35:06.0538 5552 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:35:06.0554 5552 TCPIP6 - ok
18:35:06.0600 5552 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:35:06.0616 5552 tcpipreg - ok
18:35:06.0663 5552 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:35:06.0663 5552 TDPIPE - ok
18:35:06.0678 5552 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:35:06.0694 5552 TDTCP - ok
18:35:06.0725 5552 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:35:06.0725 5552 tdx - ok
18:35:06.0756 5552 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:35:06.0756 5552 TermDD - ok
18:35:06.0803 5552 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
18:35:06.0819 5552 TermService - ok
18:35:06.0850 5552 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
18:35:06.0850 5552 Themes - ok
18:35:06.0881 5552 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
18:35:06.0897 5552 THREADORDER - ok
18:35:06.0912 5552 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
18:35:06.0928 5552 TrkWks - ok
18:35:06.0975 5552 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:35:06.0990 5552 TrustedInstaller - ok
18:35:07.0006 5552 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:35:07.0006 5552 tssecsrv - ok
18:35:07.0037 5552 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:35:07.0053 5552 TsUsbFlt - ok
18:35:07.0100 5552 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:35:07.0100 5552 tunnel - ok
18:35:07.0131 5552 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:35:07.0131 5552 uagp35 - ok
18:35:07.0162 5552 [ E0C67BE430C6DE490D6CCAECFA071F9E ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
18:35:07.0162 5552 UBHelper - ok
18:35:07.0193 5552 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:35:07.0193 5552 udfs - ok
18:35:07.0240 5552 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:35:07.0256 5552 UI0Detect - ok
18:35:07.0287 5552 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:35:07.0287 5552 uliagpkx - ok
18:35:07.0334 5552 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:35:07.0334 5552 umbus - ok
18:35:07.0365 5552 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:35:07.0365 5552 UmPass - ok
18:35:07.0380 5552 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
18:35:07.0396 5552 upnphost - ok
18:35:07.0427 5552 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
18:35:07.0443 5552 USBAAPL - ok
18:35:07.0474 5552 [ AF9388E736AF0C325067F05EDC350010 ] usbbus C:\Windows\system32\DRIVERS\lgusbbus.sys
18:35:07.0474 5552 usbbus - ok
18:35:07.0505 5552 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:35:07.0505 5552 usbccgp - ok
18:35:07.0536 5552 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:35:07.0536 5552 usbcir - ok
18:35:07.0568 5552 [ AE30EA96E60E823C7B525DA356283AE8 ] UsbDiag C:\Windows\system32\DRIVERS\lgusbdiag.sys
18:35:07.0568 5552 UsbDiag - ok
18:35:07.0583 5552 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:35:07.0583 5552 usbehci - ok
18:35:07.0630 5552 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:35:07.0630 5552 usbhub - ok
18:35:07.0661 5552 [ 46AC66DF3D6EFE81F69BEA823A53AAB5 ] USBModem C:\Windows\system32\DRIVERS\lgusbmodem.sys
18:35:07.0661 5552 USBModem - ok
18:35:07.0692 5552 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:35:07.0692 5552 usbohci - ok
18:35:07.0739 5552 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:35:07.0739 5552 usbprint - ok
18:35:07.0770 5552 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:35:07.0770 5552 usbscan - ok
18:35:07.0786 5552 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:35:07.0786 5552 USBSTOR - ok
18:35:07.0802 5552 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:35:07.0802 5552 usbuhci - ok
18:35:07.0848 5552 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
18:35:07.0848 5552 UxSms - ok
18:35:07.0864 5552 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
18:35:07.0880 5552 VaultSvc - ok
18:35:07.0911 5552 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:35:07.0911 5552 vdrvroot - ok
18:35:07.0958 5552 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
18:35:07.0973 5552 vds - ok
18:35:08.0004 5552 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:35:08.0004 5552 vga - ok
18:35:08.0020 5552 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:35:08.0020 5552 VgaSave - ok
18:35:08.0067 5552 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:35:08.0067 5552 vhdmp - ok
18:35:08.0098 5552 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:35:08.0098 5552 viaagp - ok
18:35:08.0129 5552 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
18:35:08.0129 5552 ViaC7 - ok
18:35:08.0145 5552 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
18:35:08.0145 5552 viaide - ok
18:35:08.0192 5552 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:35:08.0192 5552 volmgr - ok
18:35:08.0223 5552 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:35:08.0223 5552 volmgrx - ok
18:35:08.0270 5552 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:35:08.0270 5552 volsnap - ok
18:35:08.0301 5552 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:35:08.0301 5552 vsmraid - ok
18:35:08.0348 5552 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
18:35:08.0363 5552 VSS - ok
18:35:08.0394 5552 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:35:08.0394 5552 vwifibus - ok
18:35:08.0426 5552 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
18:35:08.0441 5552 W32Time - ok
18:35:08.0472 5552 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:35:08.0472 5552 WacomPen - ok
18:35:08.0504 5552 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:35:08.0504 5552 WANARP - ok
18:35:08.0519 5552 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:35:08.0519 5552 Wanarpv6 - ok
18:35:08.0582 5552 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:35:08.0597 5552 WatAdminSvc - ok
18:35:08.0644 5552 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
18:35:08.0675 5552 wbengine - ok
18:35:08.0706 5552 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:35:08.0722 5552 WbioSrvc - ok
18:35:08.0753 5552 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:35:08.0769 5552 wcncsvc - ok
18:35:08.0784 5552 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:35:08.0800 5552 WcsPlugInService - ok
18:35:08.0831 5552 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:35:08.0831 5552 Wd - ok
18:35:08.0862 5552 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:35:08.0862 5552 Wdf01000 - ok
18:35:08.0878 5552 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:35:08.0894 5552 WdiServiceHost - ok
18:35:08.0909 5552 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:35:08.0909 5552 WdiSystemHost - ok
18:35:08.0956 5552 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
18:35:08.0972 5552 WebClient - ok
