File recovery virus -- Zeroaccess (max++)

Solved
By Grady Lenamond
Oct 14, 2012
  1. Hello, I am looking for help to repair my computer. I am running Windows 7 32 bit. It started a couple of days ago. The majority of my information was hidden and I was recieving alerts from file recovery. I followed a plan outlined on majorgeeks.com. Recieved zeroaccess (max++) warning from roguekiller. After completing plan I reran scans and they were not finding anything and things seemed fine. I then downloaded Avasti, Comodo firewall, and spywareblaster to help protect my computer. Today I am having problems with homegroup networking ( after changing settings they revert back to previous settings) and I cannot access the windows firewall to make sure disabled. The requested logs follow.

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org
    Database version: v2012.10.12.08
    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Owner :: NRMTJ3JB7 [administrator]
    10/14/2012 4:17:34 PM
    mbam-log-2012-10-14 (16-17-34).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 245855
    Time elapsed: 7 minute(s), 25 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
    ---------------------------------------------------------------------------------------------------------------------------
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-10-14 17:04:59
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000063 Hitachi_ rev.V54O
    Running: en3g5rd1.exe; Driver: C:\Users\Owner\AppData\Local\Temp\axriqpow.sys

    ---- Disk sectors - GMER 1.0.15 ----
    Disk \Device\Harddisk0\DR0 MBR read error
    Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0
    ---- System - GMER 1.0.15 ----
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x925DF966]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
    ---- Devices - GMER 1.0.15 ----
    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    ---- EOF - GMER 1.0.15 ----
    DDS (Ver_2012-10-14.05) - NTFS_x86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
    Run by Owner at 17:16:35 on 2012-10-14
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2816.1336 [GMT -5:00]
    .
    AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
    SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files\Common Files\Comodo\launcher_service.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\CSHelper.exe
    C:\Program Files\Comodo\Dragon\dragon_updater.exe
    C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
    C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Windows\System32\SysMonitor.exe
    C:\Program Files\microsoft office\Office12\GrooveMonitor.exe
    C:\Program Files\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
    C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Citrix\ICA Client\concentr.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
    C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHSA.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Comodo\GeekBuddy\unit.exe
    C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
    C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    C:\Program Files\Zune\ZuneNss.exe
    C:\Program Files\Citrix\ICA Client\redirector.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://us.yahoo.com?fr=fp-comodo
    uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = hxxp://en.us.acer.yahoo.com
    mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - c:\program files\epson software\e-web print\ewps_tb.dll
    BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
    BHO: CtxIEInterceptorBHO Class: {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - c:\program files\citrix\ica client\IEInterceptor.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\windows\system32\ActiveToolBand.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll
    TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll
    TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
    TB: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - c:\program files\epson software\e-web print\ewps_tb.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    EB: E-Web Print: {A60C1DC7-64B3-4AD9-8E67-035D11B8B2B0} - c:\program files\epson software\e-web print\ewps_tb.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [RunSpySweeperScheduleAtStartup] "c:\windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{07A768E9-DA59-44AC-9026-2542CD1479CD}
    uRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
    uRun: [EPLTarget\P0000000000000000] c:\windows\system32\spool\drivers\w32x86\3\e_tatihsa.exe /ept "epltarget\P0000000000000000" /M "WorkForce 845"
    mRun: [eDataSecurity Loader] "c:\acer\empowering technology\edatasecurity\eDSloader.exe"
    mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
    mRun: [Acer Empowering Technology Monitor] c:\windows\system32\SysMonitor.exe
    mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
    mRun: [FUFAXRCV] "c:\program files\epson software\fax utility\FUFAXRCV.exe"
    mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    mRun: [tvncontrol] "c:\program files\common files\comodo\GeekBuddyRSP.exe" -controlservice -slave
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRunOnce: [*CA] "c:\program files\comodo\geekbuddy\launcher.exe" "unit_manager.exe" "lps-ca"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\startg~1.lnk - c:\program files\comodo\geekbuddy\launcher.exe
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    TCP: NameServer = 208.180.42.68 208.180.42.100
    TCP: Interfaces\{49C3B646-9DDD-48CC-9F72-73B8A4DFDF00} : NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{49C3B646-9DDD-48CC-9F72-73B8A4DFDF00} : DHCPNameServer = 208.180.42.68 208.180.42.100
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: DfLogon - LogonDll.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-13 729752]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-13 355632]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-10-5 494416]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-10-5 36072]
    R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2012-2-14 67960]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-13 21256]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-13 58680]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-10-13 44808]
    R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\common files\comodo\launcher_service.exe [2012-10-5 70352]
    R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-9-1 266240]
    R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\comodo\dragon\dragon_updater.exe [2012-10-11 1853584]
    R2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\common files\epson\epw!3 ssrp\E_JT50RP.EXE [2012-4-9 130944]
    R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600]
    R2 GeekBuddyRSP;GeekBuddy Remote Screen Protocol;c:\program files\common files\comodo\GeekBuddyRSP.exe [2012-9-28 1815040]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-8-17 239648]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-27 135664]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-10-13 1153368]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-27 135664]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-6 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-6 1343400]
    .
    =============== Created Last 30 ================
    .
    2012-10-13 23:51:55 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-10-13 23:51:33 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-10-13 23:24:43 -------- d-----w- c:\program files\SpywareBlaster
    2012-10-13 22:08:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-10-13 22:08:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2012-10-13 21:29:15 -------- d-----w- c:\users\owner\appdata\roaming\IObit
    2012-10-13 21:29:08 -------- d-----w- c:\program files\IObit
    2012-10-13 21:11:55 -------- d-----w- c:\program files\common files\Comodo
    2012-10-13 21:11:46 -------- d-----w- c:\programdata\CPA_VA
    2012-10-13 20:59:49 -------- d-----w- c:\programdata\Comodo
    2012-10-13 20:59:30 -------- d-----w- c:\users\owner\appdata\local\Comodo
    2012-10-13 20:59:24 45320 ----a-w- c:\windows\system32\certsentry.dll
    2012-10-13 20:59:15 -------- d-----w- c:\program files\Comodo
    2012-10-13 20:19:52 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-10-13 20:19:50 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-10-13 20:19:46 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-10-13 20:18:59 41224 ----a-w- c:\windows\avastSS.scr
    2012-10-13 20:18:47 -------- d-----w- c:\programdata\AVAST Software
    2012-10-13 20:18:47 -------- d-----w- c:\program files\AVAST Software
    2012-10-13 19:37:25 -------- d-----w- c:\program files\CCleaner
    2012-10-13 19:20:33 -------- d-----w- C:\MGtools
    2012-10-13 19:20:16 1674318 ----a-w- C:\MGtools.exe
    2012-10-13 19:14:57 12872 ----a-w- c:\windows\system32\bootdelete.exe
    2012-10-13 05:07:15 -------- d-----w- c:\programdata\NtiDvdCopy
    2012-10-13 00:00:55 -------- d-----w- c:\program files\HitmanPro
    2012-10-13 00:00:17 -------- d-----w- c:\programdata\HitmanPro
    2012-10-12 23:09:20 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-10-12 23:06:29 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
    2012-10-12 23:05:55 -------- d-----w- c:\programdata\Malwarebytes
    2012-10-12 23:05:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-10-10 06:03:56 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-10-10 06:03:56 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-10-10 06:03:55 542208 ----a-w- c:\windows\system32\kerberos.dll
    2012-10-09 10:49:55 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bf0bef09-2023-4c2d-bab6-9c37d7d05a70}\mpengine.dll
    2012-10-05 06:32:34 494416 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2012-10-05 06:32:34 36072 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2012-10-05 06:32:32 19632 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2012-10-05 06:32:14 34024 ----a-w- c:\windows\system32\cmdcsr.dll
    2012-10-05 06:32:12 301264 ----a-w- c:\windows\system32\guard32.dll
    2012-09-26 12:40:07 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    .
    ==================== Find3M ====================
    .
    2012-10-13 23:51:19 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-08-31 17:18:09 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2012-08-24 16:57:48 172544 ----a-w- c:\windows\system32\wintrust.dll
    2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll
    2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll
    2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe
    2012-08-20 15:33:28 6144 ----a-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 15:33:28 4608 ----a-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 15:33:28 3584 ----a-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 15:33:28 3072 ----a-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-08-02 16:57:20 490496 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 17:16:50.08 ===============
  2. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================