18:35:09.0003 5552 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:35:09.0003 5552 Wecsvc - ok
18:35:09.0034 5552 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:35:09.0034 5552 wercplsupport - ok
18:35:09.0065 5552 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
18:35:09.0065 5552 WerSvc - ok
18:35:09.0112 5552 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:35:09.0112 5552 WfpLwf - ok
18:35:09.0128 5552 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:35:09.0143 5552 WIMMount - ok
18:35:09.0143 5552 WinHttpAutoProxySvc - ok
18:35:09.0206 5552 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:35:09.0206 5552 Winmgmt - ok
18:35:09.0268 5552 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
18:35:09.0299 5552 WinRM - ok
18:35:09.0362 5552 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:35:09.0362 5552 WinUsb - ok
18:35:09.0408 5552 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:35:09.0424 5552 Wlansvc - ok
18:35:09.0455 5552 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:35:09.0455 5552 WmiAcpi - ok
18:35:09.0486 5552 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:35:09.0502 5552 wmiApSrv - ok
18:35:09.0580 5552 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:35:09.0596 5552 WMPNetworkSvc - ok
18:35:09.0627 5552 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:35:09.0642 5552 WPCSvc - ok
18:35:09.0674 5552 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:35:09.0674 5552 WPDBusEnum - ok
18:35:09.0705 5552 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:35:09.0705 5552 ws2ifsl - ok
18:35:09.0720 5552 WSearch - ok
18:35:09.0814 5552 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:35:09.0845 5552 wuauserv - ok
18:35:09.0876 5552 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:35:09.0892 5552 WudfPf - ok
18:35:09.0908 5552 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:35:09.0923 5552 WUDFRd - ok
18:35:09.0954 5552 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:35:09.0970 5552 wudfsvc - ok
18:35:10.0001 5552 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
18:35:10.0017 5552 WwanSvc - ok
18:35:10.0048 5552 [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
18:35:10.0048 5552 yukonw7 - ok
18:35:10.0235 5552 [ F45EDE31290119600D88C6776253F5F7 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
18:35:10.0344 5552 ZuneNetworkSvc - ok
18:35:10.0391 5552 [ 79118FDC6E632D365B6AEAF8F287BDE4 ] ZuneWlanCfgSvc C:\Windows\system32\ZuneWlanCfgSvc.exe
18:35:10.0407 5552 ZuneWlanCfgSvc - ok
18:35:10.0422 5552 ================ Scan global ===============================
18:35:10.0454 5552 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
18:35:10.0500 5552 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
18:35:10.0516 5552 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
18:35:10.0547 5552 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
18:35:10.0563 5552 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
18:35:10.0578 5552 [Global] - ok
18:35:10.0578 5552 ================ Scan MBR ==================================
18:35:10.0594 5552 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:35:10.0859 5552 \Device\Harddisk0\DR0 - ok
18:35:10.0859 5552 ================ Scan VBR ==================================
18:35:10.0875 5552 [ C715A036A4724331353B91699DCC084E ] \Device\Harddisk0\DR0\Partition1
18:35:10.0875 5552 \Device\Harddisk0\DR0\Partition1 - ok
18:35:10.0890 5552 [ 4F5B54FC798E51E8D3B166441A9FBD5E ] \Device\Harddisk0\DR0\Partition2
18:35:10.0890 5552 \Device\Harddisk0\DR0\Partition2 - ok
18:35:10.0890 5552 ============================================================
18:35:10.0890 5552 Scan finished
18:35:10.0890 5552 ============================================================
18:35:10.0922 1008 Detected object count: 0
18:35:10.0922 1008 Actual detected object count: 0
18:41:25.0066 4804 Deinitialize success
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 10/14/2012 18:46:53
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 6 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{49C3B646-9DDD-48CC-9F72-73B8A4DFDF00} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{49C3B646-9DDD-48CC-9F72-73B8A4DFDF00} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
127.0.0.1www.007guard.com
127.0.0.1007guard.com
127.0.0.1008i.com
127.0.0.1www.008k.com
127.0.0.1008k.com
127.0.0.1www.00hq.com
127.0.0.100hq.com
127.0.0.1010402.com
127.0.0.1www.032439.com
127.0.0.1032439.com
127.0.0.1www.0scan.com
127.0.0.10scan.com
127.0.0.1www.1000gratisproben.com
127.0.0.11000gratisproben.com
127.0.0.11001namen.com
127.0.0.1www.1001namen.com
127.0.0.1100888290cs.com
127.0.0.1www.100888290cs.com
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HDT725032VLA SCSI Disk Device +++++
--- User ---
[MBR] b121865fec033995482a277fbde473bc
[BSP] b14f291150c115cc82f05b680b8d3d11 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 6997 Mo
1 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 14329980 | Size: 149299 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 320095125 | Size: 148933 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-14 19:14:38
-----------------------------
19:14:38.170 OS Version: Windows 6.1.7601 Service Pack 1
19:14:38.170 Number of processors: 2 586 0x4B02
19:14:38.170 ComputerName: NRMTJ3JB7 UserName: Owner
19:14:38.778 Initialize success
19:14:38.903 AVAST engine defs: 12101401
19:14:44.535 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
19:14:44.535 Disk 0 Vendor: Hitachi_ V54O Size: 305245MB BusType: 3
19:14:44.722 Disk 0 MBR read successfully
19:14:44.722 Disk 0 MBR scan
19:14:44.722 Disk 0 Windows 7 default MBR code
19:14:44.769 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 6997 MB offset 63
19:14:44.831 Disk 0 Partition 2 80 (A) 06 FAT16 NTFS 149299 MB offset 14329980
19:14:44.878 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 148933 MB offset 320095125
19:14:44.944 Disk 0 scanning sectors +625111728
19:14:45.064 Disk 0 scanning C:\Windows\system32\drivers
19:15:01.144 Service scanning
19:15:25.293 Modules scanning
19:15:42.375 Disk 0 trace - called modules:
19:15:42.422 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
19:15:42.438 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8691b030]
19:15:42.453 3 CLASSPNP.SYS[8ba9959e] -> nt!IofCallDriver -> [0x8625b1c8]
19:15:42.453 5 ACPI.sys[83dcf3d4] -> nt!IofCallDriver -> \Device\00000063[0x8625bc68]
19:15:43.046 AVAST engine scan C:\Windows
19:15:52.718 AVAST engine scan C:\Windows\system32
19:18:03.880 AVAST engine scan C:\Windows\system32\drivers
19:18:14.154 AVAST engine scan C:\Users\Owner
19:27:46.498 AVAST engine scan C:\ProgramData
19:31:01.561 Scan finished successfully
19:32:29.964 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
19:32:29.964 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"
 
folder labeled documents and settings is locked and when I try to access it I get a message that I am not authorize
Click to expand...
On Windows 7 that folder is a hidden system folder so you should hide it and not play with it.

==============================

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

=============================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If restarting doesn't help use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Here you go.

ComboFix 12-10-14.03 - Owner 10/14/2012 21:33:17.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2816.1767 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\fiThxK8bHjNXE6
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db
c:\users\Owner\Documents\pub584.tmp
c:\users\Owner\Documents\pubE2EC.tmp
c:\users\Owner\Documents\pubF86F.tmp
c:\users\Owner\Favorites\ehthumbs_vista.db
c:\windows\system32\service
c:\windows\system32\service\01082010_TIS17_SfFniAU.log
c:\windows\system32\service\01102012_TIS17_SfFniAU.log
c:\windows\system32\service\02082010_TIS17_SfFniAU.log
c:\windows\system32\service\04092012_TIS17_SfFniAU.log
c:\windows\system32\service\07062012_TIS17_SfFniAU.log
c:\windows\system32\service\10092010_TIS17_SfFniAU.log
c:\windows\system32\service\10102011_TIS17_SfFniAU.log
c:\windows\system32\service\11102012_TIS17_SfFniAU.log
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-15 to 2012-10-15 )))))))))))))))))))))))))))))))
.
.
2012-10-15 02:41 . 2012-10-15 02:49--------d-----w-c:\users\Owner\AppData\Local\temp
2012-10-15 02:41 . 2012-10-15 02:41--------d-----w-c:\users\garrett lenamond\AppData\Local\temp
2012-10-15 02:41 . 2012-10-15 02:41--------d-----w-c:\users\Experience\AppData\Local\temp
2012-10-15 02:41 . 2012-10-15 02:41--------d-----w-c:\users\Default\AppData\Local\temp
2012-10-15 02:32 . 2012-10-15 02:3256200----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF0BEF09-2023-4C2D-BAB6-9C37D7D05A70}\offreg.dll
2012-10-13 23:57 . 2012-10-13 23:57--------d-----w-c:\program files\Common Files\Java
2012-10-13 23:51 . 2012-10-13 23:51821736----a-w-c:\windows\system32\npDeployJava1.dll
2012-10-13 23:51 . 2012-10-13 23:5193672----a-w-c:\windows\system32\WindowsAccessBridge.dll
2012-10-13 23:50 . 2012-10-13 23:50--------d-----w-c:\programdata\McAfee
2012-10-13 23:24 . 2012-10-13 23:26--------d-----w-c:\program files\SpywareBlaster
2012-10-13 22:08 . 2012-10-13 22:36--------d-----w-c:\programdata\Spybot - Search & Destroy
2012-10-13 22:08 . 2012-10-13 22:08--------d-----w-c:\program files\Spybot - Search & Destroy
2012-10-13 21:29 . 2012-10-13 21:29--------d-----w-c:\users\Owner\AppData\Roaming\IObit
2012-10-13 21:29 . 2012-10-13 21:29--------d-----w-c:\program files\IObit
2012-10-13 21:11 . 2012-10-13 21:11--------d-----w-c:\program files\Common Files\Comodo
2012-10-13 21:11 . 2012-10-13 21:11--------d-----w-c:\programdata\CPA_VA
2012-10-13 20:59 . 2012-10-13 21:06--------d-----w-c:\programdata\Comodo
2012-10-13 20:59 . 2012-10-13 20:59--------d-----w-c:\users\Owner\AppData\Local\Comodo
2012-10-13 20:59 . 2012-10-13 21:1245320----a-w-c:\windows\system32\certsentry.dll
2012-10-13 20:59 . 2012-10-13 21:11--------d-----w-c:\program files\Comodo
2012-10-13 20:19 . 2012-08-21 09:1321256----a-w-c:\windows\system32\drivers\aswFsBlk.sys
2012-10-13 20:19 . 2012-08-21 09:13355632----a-w-c:\windows\system32\drivers\aswSP.sys
2012-10-13 20:19 . 2012-08-21 09:1344784----a-w-c:\windows\system32\drivers\aswRdr2.sys
2012-10-13 20:19 . 2012-08-21 09:13729752----a-w-c:\windows\system32\drivers\aswSnx.sys
2012-10-13 20:19 . 2012-08-21 09:1354232----a-w-c:\windows\system32\drivers\aswTdi.sys
2012-10-13 20:19 . 2012-08-21 09:1358680----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2012-10-13 20:18 . 2012-08-21 09:1241224----a-w-c:\windows\avastSS.scr
2012-10-13 20:18 . 2012-08-21 09:12227648----a-w-c:\windows\system32\aswBoot.exe
2012-10-13 20:18 . 2012-10-13 20:18--------d-----w-c:\programdata\AVAST Software
2012-10-13 20:18 . 2012-10-13 20:18--------d-----w-c:\program files\AVAST Software
2012-10-13 19:37 . 2012-10-13 19:37--------d-----w-c:\program files\CCleaner
2012-10-13 19:20 . 2012-10-13 19:22--------d-----w-C:\MGtools
2012-10-13 19:14 . 2012-10-13 19:1412872----a-w-c:\windows\system32\bootdelete.exe
2012-10-13 05:07 . 2012-10-13 05:07--------d-----w-c:\programdata\NtiDvdCopy
2012-10-13 00:00 . 2012-10-13 00:00--------d-----w-c:\program files\HitmanPro
2012-10-13 00:00 . 2012-10-13 00:06--------d-----w-c:\programdata\HitmanPro
2012-10-12 23:09 . 2012-10-12 23:09--------d-sh--w-c:\windows\system32\%APPDATA%
2012-10-12 23:06 . 2012-10-12 23:06--------d-----w-c:\users\Owner\AppData\Roaming\Malwarebytes
2012-10-12 23:05 . 2012-10-12 23:05--------d-----w-c:\programdata\Malwarebytes
2012-10-12 23:05 . 2012-10-12 23:05--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-10-12 23:03 . 2012-10-12 23:03--------d-----w-c:\windows\Sun
2012-10-10 06:03 . 2012-08-30 17:123968880----a-w-c:\windows\system32\ntkrnlpa.exe
2012-10-10 06:03 . 2012-08-30 17:123914096----a-w-c:\windows\system32\ntoskrnl.exe
2012-10-10 06:03 . 2012-08-10 23:56542208----a-w-c:\windows\system32\kerberos.dll
2012-10-09 10:49 . 2012-08-30 08:176980552----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF0BEF09-2023-4C2D-BAB6-9C37D7D05A70}\mpengine.dll
2012-10-05 06:32 . 2012-10-05 06:3282952----a-w-c:\windows\system32\drivers\inspect.sys
2012-10-05 06:32 . 2012-10-05 06:32494416----a-w-c:\windows\system32\drivers\cmdGuard.sys
2012-10-05 06:32 . 2012-10-05 06:3236072----a-w-c:\windows\system32\drivers\cmdhlp.sys
2012-10-05 06:32 . 2012-10-05 06:3219632----a-w-c:\windows\system32\drivers\cmderd.sys
2012-10-05 06:32 . 2012-10-05 06:3234024----a-w-c:\windows\system32\cmdcsr.dll
2012-10-05 06:32 . 2012-10-05 06:32301264----a-w-c:\windows\system32\guard32.dll
2012-09-26 12:40 . 2012-08-21 20:12245760----a-w-c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-13 23:51 . 2011-12-19 02:52746984----a-w-c:\windows\system32\deployJava1.dll
2012-10-13 19:22 . 2012-10-13 19:20185284----a-w-C:\MGlogs.zip
2012-08-22 17:16 . 2012-09-11 21:111292144----a-w-c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-11 21:11712048----a-w-c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-11 21:11240496----a-w-c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-11 21:11187760----a-w-c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-02 16:57 . 2012-09-11 21:11490496----a-w-c:\windows\system32\d3d10level9.dll
2012-07-18 17:47 . 2012-08-15 18:142345984----a-w-c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 16:32279944----a-w-c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12121528----a-w-c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"RunSpySweeperScheduleAtStartup"="c:\windows\system32\msfeedssync.exe" [2011-10-10 10752]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIHSA.EXE" [2011-04-24 219008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2006-12-13 3166208]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2006-12-04 1261568]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2012-04-05 371864]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-10-05 6756048]
"tvncontrol"="c:\program files\Common Files\Comodo\GeekBuddyRSP.exe" [2012-09-28 1815040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-12 528384]
Start GeekBuddy.lnk - c:\program files\Comodo\GeekBuddy\launcher.exe [2012-10-5 49360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Citrix\ICACLI~1\RSHook.dll c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AutoMailer.lnk]
path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoMailer.lnk
backup=c:\windows\pss\AutoMailer.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-11 19:00919008----a-r-c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:2038872----a-w-c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 05:2559240----a-w-c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BYR_AGENT]
2011-06-14 06:45392280----a-w-c:\programdata\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 02:5249152----a-w-c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 07:36421736----a-w-c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 20:28421888----a-w-c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2006-11-09 02:573784704----a-w-c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2009-09-04 18:16158448----a-w-c:\program files\Zune\ZuneLauncher.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 netlimiter;netlimiter;c:\windows\system32\drivers\netlimiter.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\Comodo\launcher_service.exe [x]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [x]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 GeekBuddyRSP;GeekBuddy Remote Screen Protocol;c:\program files\Common Files\Comodo\GeekBuddyRSP.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-26 02:46]
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 21:34]
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 21:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://us.yahoo.com?fr=fp-comodo
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: tmfhs.org\tmfremote
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{49C3B646-9DDD-48CC-9F72-73B8A4DFDF00}: NameServer = 8.26.56.26,156.154.70.22
.
- - - - ORPHANS REMOVED - - - -
.
Notify-DfLogon - LogonDll.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(644)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(2308)
c:\windows\system32\guard32.dll
c:\windows\System32\pnidui.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Zune\ZuneNss.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-10-14 21:53:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-15 02:53
.
Pre-Run: 79,327,223,808 bytes free
Post-Run: 79,061,278,720 bytes free
.
- - End Of File - - A61238BB80401D07F0468F8DDFBBABEC
 