    I still need Attach.txt part of DDS.
  3. Grady Lenamond

    Grady Lenamond Newcomer, in training Topic Starter

    DDS only gave me 1 log when I ran it. And thanks for your help with this.
  4. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Re-run it.
  5. Grady Lenamond

    Grady Lenamond Newcomer, in training Topic Starter

    Sorry about that. I had to check the box for that one.

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-10-14.05)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/25/2009 12:18:47 AM
    System Uptime: 10/14/2012 1:40:34 PM (5 hours ago)
    .
    Motherboard: Acer | | EM61SM/EM61PM
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket M2 | 2200/201mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 146 GiB total, 73.733 GiB free.
    D: is FIXED (NTFS) - 145 GiB total, 144.473 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: netlimiter
    Device ID: ROOT\LEGACY_NETLIMITER\0000
    Manufacturer:
    Name: netlimiter
    PNP Device ID: ROOT\LEGACY_NETLIMITER\0000
    Service: netlimiter
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: SM/xD-Picture
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.00#20021111153705700&1#
    Manufacturer: Generic-
    Name: G:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.00#20021111153705700&1#
    Service: WUDFRd
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: Storage
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_EPSON&PROD_STORAGE&REV_1.00#7&B532571&0&504B46593036363290&0#
    Manufacturer: EPSON
    Name: J:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_EPSON&PROD_STORAGE&REV_1.00#7&B532571&0&504B46593036363290&0#
    Service: WUDFRd
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: Compact Flash
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#20021111153705700&0#
    Manufacturer: Generic-
    Name: F:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#20021111153705700&0#
    Service: WUDFRd
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: osaio
    Device ID: ROOT\LEGACY_OSAIO\0000
    Manufacturer:
    Name: osaio
    PNP Device ID: ROOT\LEGACY_OSAIO\0000
    Service: osaio
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: MS/MS-Pro
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.00#20021111153705700&3#
    Manufacturer: Generic-
    Name: I:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.00#20021111153705700&3#
    Service: WUDFRd
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: UBHelper
    Device ID: ROOT\LEGACY_UBHELPER\0000
    Manufacturer:
    Name: UBHelper
    PNP Device ID: ROOT\LEGACY_UBHELPER\0000
    Service: UBHelper
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: SD/MMC
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20021111153705700&2#
    Manufacturer: Generic-
    Name: H:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20021111153705700&2#
    Service: WUDFRd
    .
    ==== System Restore Points ===================
    .
    RP247: 10/9/2012 5:49:30 AM - Windows Update
    RP248: 10/10/2012 3:00:22 AM - Windows Update
    RP249: 10/13/2012 12:30:15 PM - Removed HP Photosmart Essential
    RP250: 10/13/2012 3:18:34 PM - avast! Free Antivirus Setup
    RP251: 10/13/2012 4:01:49 PM - Device Driver Package Install: COMODO Network Service
    RP252: 10/13/2012 6:40:05 PM - Removed Java(TM) 6 Update 2
    RP253: 10/13/2012 6:41:18 PM - Removed Java(TM) 6 Update 5
    RP254: 10/13/2012 6:41:45 PM - Removed Java(TM) 6 Update 5
    RP255: 10/13/2012 6:42:35 PM - Removed Java(TM) 6 Update 30
    RP256: 10/13/2012 6:51:02 PM - Installed Java 7 Update 7
    RP257: 10/14/2012 2:03:17 PM - Installed Microsoft Fix it 50123
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    32 Bit HP CIO Components Installer
    Acer Assist
    Acer eDataSecurity Management
    Acer Empowering Technology
    Acer ePerformance Management
    Acer Picture Slide DVD
    Acer Plug and Record
    Acer Registration
    Acer ScreenSaver
    Acer Tour
    Acer Zone MagicDirector
    Acer Zone Main Page
    Acer Zone MakeDisk
    Acer Zone SoftDMA
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.5.2
    Adobe Shockwave Player 11.6
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft PhotoImpression
    Ask Toolbar
    avast! Free Antivirus
    Battlefield 1942
    Bonjour
    BPD_Scan
    BPDSoftware_Ini
    Canon MOV Decoder
    Canon MOV Encoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities RemoteCapture DC
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    CCleaner
    Citrix Authentication Manager
    Citrix Receiver
    Citrix Receiver (HDX Flash Redirection)
    Citrix Receiver Inside
    Citrix Receiver(Aero)
    Citrix Receiver(DV)
    Citrix Receiver(USB)
    Comodo Dragon
    COMODO Internet Security
    Download Navigator
    Epson Connect
    Epson Connect Printer Setup
    Epson Customer Participation
    Epson E-Web Print
    Epson Event Manager
    Epson FAX Utility
    Epson PC-FAX Driver
    EPSON Printer Finder
    EPSON Printer Software
    EPSON Scan
    EPSON WorkForce 845 Series Printer Uninstall
    ffdshow [rev 2527] [2008-12-19]
    GeekBuddy
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    HitmanPro 3.6
    HP Update
    HPSSupply
    iTunes
    Java 7 Update 7
    Java Auto Updater
    LG United Mobile Drivers
    LightScribe 1.4.124.1
    Logitech Harmony Remote Software
    Logitech Harmony Remote Software 7
    Malwarebytes Anti-Malware version 1.65.0.1400
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Easy Assist v2
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MPM
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Netflix Movie Viewer
    NTI CD & DVD-Maker
    NVIDIA Drivers
    NVIDIA Stereoscopic 3D Driver
    OGA Notifier 2.0.0048.0
    Online Plug-in
    QuickTime
    Realtek High Definition Audio Driver
    Remote Control USB Driver
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
    Self-service Plug-in
    Spybot - Search & Destroy
    SpywareBlaster 4.6
    swMSM
    System Requirements Lab
    TroopMaster
    TroopMaster 2010
    Uninstall 1.0.0.1
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Vivitar Experience Image Manager
    Windows 7 Upgrade Advisor
    Windows Movie Maker 2.6
    Zune
    Zune Language Pack (ES)
    Zune Language Pack (FR)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/9/2012 5:50:37 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user NRMTJ3JB7\Owner SID (S-1-5-21-1904182780-2584462688-3666631873-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    10/9/2012 5:50:13 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user NRMTJ3JB7\Owner SID (S-1-5-21-1904182780-2584462688-3666631873-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    10/9/2012 5:50:13 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user NRMTJ3JB7\Owner SID (S-1-5-21-1904182780-2584462688-3666631873-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    10/14/2012 5:37:39 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    10/14/2012 5:37:39 PM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.
    10/14/2012 5:37:39 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
    10/14/2012 5:18:34 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    10/14/2012 1:41:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: UBHelper
    10/14/2012 1:41:15 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
    10/14/2012 1:41:15 PM, Error: Service Control Manager [7000] - The osaio service failed to start due to the following error: The system cannot find the file specified.
    10/14/2012 1:41:13 PM, Error: Service Control Manager [7000] - The netlimiter service failed to start due to the following error: The system cannot find the file specified.
    10/14/2012 1:41:12 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
    10/14/2012 1:40:35 PM, Error: Application Popup [875] - Driver UBHelper.SYS has been blocked from loading.
    10/14/2012 1:17:24 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    10/13/2012 4:30:49 PM, Error: Service Control Manager [7000] - The UrlFilter service failed to start due to the following error: There are no more endpoints available from the endpoint mapper.
    10/13/2012 4:06:04 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    10/13/2012 4:06:04 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    10/12/2012 7:09:18 PM, Error: Service Control Manager [7024] - The HitmanPro 3.6 Crusader (Boot) service terminated with service-specific error The operation completed successfully..
    10/12/2012 7:09:14 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
    10/12/2012 7:07:52 PM, Error: Service Control Manager [7000] - The Trend Micro WFP Callout Driver service failed to start due to the following error: There are no more endpoints available from the endpoint mapper.
    10/12/2012 7:07:52 PM, Error: Service Control Manager [7000] - The tmcomm service failed to start due to the following error: The revision level is unknown.
    10/12/2012 7:07:52 PM, Error: Service Control Manager [7000] - The 5762 service failed to start due to the following error: The system cannot find the file specified.
    10/12/2012 6:05:19 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    10/12/2012 6:03:35 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    10/12/2012 5:32:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    10/12/2012 5:32:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    10/12/2012 5:31:56 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    10/12/2012 5:30:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    10/12/2012 5:30:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/12/2012 5:30:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/12/2012 5:30:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    10/12/2012 5:29:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ctxusbm discache spldr tmtdi UBHelper Wanarpv6
    10/12/2012 5:29:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
    10/11/2012 11:51:21 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    10/11/2012 11:51:21 PM, Error: Service Control Manager [7038] - The TermService service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    10/11/2012 11:51:21 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    10/11/2012 11:51:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    10/11/2012 11:51:21 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/11/2012 11:51:21 PM, Error: Service Control Manager [7000] - The Remote Desktop Services service failed to start due to the following error: The service did not start due to a logon failure.
    10/11/2012 11:51:21 PM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.
    10/11/2012 11:51:21 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
    10/11/2012 11:51:21 PM, Error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: A system shutdown is in progress.
    10/11/2012 11:51:21 PM, Error: Service Control Manager [7000] - The Human Interface Device Access service failed to start due to the following error: A system shutdown is in progress.
    10/11/2012 11:51:21 PM, Error: Service Control Manager [7000] - The hpqcxs08 service failed to start due to the following error: A system shutdown is in progress.
    10/11/2012 11:51:21 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
    .
    ==== End Of File ===========================
  6. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    =====================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ==============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  7. Grady Lenamond

    Grady Lenamond Newcomer, in training Topic Starter

    While I was getting the text to paste I noticed in the C drive that the folder labeled documents and settings is locked and when I try to access it I get a message that I am not authorized. The requested logs follow.