Looks good :)

Any current issues?

=================================

Uninstall Ask Toolbar, typical foistware.

==================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Its looking good. My homegroup is responding well and I can access my windows firewall. Should I turn off the windows firewall since I am using the Comodo firewall? Here are the Logs you requested.

OTL logfile created on: 10/14/2012 10:43:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 64.70% Memory free
5.50 Gb Paging File | 4.23 Gb Available in Paging File | 76.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 145.80 Gb Total Space | 73.70 Gb Free Space | 50.55% Space Free | Partition Type: NTFS
Drive D: | 145.44 Gb Total Space | 144.87 Gb Free Space | 99.61% Space Free | Partition Type: NTFS

Computer Name: NRMTJ3JB7 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/14 22:40:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2012/10/11 11:15:26 | 001,853,584 | ---- | M] () -- C:\Program Files\Comodo\Dragon\dragon_updater.exe
PRC - [2012/10/05 14:30:36 | 000,876,240 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Comodo\GeekBuddy\unit.exe
PRC - [2012/10/05 14:30:36 | 000,875,216 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
PRC - [2012/10/05 14:30:36 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) -- C:\Program Files\Common Files\Comodo\launcher_service.exe
PRC - [2012/10/05 01:32:18 | 001,990,464 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2012/10/05 01:31:48 | 006,756,048 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
PRC - [2012/09/28 14:21:26 | 001,815,040 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe
PRC - [2012/08/21 04:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/04/05 11:11:18 | 001,144,704 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
PRC - [2012/04/05 09:17:42 | 000,871,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2012/04/05 09:15:18 | 000,130,200 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\redirector.exe
PRC - [2012/04/05 09:14:40 | 000,371,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2012/04/03 11:00:24 | 000,051,128 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2011/06/09 13:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
PRC - [2011/04/24 13:01:00 | 000,219,008 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHSA.EXE
PRC - [2011/04/24 13:00:00 | 000,130,944 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
PRC - [2011/03/09 00:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2011/03/09 00:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/09/04 13:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe
PRC - [2009/09/01 19:38:39 | 000,266,240 | ---- | M] () -- C:\Windows\System32\CSHelper.exe
PRC - [2009/08/17 01:32:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2006/12/08 18:45:32 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2006/11/23 18:24:54 | 000,319,488 | ---- | M] () -- C:\Windows\System32\SysMonitor.exe
PRC - [2006/11/17 11:26:58 | 000,453,120 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2006/11/13 00:35:08 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2006/11/12 15:35:58 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/13 03:25:50 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/13 03:25:40 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/11 03:29:46 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/11 03:29:34 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2009/07/13 20:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2006/11/23 18:24:54 | 000,319,488 | ---- | M] () -- C:\Windows\System32\SysMonitor.exe
MOD - [2006/11/16 16:19:10 | 000,037,376 | ---- | M] () -- C:\Windows\System32\MSNChatHook.dll
MOD - [2006/11/16 16:18:50 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/10/11 11:15:26 | 001,853,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2012/10/05 14:30:36 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) [Auto | Running] -- C:\Program Files\Common Files\Comodo\launcher_service.exe -- (CLPSLauncher)
SRV - [2012/10/05 01:32:18 | 001,990,464 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/09/28 14:21:26 | 001,815,040 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe -- (GeekBuddyRSP)
SRV - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/09 13:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2011/04/24 13:00:00 | 000,130,944 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE -- (EPSON_PM_RPCV4_05)
SRV - [2010/04/06 03:00:45 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/09/04 13:17:00 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 13:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/09/01 19:38:39 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Windows\System32\CSHelper.exe -- (CSHelper)
SRV - [2009/08/17 01:32:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/12/08 18:45:32 | 000,045,056 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/11/13 00:35:08 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\osaio.sys -- (osaio)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\netlimiter.sys -- (netlimiter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/10/05 01:32:36 | 000,082,952 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2012/10/05 01:32:34 | 000,494,416 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012/10/05 01:32:34 | 000,036,072 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/08/21 04:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 04:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 04:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 04:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/08/21 04:13:14 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/08/21 04:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/02/14 01:42:32 | 000,067,960 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2011/02/14 03:42:36 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2011/02/14 03:42:34 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2011/02/14 03:42:32 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/07/13 17:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/06/10 16:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/12/07 21:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com?fr=fp-comodo
IE - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBF
IE - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\..\SearchScopes\{F713BE65-D907-432F-B390-E5F1BA53BE4D}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
IE - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\e-webprint@epson.com: C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2012/04/09 18:08:00 | 000,000,000 | ---D | M]

[2011/12/05 23:02:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\extensions
[2011/12/05 23:02:29 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Citrix ICA Client (Enabled) = C:\Program Files\Citrix\ICA Client\npicaN.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Harmony Firefox Plugin (Enabled) = C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/14 21:48:55 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (CtxIEInterceptorBHO Class) - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Windows\System32\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
O4 - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIHSA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000..\Run: [RunSpySweeperScheduleAtStartup] C:\Windows\System32\msfeedssync.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\..Trusted Domains: tmfhs.org ([tmfremote] http in Trusted sites)
O15 - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\..Trusted Domains: tmfhs.org ([tmfremote] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.68 208.180.42.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49C3B646-9DDD-48CC-9F72-73B8A4DFDF00}: DhcpNameServer = 208.180.42.68 208.180.42.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49C3B646-9DDD-48CC-9F72-73B8A4DFDF00}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll) - C:\Program Files\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/14 22:40:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/10/14 21:51:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/14 21:41:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2012/10/14 20:30:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/14 20:30:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/14 20:30:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/14 20:30:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/14 20:29:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/14 20:22:57 | 004,980,339 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/10/14 18:32:34 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/10/14 17:09:58 | 000,706,431 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.com
[2012/10/13 18:57:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/10/13 18:50:23 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/10/13 18:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/10/13 18:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012/10/13 18:24:43 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/10/13 17:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/10/13 17:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/10/13 17:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/10/13 16:29:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\IObit
[2012/10/13 16:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/10/13 16:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Comodo
[2012/10/13 16:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/10/13 16:06:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012/10/13 15:59:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012/10/13 15:59:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Comodo
[2012/10/13 15:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012/10/13 15:59:24 | 000,045,320 | ---- | C] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll
[2012/10/13 15:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2012/10/13 15:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/10/13 15:19:55 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/10/13 15:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/10/13 15:19:54 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/10/13 15:19:52 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/10/13 15:19:50 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/10/13 15:19:50 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/10/13 15:19:46 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/10/13 15:18:59 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/10/13 15:18:59 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/13 15:18:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/10/13 15:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/10/13 14:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/10/13 14:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/10/13 14:20:33 | 000,000,000 | ---D | C] -- C:\MGtools
[2012/10/13 14:14:57 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/10/13 00:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\NtiDvdCopy
[2012/10/12 20:17:05 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2012/10/12 19:31:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\RK_Quarantine
[2012/10/12 19:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2012/10/12 19:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/10/12 19:00:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/10/12 18:09:20 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/10/12 18:06:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2012/10/12 18:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/12 18:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/12 18:05:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/12 18:03:05 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/10/05 01:32:36 | 000,082,952 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2012/10/05 01:32:34 | 000,494,416 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys
[2012/10/05 01:32:34 | 000,036,072 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2012/10/05 01:32:32 | 000,019,632 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys
[2012/10/05 01:32:14 | 000,034,024 | ---- | C] (COMODO) -- C:\Windows\System32\cmdcsr.dll
[2012/10/05 01:32:12 | 000,301,264 | ---- | C] (COMODO) -- C:\Windows\System32\guard32.dll
 
Here is the rest of the log

========== Files - Modified Within 30 Days ==========

[2012/10/14 22:40:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/10/14 22:04:02 | 000,010,048 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/14 22:04:02 | 000,010,048 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/14 21:56:59 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/14 21:56:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/14 21:56:24 | 2214,240,256 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/14 21:51:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/14 21:48:55 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/14 21:29:55 | 000,626,922 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/14 21:29:55 | 000,107,238 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/14 20:22:41 | 004,980,339 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/10/14 19:32:29 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.dat
[2012/10/14 18:44:31 | 001,422,336 | ---- | M] () -- C:\Users\Owner\Desktop\RogueKiller.exe
[2012/10/14 18:32:35 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/10/14 17:10:26 | 000,706,431 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.com
[2012/10/14 16:36:01 | 000,302,592 | ---- | M] () -- C:\Users\Owner\Desktop\en3g5rd1.exe
[2012/10/14 13:59:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/10/14 11:29:34 | 000,000,000 | -H-- | M] () -- C:\Users\Owner\Documents\Default.rdp
[2012/10/14 11:19:16 | 000,077,301 | ---- | M] () -- C:\Users\Owner\Documents\mevsa tv repair form.pdf
[2012/10/13 18:24:45 | 000,001,045 | ---- | M] () -- C:\Users\Owner\Desktop\SpywareBlaster.lnk
[2012/10/13 17:38:28 | 000,444,348 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20121013-174712.backup
[2012/10/13 17:08:38 | 000,001,248 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/10/13 16:12:39 | 000,045,320 | ---- | M] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll
[2012/10/13 16:11:59 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\AntiError.lnk
[2012/10/13 16:11:59 | 000,002,017 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2012/10/13 16:11:59 | 000,002,017 | ---- | M] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2012/10/13 16:03:35 | 000,000,000 | ---- | M] () -- C:\Windows\EEventManager.INI
[2012/10/13 16:00:09 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012/10/13 15:59:49 | 000,001,230 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/10/13 15:59:30 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012/10/13 15:27:22 | 000,002,243 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/10/13 15:27:22 | 000,002,227 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/13 15:19:55 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/13 15:19:46 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/10/13 14:37:26 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/13 14:22:47 | 000,185,284 | ---- | M] () -- C:\MGlogs.zip
[2012/10/13 14:20:33 | 001,674,318 | ---- | M] () -- C:\MGtools.exe
[2012/10/13 14:14:57 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/10/12 20:18:00 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2012/10/12 19:08:12 | 000,000,176 | ---- | M] () -- C:\ProgramData\-fiThxK8bHjNXE6r
[2012/10/12 19:08:12 | 000,000,168 | ---- | M] () -- C:\ProgramData\-fiThxK8bHjNXE6
[2012/10/12 19:06:06 | 000,035,944 | ---- | M] () -- C:\Windows\System32\.crusader
[2012/10/12 19:00:55 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/10/12 18:05:56 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/05 01:32:36 | 000,082,952 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2012/10/05 01:32:34 | 000,494,416 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys
[2012/10/05 01:32:34 | 000,036,072 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2012/10/05 01:32:32 | 000,019,632 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys
[2012/10/05 01:32:14 | 000,034,024 | ---- | M] (COMODO) -- C:\Windows\System32\cmdcsr.dll
[2012/10/05 01:32:12 | 000,301,264 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
[2012/09/17 16:23:08 | 001,321,629 | ---- | M] () -- C:\Users\Owner\Documents\9-17-2012.jpg