    18:34:45.0405 2320 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    18:34:45.0795 2320 ============================================================
    18:34:45.0795 2320 Current date / time: 2012/10/14 18:34:45.0795
    18:34:45.0795 2320 SystemInfo:
    18:34:45.0795 2320
    18:34:45.0795 2320 OS Version: 6.1.7601 ServicePack: 1.0
    18:34:45.0795 2320 Product type: Workstation
    18:34:45.0795 2320 ComputerName: NRMTJ3JB7
    18:34:45.0795 2320 UserName: Owner
    18:34:45.0795 2320 Windows directory: C:\Windows
    18:34:45.0795 2320 System windows directory: C:\Windows
    18:34:45.0795 2320 Processor architecture: Intel x86
    18:34:45.0795 2320 Number of processors: 2
    18:34:45.0795 2320 Page size: 0x1000
    18:34:45.0795 2320 Boot type: Normal boot
    18:34:45.0795 2320 ============================================================
    18:34:46.0665 2320 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    18:34:46.0835 2320 ============================================================
    18:34:46.0835 2320 \Device\Harddisk0\DR0:
    18:34:46.0835 2320 MBR partitions:
    18:34:46.0835 2320 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0xDAA87C, BlocksNum 0x12399B19
    18:34:46.0835 2320 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13144395, BlocksNum 0x122E2F1B
    18:34:46.0835 2320 ============================================================
    18:34:46.0855 2320 C: <-> \Device\Harddisk0\DR0\Partition1
    18:34:46.0895 2320 D: <-> \Device\Harddisk0\DR0\Partition2
    18:34:46.0895 2320 ============================================================
    18:34:46.0895 2320 Initialize success
    18:34:46.0895 2320 ============================================================
    18:34:51.0132 5552 ============================================================
    18:34:51.0132 5552 Scan started
    18:34:51.0132 5552 Mode: Manual;
    18:34:51.0132 5552 ============================================================
    18:34:52.0527 5552 ================ Scan system memory ========================
    18:34:52.0527 5552 System memory - ok
    18:34:52.0527 5552 ================ Scan services =============================
    18:34:52.0683 5552 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    18:34:52.0683 5552 1394ohci - ok
    18:34:52.0730 5552 [ 23A1768E026A0FE499363E60151939B7 ] AcerMemUsageCheckService C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    18:34:52.0746 5552 AcerMemUsageCheckService - ok
    18:34:52.0777 5552 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    18:34:52.0792 5552 ACPI - ok
    18:34:52.0824 5552 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    18:34:52.0824 5552 AcpiPmi - ok
    18:34:52.0870 5552 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    18:34:52.0886 5552 adp94xx - ok
    18:34:52.0917 5552 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    18:34:52.0933 5552 adpahci - ok
    18:34:52.0948 5552 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    18:34:52.0948 5552 adpu320 - ok
    18:34:52.0995 5552 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    18:34:52.0995 5552 AeLookupSvc - ok
    18:34:53.0042 5552 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
    18:34:53.0042 5552 AFD - ok
    18:34:53.0073 5552 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
    18:34:53.0089 5552 agp440 - ok
    18:34:53.0120 5552 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
    18:34:53.0136 5552 aic78xx - ok
    18:34:53.0167 5552 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
    18:34:53.0167 5552 ALG - ok
    18:34:53.0198 5552 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
    18:34:53.0198 5552 aliide - ok
    18:34:53.0229 5552 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    18:34:53.0229 5552 amdagp - ok
    18:34:53.0260 5552 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
    18:34:53.0260 5552 amdide - ok
    18:34:53.0307 5552 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    18:34:53.0307 5552 AmdK8 - ok
    18:34:53.0323 5552 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    18:34:53.0323 5552 AmdPPM - ok
    18:34:53.0354 5552 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
    18:34:53.0354 5552 amdsata - ok
    18:34:53.0370 5552 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    18:34:53.0370 5552 amdsbs - ok
    18:34:53.0401 5552 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    18:34:53.0401 5552 amdxata - ok
    18:34:53.0448 5552 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
    18:34:53.0448 5552 AppID - ok
    18:34:53.0479 5552 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    18:34:53.0479 5552 AppIDSvc - ok
    18:34:53.0510 5552 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
    18:34:53.0526 5552 Appinfo - ok
    18:34:53.0728 5552 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    18:34:53.0728 5552 Apple Mobile Device - ok
    18:34:53.0775 5552 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
    18:34:53.0775 5552 arc - ok
    18:34:53.0791 5552 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    18:34:53.0791 5552 arcsas - ok
    18:34:53.0853 5552 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
    18:34:53.0853 5552 aswFsBlk - ok
    18:34:53.0900 5552 [ F76E51561562AC4105DBBE53FC99BC10 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
    18:34:53.0900 5552 aswMonFlt - ok
    18:34:53.0916 5552 [ 924819669AFD0EDF5C067193D371FAB0 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
    18:34:53.0916 5552 aswRdr - ok
    18:34:53.0947 5552 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
    18:34:53.0962 5552 aswSnx - ok
    18:34:53.0978 5552 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\Windows\system32\drivers\aswSP.sys
    18:34:53.0994 5552 aswSP - ok
    18:34:54.0009 5552 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
    18:34:54.0009 5552 aswTdi - ok
    18:34:54.0040 5552 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    18:34:54.0040 5552 AsyncMac - ok
    18:34:54.0072 5552 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
    18:34:54.0087 5552 atapi - ok
    18:34:54.0134 5552 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    18:34:54.0150 5552 AudioEndpointBuilder - ok
    18:34:54.0165 5552 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
    18:34:54.0165 5552 Audiosrv - ok
    18:34:54.0212 5552 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    18:34:54.0212 5552 avast! Antivirus - ok
    18:34:54.0259 5552 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
    18:34:54.0259 5552 AxInstSV - ok
    18:34:54.0306 5552 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
    18:34:54.0306 5552 b06bdrv - ok
    18:34:54.0337 5552 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
    18:34:54.0337 5552 b57nd60x - ok
    18:34:54.0384 5552 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