========== Files Created - No Company Name ==========

[2012/10/14 20:30:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/14 20:30:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/14 20:30:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/14 20:30:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/14 20:30:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/14 19:32:29 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.dat
[2012/10/14 18:44:31 | 001,422,336 | ---- | C] () -- C:\Users\Owner\Desktop\RogueKiller.exe
[2012/10/14 16:36:00 | 000,302,592 | ---- | C] () -- C:\Users\Owner\Desktop\en3g5rd1.exe
[2012/10/14 11:29:34 | 000,000,000 | -H-- | C] () -- C:\Users\Owner\Documents\Default.rdp
[2012/10/14 11:19:16 | 000,077,301 | ---- | C] () -- C:\Users\Owner\Documents\mevsa tv repair form.pdf
[2012/10/13 18:24:45 | 000,001,045 | ---- | C] () -- C:\Users\Owner\Desktop\SpywareBlaster.lnk
[2012/10/13 17:08:38 | 000,001,248 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/10/13 16:11:59 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\AntiError.lnk
[2012/10/13 16:11:59 | 000,002,017 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2012/10/13 16:11:59 | 000,002,017 | ---- | C] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2012/10/13 16:03:35 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/10/13 16:00:09 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012/10/13 15:59:49 | 000,001,230 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/10/13 15:59:30 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012/10/13 15:27:22 | 000,002,243 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/10/13 15:27:22 | 000,002,227 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/13 15:19:55 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/13 14:37:26 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/13 14:20:34 | 000,185,284 | ---- | C] () -- C:\MGlogs.zip
[2012/10/13 14:20:16 | 001,674,318 | ---- | C] () -- C:\MGtools.exe
[2012/10/12 20:27:48 | 000,002,495 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk
[2012/10/12 20:27:48 | 000,002,044 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 1942.lnk
[2012/10/12 20:27:48 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\WorkForce 845 User's Guide.lnk
[2012/10/12 20:27:48 | 000,002,000 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2012/10/12 20:27:48 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2012/10/12 20:27:48 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/10/12 20:27:48 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Easy Transfer 7.lnk
[2012/10/12 20:27:48 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/10/12 20:27:48 | 000,001,675 | ---- | C] () -- C:\Users\Public\Desktop\TroopMaster.LNK
[2012/10/12 20:27:48 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/10/12 20:27:48 | 000,001,493 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
[2012/10/12 20:27:48 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/10/12 20:27:48 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/10/12 20:27:48 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/10/12 20:27:48 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/10/12 20:27:48 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk
[2012/10/12 20:27:48 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012/10/12 20:27:48 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2012/10/12 20:27:47 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/10/12 20:27:46 | 000,001,470 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
[2012/10/12 20:27:45 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/10/12 20:27:45 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/10/12 20:27:45 | 000,001,731 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Registration.lnk
[2012/10/12 20:27:45 | 000,001,711 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Assist.lnk
[2012/10/12 20:27:45 | 000,000,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2012/10/12 19:06:06 | 000,035,944 | ---- | C] () -- C:\Windows\System32\.crusader
[2012/10/12 19:00:55 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/10/12 18:05:56 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/11 23:47:01 | 000,000,176 | ---- | C] () -- C:\ProgramData\-fiThxK8bHjNXE6r
[2012/10/11 23:47:01 | 000,000,168 | ---- | C] () -- C:\ProgramData\-fiThxK8bHjNXE6
[2012/09/17 16:22:20 | 001,321,629 | ---- | C] () -- C:\Users\Owner\Documents\9-17-2012.jpg
[2012/04/09 17:40:27 | 000,000,090 | ---- | C] () -- C:\Windows\EWF845.ini
[2011/12/22 00:06:11 | 000,002,427 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011/08/29 19:25:22 | 000,002,309 | ---- | C] () -- C:\Users\Owner\ADVS0359.CSV
[2011/03/11 11:25:21 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/08/29 22:08:36 | 000,022,062 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Comma Separated Values (Windows).ADR
[2009/12/03 21:39:17 | 000,007,624 | ---- | C] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg
[2009/11/26 04:53:53 | 000,016,896 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/22 15:13:59 | 000,781,312 | -HS- | C] () -- C:\Users\Owner\ehthumbs_vista.db

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/11/25 00:40:14 | 000,000,000 | ---D | M] -- C:\Users\Experience\AppData\Roaming\Acer
[2009/11/25 00:40:14 | 000,000,000 | ---D | M] -- C:\Users\Experience\AppData\Roaming\Leadertech
[2012/08/23 17:56:44 | 000,000,000 | ---D | M] -- C:\Users\garrett lenamond\AppData\Roaming\Acer
[2012/08/23 17:56:42 | 000,000,000 | ---D | M] -- C:\Users\garrett lenamond\AppData\Roaming\Epson
[2012/08/31 06:39:46 | 000,000,000 | ---D | M] -- C:\Users\garrett lenamond\AppData\Roaming\ICAClient
[2012/08/23 17:56:43 | 000,000,000 | ---D | M] -- C:\Users\garrett lenamond\AppData\Roaming\Leadertech
[2009/11/25 00:50:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Acer
[2009/11/26 13:14:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Avocent AdminWorks
[2012/08/12 15:20:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/19 21:59:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Epson
[2012/08/30 18:54:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ICAClient
[2012/09/07 19:38:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Image Zone Express
[2012/10/13 16:29:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IObit
[2009/11/25 00:50:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2012/09/07 19:38:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Printer Info Cache