    18:34:54.0384 5552 BDESVC - ok
    18:34:54.0399 5552 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
    18:34:54.0399 5552 Beep - ok
    18:34:54.0493 5552 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
    18:34:54.0493 5552 BFE - ok
    18:34:54.0524 5552 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    18:34:54.0524 5552 blbdrive - ok
    18:34:54.0602 5552 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    18:34:54.0602 5552 Bonjour Service - ok
    18:34:54.0633 5552 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    18:34:54.0633 5552 bowser - ok
    18:34:54.0664 5552 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    18:34:54.0664 5552 BrFiltLo - ok
    18:34:54.0696 5552 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    18:34:54.0696 5552 BrFiltUp - ok
    18:34:54.0727 5552 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
    18:34:54.0727 5552 Browser - ok
    18:34:54.0758 5552 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    18:34:54.0774 5552 Brserid - ok
    18:34:54.0789 5552 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    18:34:54.0789 5552 BrSerWdm - ok
    18:34:54.0805 5552 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    18:34:54.0805 5552 BrUsbMdm - ok
    18:34:54.0820 5552 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    18:34:54.0820 5552 BrUsbSer - ok
    18:34:54.0852 5552 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    18:34:54.0852 5552 BTHMODEM - ok
    18:34:54.0898 5552 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
    18:34:54.0898 5552 bthserv - ok
    18:34:54.0930 5552 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    18:34:54.0930 5552 cdfs - ok
    18:34:54.0992 5552 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    18:34:54.0992 5552 cdrom - ok
    18:34:55.0023 5552 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
    18:34:55.0023 5552 CertPropSvc - ok
    18:34:55.0054 5552 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    18:34:55.0054 5552 circlass - ok
    18:34:55.0086 5552 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
    18:34:55.0086 5552 CLFS - ok
    18:34:55.0132 5552 [ BB3FFA5E5FDC5892CE88D65AA3FEB47E ] CLPSLauncher C:\Program Files\Common Files\Comodo\launcher_service.exe
    18:34:55.0148 5552 CLPSLauncher - ok
    18:34:55.0226 5552 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:34:55.0226 5552 clr_optimization_v2.0.50727_32 - ok
    18:34:55.0273 5552 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    18:34:55.0273 5552 clr_optimization_v4.0.30319_32 - ok
    18:34:55.0304 5552 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    18:34:55.0304 5552 CmBatt - ok
    18:34:55.0413 5552 [ 33BB8CAE8C960454F8D9031FA11003EB ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    18:34:55.0429 5552 cmdAgent - ok
    18:34:55.0460 5552 [ 0698E3D45516E63B46C6A1C1B198C054 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
    18:34:55.0460 5552 cmdGuard - ok
    18:34:55.0491 5552 [ ECF6FFDEA7345A80AC524C491C02B866 ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
    18:34:55.0507 5552 cmdHlp - ok
    18:34:55.0538 5552 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    18:34:55.0538 5552 cmdide - ok
    18:34:55.0569 5552 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
    18:34:55.0569 5552 CNG - ok
    18:34:55.0600 5552 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    18:34:55.0600 5552 Compbatt - ok
    18:34:55.0647 5552 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    18:34:55.0647 5552 CompositeBus - ok
    18:34:55.0663 5552 COMSysApp - ok
    18:34:55.0694 5552 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    18:34:55.0694 5552 crcdisk - ok
    18:34:55.0741 5552 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
    18:34:55.0741 5552 CryptSvc - ok
    18:34:55.0803 5552 [ AEFB8558199BD5212B268B09BFA1D71A ] CSHelper C:\Windows\system32\CSHelper.exe
    18:34:55.0803 5552 CSHelper - ok
    18:34:55.0850 5552 [ FFC5377AA2C1A3F5B18F359F661E76C8 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
    18:34:55.0850 5552 ctxusbm - ok
    18:34:55.0897 5552 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
    18:34:55.0897 5552 DcomLaunch - ok
    18:34:55.0928 5552 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
    18:34:55.0944 5552 defragsvc - ok
    18:34:55.0990 5552 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    18:34:55.0990 5552 DfsC - ok
    18:34:56.0037 5552 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
    18:34:56.0037 5552 Dhcp - ok
    18:34:56.0068 5552 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
    18:34:56.0068 5552 discache - ok
    18:34:56.0100 5552 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
    18:34:56.0115 5552 Disk - ok
    18:34:56.0146 5552 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    18:34:56.0146 5552 Dnscache - ok
    18:34:56.0178 5552 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
    18:34:56.0178 5552 dot3svc - ok
    18:34:56.0224 5552 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
    18:34:56.0224 5552 Dot4 - ok
    18:34:56.0271 5552 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
    18:34:56.0271 5552 Dot4Print - ok
    18:34:56.0287 5552 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
    18:34:56.0287 5552 dot4usb - ok
    18:34:56.0334 5552 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
    18:34:56.0334 5552 DPS - ok
    18:34:56.0490 5552 [ 28A88BB61B6B4A352729BA22BD2D2604 ] DragonUpdater C:\Program Files\Comodo\Dragon\dragon_updater.exe
    18:34:56.0505 5552 DragonUpdater - ok
    18:34:56.0552 5552 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    18:34:56.0552 5552 drmkaud - ok
    18:34:56.0583 5552 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    18:34:56.0599 5552 DXGKrnl - ok
    18:34:56.0630 5552 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
    18:34:56.0630 5552 EapHost - ok
    18:34:56.0739 5552 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
    18:34:56.0770 5552 ebdrv - ok
    18:34:56.0800 5552 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
    18:34:56.0810 5552 EFS - ok
    18:34:56.0880 5552 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    18:34:56.0890 5552 ehRecvr - ok
    18:34:56.0920 5552 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
    18:34:56.0920 5552 ehSched - ok
    18:34:56.0970 5552 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    18:34:56.0970 5552 elxstor - ok
    18:34:57.0050 5552 [ B78436CA173FF723A1EACE5CD4900375 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
    18:34:57.0060 5552 EpsonCustomerParticipation - ok
    18:34:57.0090 5552 [ CEF06A8DF4BA42673F3297759FD62E80 ] EPSON_PM_RPCV4_05 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
    18:34:57.0090 5552 EPSON_PM_RPCV4_05 - ok
    18:34:57.0120 5552 [ F841F6ED752CC5F346039D5551931A7B ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    18:34:57.0120 5552 eRecoveryService - ok
    18:34:57.0160 5552 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
    18:34:57.0160 5552 ErrDev - ok
    18:34:57.0210 5552 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
    18:34:57.0220 5552 EventSystem - ok
    18:34:57.0250 5552 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
    18:34:57.0250 5552 exfat - ok
    18:34:57.0270 5552 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    18:34:57.0270 5552 fastfat - ok
    18:34:57.0320 5552 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
    18:34:57.0320 5552 Fax - ok
    18:34:57.0340 5552 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    18:34:57.0340 5552 fdc - ok
    18:34:57.0380 5552 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
    18:34:57.0380 5552 fdPHost - ok
    18:34:57.0400 5552 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
    18:34:57.0400 5552 FDResPub - ok
    18:34:57.0420 5552 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    18:34:57.0420 5552 FileInfo - ok
    18:34:57.0440 5552 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    18:34:57.0440 5552 Filetrace - ok
    18:34:57.0470 5552 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    18:34:57.0480 5552 flpydisk - ok
    18:34:57.0500 5552 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    18:34:57.0510 5552 FltMgr - ok
    18:34:57.0550 5552 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
    18:34:57.0570 5552 FontCache - ok
    18:34:57.0610 5552 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    18:34:57.0620 5552 FontCache3.0.0.0 - ok
    18:34:57.0640 5552 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    18:34:57.0650 5552 FsDepends - ok
    18:34:57.0670 5552 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    18:34:57.0670 5552 Fs_Rec - ok
    18:34:57.0720 5552 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    18:34:57.0720 5552 fvevol - ok
    18:34:57.0750 5552 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    18:34:57.0750 5552 gagp30kx - ok
    18:34:57.0790 5552 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    18:34:57.0790 5552 GEARAspiWDM - ok
    18:34:57.0850 5552 [ 9FB6B93950281CF67538873B32CB727E ] GeekBuddyRSP C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe
    18:34:57.0880 5552 GeekBuddyRSP - ok
    18:34:57.0920 5552 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
    18:34:57.0930 5552 gpsvc - ok
    18:34:57.0990 5552 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    18:34:57.0990 5552 gupdate - ok
    18:34:58.0011 5552 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    18:34:58.0011 5552 gupdatem - ok
    18:34:58.0041 5552 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    18:34:58.0041 5552 gusvc - ok
    18:34:58.0071 5552 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    18:34:58.0071 5552 hcw85cir - ok
    18:34:58.0101 5552 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    18:34:58.0101 5552 HDAudBus - ok
    18:34:58.0121 5552 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    18:34:58.0121 5552 HidBatt - ok
    18:34:58.0141 5552 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    18:34:58.0141 5552 HidBth - ok
    18:34:58.0161 5552 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    18:34:58.0161 5552 HidIr - ok
    18:34:58.0201 5552 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
    18:34:58.0201 5552 hidserv - ok
    18:34:58.0231 5552 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    18:34:58.0231 5552 HidUsb - ok
    18:34:58.0271 5552 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
    18:34:58.0271 5552 hkmsvc - ok
    18:34:58.0311 5552 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    18:34:58.0321 5552 HomeGroupListener - ok
    18:34:58.0361 5552 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    18:34:58.0361 5552 HomeGroupProvider - ok
    18:34:58.0401 5552 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    18:34:58.0401 5552 HpSAMD - ok
    18:34:58.0461 5552 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    18:34:58.0471 5552 HTTP - ok
    18:34:58.0501 5552 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    18:34:58.0501 5552 hwpolicy - ok
    18:34:58.0551 5552 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    18:34:58.0551 5552 i8042prt - ok
    18:34:58.0581 5552 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    18:34:58.0591 5552 iaStorV - ok
    18:34:58.0671 5552 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    18:34:58.0681 5552 idsvc - ok
    18:34:58.0731 5552 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    18:34:58.0731 5552 iirsp - ok
    18:34:58.0781 5552 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
    18:34:58.0791 5552 IKEEXT - ok
    18:34:58.0831 5552 [ D8A904B5F55C27277826BFA17271398B ] inspect C:\Windows\system32\DRIVERS\inspect.sys
    18:34:58.0831 5552 inspect - ok
    18:34:58.0861 5552 [ 9D64201C9E5AC8D1F088762BA00FF3AB ] int15 C:\Acer\Empowering Technology\eRecovery\int15.sys
    18:34:58.0861 5552 int15 - ok
    18:34:58.0941 5552 [ A47B2875680AD67B35C6150BD0203056 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
    18:34:58.0961 5552 IntcAzAudAddService - ok
    18:34:59.0001 5552 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
    18:34:59.0001 5552 intelide - ok
    18:34:59.0041 5552 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    18:34:59.0041 5552 intelppm - ok
    18:34:59.0071 5552 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    18:34:59.0081 5552 IPBusEnum - ok
    18:34:59.0091 5552 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    18:34:59.0091 5552 IpFilterDriver - ok
    18:34:59.0121 5552 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    18:34:59.0131 5552 IPMIDRV - ok
    18:34:59.0151 5552 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    18:34:59.0161 5552 IPNAT - ok
    18:34:59.0221 5552 [ 178FE38B7740F598391EB2F51AE4CCAC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    18:34:59.0241 5552 iPod Service - ok
    18:34:59.0261 5552 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
    18:34:59.0261 5552 IRENUM - ok
    18:34:59.0291 5552 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    18:34:59.0291 5552 isapnp - ok
    18:34:59.0321 5552 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    18:34:59.0331 5552 iScsiPrt - ok
    18:34:59.0371 5552 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    18:34:59.0371 5552 kbdclass - ok
    18:34:59.0411 5552 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    18:34:59.0411 5552 kbdhid - ok
    18:34:59.0431 5552 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
    18:34:59.0431 5552 KeyIso - ok
    18:34:59.0461 5552 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    18:34:59.0471 5552 KSecDD - ok