========== Purity Check ==========



< End of report >
OTL Extras logfile created on: 10/14/2012 10:43:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 64.70% Memory free
5.50 Gb Paging File | 4.23 Gb Available in Paging File | 76.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 145.80 Gb Total Space | 73.70 Gb Free Space | 50.55% Space Free | Partition Type: NTFS
Drive D: | 145.44 Gb Total Space | 144.87 Gb Free Space | 99.61% Space Free | Partition Type: NTFS

Computer Name: NRMTJ3JB7 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1904182780-2584462688-3666631873-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{E10991E5-2AF1-48BE-BD3F-6BD33011E21B}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{060450F6-A27B-4807-8B5C-A06F819B57CF}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{007C5268-FB1C-49B9-A5E7-37D66DE46B9C}" = Online Plug-in
"{0414F6AB-EAE7-44F8-8A32-5AD9629BC8EE}" = GeekBuddy
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2DE9C112-2482-4D27-AA90-1504DFD9F117}" = Citrix Authentication Manager
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer Picture Slide DVD
"{44715246-18E9-4EDF-AA03-94E4B4F80EA8}" = Download Navigator
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B360FD5-D497-46E2-9488-C6B649871662}" = Epson E-Web Print
"{4FB600F5-C478-4DF7-A2BC-57D3807BAC91}" = BPDSoftware_Ini
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EC50898-E24A-4C0C-A1F2-A71A8DBF291F}" = Citrix Receiver Inside
"{8F968232-15C6-4872-84C2-9FCDAA1AEAB6}" = MPM
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0791198-3F0C-4FB4-870C-5734C4CB5F16}" = Citrix Receiver(USB)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer Zone SoftDMA
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{B03954CC-E130-4E57-BC83-869978685902}" = LG United Mobile Drivers
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer Zone MakeDisk
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B48A3CE4-2F1E-45EF-841A-C0A3C407EB0F}" = Self-service Plug-in
"{B4D8A5FE-83C9-44AB-88C7-9AB30EFE482A}" = Citrix Receiver(Aero)
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}" = EPSON Printer Finder
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C7C7FA4B-40FF-4B4E-A566-1ABF8FAC38BB}" = Citrix Receiver (HDX Flash Redirection)
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D777101F-1708-46ED-916E-3BE885F78F55}" = Citrix Receiver(DV)
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E142615E-5ED8-4511-9BF0-0284BFA25766}" = ArcSoft PhotoImpression
"{E62381A7-B1C1-4121-8262-84D38C77786C}" = COMODO Internet Security
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Zone Main Page
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer Plug and Record
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer Zone MagicDirector
"{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}" = Epson Event Manager
"{FB9C1550-C380-11E0-6784-0B93E74E18BE}" = TroopMaster
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Ask Toolbar_is1" = Ask Toolbar
"avast" = avast! Free Antivirus
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"Comodo Dragon" = Comodo Dragon
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 845 Series" = EPSON WorkForce 845 Series Printer Uninstall
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HitmanPro36" = HitmanPro 3.6
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SpywareBlaster_is1" = SpywareBlaster 4.6
"SystemRequirementsLab" = System Requirements Lab
"TroopMaster 2010" = TroopMaster 2010
"Uninstall_is1" = Uninstall 1.0.0.1
"Vivitar Experience Image Manager" = Vivitar Experience Image Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
"Zune" = Zune

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/13/2012 5:05:59 PM | Computer Name = NRMTJ3JB7 | Source = Windows Search Service | ID = 9002
Description =

Error - 10/13/2012 5:05:59 PM | Computer Name = NRMTJ3JB7 | Source = Windows Search Service | ID = 3029
Description =

Error - 10/13/2012 5:06:03 PM | Computer Name = NRMTJ3JB7 | Source = Windows Search Service | ID = 3029
Description =

Error - 10/13/2012 5:06:03 PM | Computer Name = NRMTJ3JB7 | Source = Windows Search Service | ID = 3028
Description =

Error - 10/13/2012 5:06:03 PM | Computer Name = NRMTJ3JB7 | Source = Windows Search Service | ID = 3058
Description =

Error - 10/13/2012 5:06:03 PM | Computer Name = NRMTJ3JB7 | Source = Windows Search Service | ID = 7010
Description =

Error - 10/14/2012 1:30:01 AM | Computer Name = NRMTJ3JB7 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\EPSON Software\Download
Navigator\Resource01\E_UPBW01.EXE". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/14/2012 1:31:49 AM | Computer Name = NRMTJ3JB7 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 10/14/2012 1:34:29 AM | Computer Name = NRMTJ3JB7 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 10/14/2012 7:50:24 PM | Computer Name = NRMTJ3JB7 | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16450 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: bb8 Start
Time: 01cdaa6643f34558 Termination Time: 40 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: e64b63a9-1659-11e2-9730-0019216b9a41

Error - 10/14/2012 8:41:38 PM | Computer Name = NRMTJ3JB7 | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16450 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 155c Start
Time: 01cdaa6c962d4ae8 Termination Time: 40 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: 11172ef9-1661-11e2-9730-0019216b9a41

[ Media Center Events ]
Error - 12/22/2007 3:20:11 PM | Computer Name = NRMTJ3JB7 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/1/2008 11:21:04 PM | Computer Name = NRMTJ3JB7 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/17/2008 7:16:09 PM | Computer Name = NRMTJ3JB7 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/26/2008 12:46:55 PM | Computer Name = NRMTJ3JB7 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/31/2008 2:21:51 AM | Computer Name = NRMTJ3JB7 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/6/2008 7:51:48 PM | Computer Name = NRMTJ3JB7 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 3/3/2009 10:36:18 PM | Computer Name = NRMTJ3JB7 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/9/2009 7:31:26 PM | Computer Name = NRMTJ3JB7 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/9/2009 9:38:26 PM | Computer Name = NRMTJ3JB7 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 4:39:07 PM | Computer Name = NRMTJ3JB7 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 5/22/2009 10:58:51 AM | Computer Name = NRMTJ3JB7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 57736
seconds with 1500 seconds of active time. This session ended with a crash.