    18:34:59.0491 5552 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    18:34:59.0491 5552 KSecPkg - ok
    18:34:59.0531 5552 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
    18:34:59.0541 5552 KtmRm - ok
    18:34:59.0591 5552 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
    18:34:59.0601 5552 LanmanServer - ok
    18:34:59.0621 5552 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    18:34:59.0631 5552 LanmanWorkstation - ok
    18:34:59.0691 5552 [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    18:34:59.0691 5552 LightScribeService - ok
    18:34:59.0731 5552 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    18:34:59.0731 5552 lltdio - ok
    18:34:59.0771 5552 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    18:34:59.0781 5552 lltdsvc - ok
    18:34:59.0801 5552 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
    18:34:59.0801 5552 lmhosts - ok
    18:34:59.0831 5552 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    18:34:59.0831 5552 LSI_FC - ok
    18:34:59.0851 5552 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    18:34:59.0851 5552 LSI_SAS - ok
    18:34:59.0871 5552 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    18:34:59.0871 5552 LSI_SAS2 - ok
    18:34:59.0901 5552 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    18:34:59.0911 5552 LSI_SCSI - ok
    18:34:59.0931 5552 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
    18:34:59.0931 5552 luafv - ok
    18:34:59.0971 5552 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    18:34:59.0981 5552 Mcx2Svc - ok
    18:34:59.0991 5552 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    18:35:00.0001 5552 megasas - ok
    18:35:00.0022 5552 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    18:35:00.0022 5552 MegaSR - ok
    18:35:00.0082 5552 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
    18:35:00.0082 5552 Microsoft Office Groove Audit Service - ok
    18:35:00.0122 5552 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
    18:35:00.0122 5552 MMCSS - ok
    18:35:00.0132 5552 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
    18:35:00.0142 5552 Modem - ok
    18:35:00.0182 5552 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    18:35:00.0182 5552 monitor - ok
    18:35:00.0222 5552 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
    18:35:00.0222 5552 mouclass - ok
    18:35:00.0242 5552 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    18:35:00.0242 5552 mouhid - ok
    18:35:00.0282 5552 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    18:35:00.0292 5552 mountmgr - ok
    18:35:00.0322 5552 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
    18:35:00.0322 5552 mpio - ok
    18:35:00.0362 5552 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    18:35:00.0362 5552 mpsdrv - ok
    18:35:00.0422 5552 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
    18:35:00.0432 5552 MpsSvc - ok
    18:35:00.0472 5552 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    18:35:00.0472 5552 MRxDAV - ok
    18:35:00.0522 5552 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    18:35:00.0522 5552 mrxsmb - ok
    18:35:00.0552 5552 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    18:35:00.0552 5552 mrxsmb10 - ok
    18:35:00.0562 5552 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    18:35:00.0572 5552 mrxsmb20 - ok
    18:35:00.0602 5552 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
    18:35:00.0602 5552 msahci - ok
    18:35:00.0632 5552 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    18:35:00.0642 5552 msdsm - ok
    18:35:00.0662 5552 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
    18:35:00.0672 5552 MSDTC - ok
    18:35:00.0712 5552 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
    18:35:00.0712 5552 Msfs - ok
    18:35:00.0732 5552 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    18:35:00.0732 5552 mshidkmdf - ok
    18:35:00.0772 5552 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    18:35:00.0772 5552 msisadrv - ok
    18:35:00.0812 5552 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    18:35:00.0822 5552 MSiSCSI - ok
    18:35:00.0832 5552 msiserver - ok
    18:35:00.0868 5552 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    18:35:00.0868 5552 MSKSSRV - ok
    18:35:00.0899 5552 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    18:35:00.0899 5552 MSPCLOCK - ok
    18:35:00.0915 5552 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    18:35:00.0915 5552 MSPQM - ok
    18:35:00.0946 5552 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    18:35:00.0946 5552 MsRPC - ok
    18:35:00.0993 5552 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    18:35:00.0993 5552 mssmbios - ok
    18:35:01.0008 5552 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    18:35:01.0008 5552 MSTEE - ok
    18:35:01.0024 5552 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    18:35:01.0040 5552 MTConfig - ok
    18:35:01.0055 5552 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
    18:35:01.0055 5552 Mup - ok
    18:35:01.0102 5552 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
    18:35:01.0102 5552 napagent - ok
    18:35:01.0149 5552 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    18:35:01.0149 5552 NativeWifiP - ok
    18:35:01.0196 5552 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
    18:35:01.0211 5552 NDIS - ok
    18:35:01.0242 5552 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    18:35:01.0242 5552 NdisCap - ok
    18:35:01.0274 5552 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    18:35:01.0274 5552 NdisTapi - ok
    18:35:01.0320 5552 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    18:35:01.0320 5552 Ndisuio - ok
    18:35:01.0352 5552 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    18:35:01.0352 5552 NdisWan - ok
    18:35:01.0367 5552 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    18:35:01.0367 5552 NDProxy - ok
    18:35:01.0414 5552 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
    18:35:01.0414 5552 Net Driver HPZ12 - ok
    18:35:01.0445 5552 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    18:35:01.0461 5552 NetBIOS - ok
    18:35:01.0492 5552 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    18:35:01.0492 5552 NetBT - ok
    18:35:01.0508 5552 netlimiter - ok
    18:35:01.0539 5552 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
    18:35:01.0539 5552 Netlogon - ok
    18:35:01.0586 5552 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
    18:35:01.0586 5552 Netman - ok
    18:35:01.0617 5552 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
    18:35:01.0632 5552 netprofm - ok
    18:35:01.0664 5552 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    18:35:01.0664 5552 NetTcpPortSharing - ok
    18:35:01.0695 5552 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    18:35:01.0695 5552 nfrd960 - ok
    18:35:01.0742 5552 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