Error - 6/18/2009 6:35:57 PM | Computer Name = NRMTJ3JB7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 97853
seconds with 540 seconds of active time. This session ended with a crash.

Error - 7/11/2009 8:54:20 AM | Computer Name = NRMTJ3JB7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 39213
seconds with 2160 seconds of active time. This session ended with a crash.

Error - 10/13/2009 9:06:37 PM | Computer Name = NRMTJ3JB7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 163921
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/3/2009 6:06:23 PM | Computer Name = NRMTJ3JB7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6245
seconds with 960 seconds of active time. This session ended with a crash.

Error - 1/4/2010 11:27:22 PM | Computer Name = NRMTJ3JB7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2430
seconds with 60 seconds of active time. This session ended with a crash.

Error - 2/11/2010 4:51:24 PM | Computer Name = NRMTJ3JB7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 41417
seconds with 120 seconds of active time. This session ended with a crash.

Error - 3/25/2010 6:55:22 PM | Computer Name = NRMTJ3JB7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 93744
seconds with 240 seconds of active time. This session ended with a crash.

Error - 9/1/2010 6:57:00 PM | Computer Name = NRMTJ3JB7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 1005
seconds with 900 seconds of active time. This session ended with a crash.

Error - 4/19/2012 2:11:31 PM | Computer Name = NRMTJ3JB7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18002
seconds with 1620 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/14/2012 10:37:18 PM | Computer Name = NRMTJ3JB7 | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/14/2012 10:43:19 PM | Computer Name = NRMTJ3JB7 | Source = Application Popup | ID = 875
Description = Driver UBHelper.SYS has been blocked from loading.

Error - 10/14/2012 10:43:34 PM | Computer Name = NRMTJ3JB7 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:41:55 PM on ?10/?14/?2012 was unexpected.

Error - 10/14/2012 10:43:45 PM | Computer Name = NRMTJ3JB7 | Source = Service Control Manager | ID = 7000
Description = The netlimiter service failed to start due to the following error:
%%2

Error - 10/14/2012 10:43:45 PM | Computer Name = NRMTJ3JB7 | Source = Service Control Manager | ID = 7000
Description = The osaio service failed to start due to the following error: %%2

Error - 10/14/2012 10:43:54 PM | Computer Name = NRMTJ3JB7 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
UBHelper

Error - 10/14/2012 10:56:16 PM | Computer Name = NRMTJ3JB7 | Source = Application Popup | ID = 875
Description = Driver UBHelper.SYS has been blocked from loading.

Error - 10/14/2012 10:56:39 PM | Computer Name = NRMTJ3JB7 | Source = Service Control Manager | ID = 7000
Description = The netlimiter service failed to start due to the following error:
%%2

Error - 10/14/2012 10:56:39 PM | Computer Name = NRMTJ3JB7 | Source = Service Control Manager | ID = 7000
Description = The osaio service failed to start due to the following error: %%2

Error - 10/14/2012 10:56:57 PM | Computer Name = NRMTJ3JB7 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
UBHelper


< End of report >
 
Should I turn off the windows firewall since I am using the Comodo firewall?
Click to expand...
Yes.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
IE - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
[2011/12/05 23:02:29 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O15 - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\..Trusted Domains: tmfhs.org ([tmfremote] http in Trusted sites)
O15 - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\..Trusted Domains: tmfhs.org ([tmfremote] https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both


:Services

:Reg

:Files
C:\Program Files\AskBarDis

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

==================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Here are the results from the OTL. I am running other scans now will post when I get results.

All processes killed
========== OTL ==========
Service SBSDWSCService stopped successfully!
Service SBSDWSCService deleted successfully!
File C:\Program Files\Spybot not found.
Registry value HKEY_USERS\S-1-5-21-1904182780-2584462688-3666631873-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Folder C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry key HKEY_USERS\S-1-5-21-1904182780-2584462688-3666631873-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tmfhs.org\tmfremote\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1904182780-2584462688-3666631873-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tmfhs.org\tmfremote\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
C:\Windows\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Program Files\AskBarDis not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Experience
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: garrett lenamond
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 24207388 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1516 bytes

User: Owner
->Temp folder emptied: 731012 bytes
->Temporary Internet Files folder emptied: 9476563 bytes
->Java cache emptied: 2656214 bytes
->Google Chrome cache emptied: 13425619 bytes
->Flash cache emptied: 1960936 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7280 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 50.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Experience

User: garrett lenamond
->Java cache emptied: 0 bytes

User: Owner
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Experience

User: garrett lenamond
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10142012_232203

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ZJZB9ZF\us_yahoo_com[1].htm moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Here are the other scan results

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.6
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.0.1400
CCleaner
Java 7 Update 7
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Comodo Firewall cmdagent.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 07-10-2012
Ran by Owner (administrator) on 14-10-2012 at 23:38:16
Running from "C:\Users\Owner\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Destination is offline
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-09-11 16:11] - [2012-08-22 12:16] - 1292144 ____A (Microsoft Corporation) A5EBB8F648000E88B7D9390B514976BF

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-10-10 01:04] - [2012-06-01 23:36] - 0140288 ____A (Microsoft Corporation) 96C0E38905CFD788313BE8E11DAE3F2F

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

# AdwCleaner v2.005 - Logfile created 10/14/2012 at 23:41:21
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Owner - NRMTJ3JB7
# Boot Mode : Normal
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2050 octets] - [14/10/2012 23:41:21]

########## EOF - C:\AdwCleaner[S1].txt - [2110 octets] ##########
 
The eset online scan took forever and no log was made. The computer seems to be working well. Am I all done? I will check back after work. Thanks.
 
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

============================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

13. Please, let me know, how your computer is doing.
 
Here is the OTL log. I'm still working on the rest and will let you know when I finish.

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Experience
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: garrett lenamond
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 315644 bytes
->Temporary Internet Files folder emptied: 266746935 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 251227515 bytes
->Flash cache emptied: 1430 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31456 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 494.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Experience

User: garrett lenamond
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Experience

User: garrett lenamond
->Java cache emptied: 0 bytes

User: Owner
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 10162012_210108

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
The computer seems to be running fine. I only had one glitch when my outlook express kept sending and email over and over. The recipient received 90+ copies of the same email. I truly appreciate all of your help. I do not know what I would have done without it. Thanks again.
 
You must log in or register to reply here.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back