    18:35:01.0742 5552 NlaSvc - ok
    18:35:01.0773 5552 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
    18:35:01.0773 5552 Npfs - ok
    18:35:01.0804 5552 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
    18:35:01.0804 5552 nsi - ok
    18:35:01.0820 5552 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    18:35:01.0820 5552 nsiproxy - ok
    18:35:01.0882 5552 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    18:35:01.0898 5552 Ntfs - ok
    18:35:01.0913 5552 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
    18:35:01.0913 5552 NTIDrvr - ok
    18:35:01.0944 5552 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
    18:35:01.0944 5552 Null - ok
    18:35:02.0192 5552 [ B0881DDA5A8160422561FFAB7F0008B1 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    18:35:02.0382 5552 nvlddmkm - ok
    18:35:02.0422 5552 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    18:35:02.0422 5552 nvraid - ok
    18:35:02.0442 5552 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    18:35:02.0442 5552 nvstor - ok
    18:35:02.0472 5552 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    18:35:02.0472 5552 nv_agp - ok
    18:35:02.0532 5552 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    18:35:02.0542 5552 odserv - ok
    18:35:02.0572 5552 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    18:35:02.0572 5552 ohci1394 - ok
    18:35:02.0592 5552 osaio - ok
    18:35:02.0632 5552 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    18:35:02.0642 5552 ose - ok
    18:35:02.0672 5552 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    18:35:02.0682 5552 p2pimsvc - ok
    18:35:02.0712 5552 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
    18:35:02.0722 5552 p2psvc - ok
    18:35:02.0762 5552 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    18:35:02.0762 5552 Parport - ok
    18:35:02.0802 5552 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
    18:35:02.0802 5552 partmgr - ok
    18:35:02.0812 5552 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
    18:35:02.0822 5552 Parvdm - ok
    18:35:02.0852 5552 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
    18:35:02.0852 5552 PcaSvc - ok
    18:35:02.0892 5552 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
    18:35:02.0892 5552 pci - ok
    18:35:02.0922 5552 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
    18:35:02.0922 5552 pciide - ok
    18:35:02.0962 5552 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    18:35:02.0972 5552 pcmcia - ok
    18:35:02.0982 5552 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
    18:35:02.0982 5552 pcw - ok
    18:35:03.0012 5552 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    18:35:03.0022 5552 PEAUTH - ok
    18:35:03.0112 5552 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
    18:35:03.0132 5552 pla - ok
    18:35:03.0172 5552 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    18:35:03.0182 5552 PlugPlay - ok
    18:35:03.0212 5552 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
    18:35:03.0222 5552 Pml Driver HPZ12 - ok
    18:35:03.0242 5552 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    18:35:03.0252 5552 PNRPAutoReg - ok
    18:35:03.0272 5552 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    18:35:03.0272 5552 PNRPsvc - ok
    18:35:03.0312 5552 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    18:35:03.0322 5552 PolicyAgent - ok
    18:35:03.0362 5552 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
    18:35:03.0372 5552 Power - ok
    18:35:03.0402 5552 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    18:35:03.0402 5552 PptpMiniport - ok
    18:35:03.0422 5552 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
    18:35:03.0422 5552 Processor - ok
    18:35:03.0472 5552 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
    18:35:03.0472 5552 ProfSvc - ok
    18:35:03.0492 5552 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
    18:35:03.0492 5552 ProtectedStorage - ok
    18:35:03.0522 5552 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    18:35:03.0522 5552 Psched - ok
    18:35:03.0542 5552 [ 88B72D2A800300EB05C69F3C6C3180F2 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys
    18:35:03.0542 5552 PSDFilter - ok
    18:35:03.0562 5552 [ 9649E11FC5459BF6B2C9E8E327E45C3A ] PSDNServ C:\Windows\system32\drivers\PSDNServ.sys
    18:35:03.0562 5552 PSDNServ - ok
    18:35:03.0592 5552 [ 3D0BE1373B9DFE9FC7B64F090E4D59E3 ] psdvdisk C:\Windows\system32\drivers\psdvdisk.sys
    18:35:03.0592 5552 psdvdisk - ok
    18:35:03.0652 5552 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    18:35:03.0672 5552 ql2300 - ok
    18:35:03.0692 5552 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    18:35:03.0692 5552 ql40xx - ok
    18:35:03.0732 5552 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
    18:35:03.0732 5552 QWAVE - ok
    18:35:03.0762 5552 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    18:35:03.0772 5552 QWAVEdrv - ok
    18:35:03.0792 5552 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    18:35:03.0802 5552 RasAcd - ok
    18:35:03.0842 5552 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    18:35:03.0842 5552 RasAgileVpn - ok
    18:35:03.0862 5552 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
    18:35:03.0862 5552 RasAuto - ok
    18:35:03.0882 5552 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    18:35:03.0892 5552 Rasl2tp - ok
    18:35:03.0932 5552 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
    18:35:03.0942 5552 RasMan - ok
    18:35:03.0952 5552 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    18:35:03.0962 5552 RasPppoe - ok
    18:35:04.0002 5552 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    18:35:04.0002 5552 RasSstp - ok
    18:35:04.0022 5552 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    18:35:04.0032 5552 rdbss - ok
    18:35:04.0043 5552 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    18:35:04.0053 5552 rdpbus - ok
    18:35:04.0083 5552 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    18:35:04.0083 5552 RDPCDD - ok
    18:35:04.0103 5552 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    18:35:04.0103 5552 RDPENCDD - ok
    18:35:04.0133 5552 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    18:35:04.0143 5552 RDPREFMP - ok
    18:35:04.0173 5552 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    18:35:04.0183 5552 RDPWD - ok
    18:35:04.0213 5552 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    18:35:04.0223 5552 rdyboost - ok
    18:35:04.0263 5552 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
    18:35:04.0263 5552 RemoteAccess - ok
    18:35:04.0303 5552 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    18:35:04.0313 5552 RemoteRegistry - ok
    18:35:04.0363 5552 [ A76CDDB6D1F25797843E2557A2118E2E ] RichVideo C:\Program Files\CyberLink\Shared
  8. Grady Lenamond

    Grady Lenamond Newcomer, in training Topic Starter

    Here is the remainder.

    18:35:04.0393 5552 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    18:35:04.0403 5552 RpcEptMapper - ok
    18:35:04.0433 5552 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
    18:35:04.0433 5552 RpcLocator - ok
    18:35:04.0465 5552 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
    18:35:04.0465 5552 RpcSs - ok
    18:35:04.0511 5552 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    18:35:04.0511 5552 rspndr - ok
    18:35:04.0521 5552 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
    18:35:04.0521 5552 SamSs - ok
    18:35:04.0571 5552 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    18:35:04.0571 5552 sbp2port - ok
    18:35:04.0641 5552 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    18:35:04.0651 5552 SBSDWSCService - ok
    18:35:04.0691 5552 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    18:35:04.0701 5552 SCardSvr - ok
    18:35:04.0711 5552 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    18:35:04.0711 5552 scfilter - ok
    18:35:04.0761 5552 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
    18:35:04.0771 5552 Schedule - ok
    18:35:04.0801 5552 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
    18:35:04.0801 5552 SCPolicySvc - ok
    18:35:04.0841 5552 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    18:35:04.0851 5552 SDRSVC - ok
    18:35:04.0881 5552 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    18:35:04.0891 5552 secdrv - ok
    18:35:04.0921 5552 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
    18:35:04.0921 5552 seclogon - ok
    18:35:04.0941 5552 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
    18:35:04.0951 5552 SENS - ok
    18:35:04.0981 5552 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
    18:35:04.0991 5552 SensrSvc - ok
    18:35:05.0001 5552 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    18:35:05.0001 5552 Serenum - ok
    18:35:05.0031 5552 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    18:35:05.0041 5552 Serial - ok
    18:35:05.0062 5552 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    18:35:05.0072 5552 sermouse - ok
    18:35:05.0122 5552 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
    18:35:05.0132 5552 SessionEnv - ok
    18:35:05.0162 5552 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    18:35:05.0162 5552 sffdisk - ok
    18:35:05.0172 5552 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    18:35:05.0172 5552 sffp_mmc - ok
    18:35:05.0182 5552 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    18:35:05.0182 5552 sffp_sd - ok
    18:35:05.0212 5552 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    18:35:05.0212 5552 sfloppy - ok
    18:35:05.0262 5552 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    18:35:05.0272 5552 ShellHWDetection - ok
    18:35:05.0302 5552 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
    18:35:05.0302 5552 sisagp - ok
    18:35:05.0332 5552 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    18:35:05.0332 5552 SiSRaid2 - ok
    18:35:05.0352 5552 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    18:35:05.0352 5552 SiSRaid4 - ok
    18:35:05.0392 5552 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
    18:35:05.0392 5552 Smb - ok
    18:35:05.0462 5552 [ 19301C27F3425DC39F6C599F527E507D ] smserial C:\Windows\system32\DRIVERS\smserial.sys
    18:35:05.0472 5552 smserial - ok
    18:35:05.0542 5552 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    18:35:05.0552 5552 SNMPTRAP - ok
    18:35:05.0582 5552 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
    18:35:05.0582 5552 spldr - ok
    18:35:05.0632 5552 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
    18:35:05.0642 5552 Spooler - ok
    18:35:05.0732 5552 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
    18:35:05.0782 5552 sppsvc - ok
    18:35:05.0812 5552 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    18:35:05.0822 5552 sppuinotify - ok
    18:35:05.0852 5552 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
    18:35:05.0862 5552 srv - ok
    18:35:05.0882 5552 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    18:35:05.0882 5552 srv2 - ok
    18:35:05.0912 5552 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    18:35:05.0912 5552 srvnet - ok
    18:35:05.0952 5552 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    18:35:05.0962 5552 SSDPSRV - ok
    18:35:05.0972 5552 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
    18:35:05.0982 5552 SstpSvc - ok
    18:35:06.0042 5552 [ 8BDDCE5A798B1150CDC5AB61D480B267 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    18:35:06.0052 5552 Stereo Service - ok
    18:35:06.0082 5552 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    18:35:06.0082 5552 stexstor - ok
    18:35:06.0132 5552 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
    18:35:06.0152 5552 StiSvc - ok
    18:35:06.0172 5552 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
    18:35:06.0182 5552 swenum - ok
    18:35:06.0212 5552 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
    18:35:06.0222 5552 swprv - ok
    18:35:06.0282 5552 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
    18:35:06.0302 5552 SysMain - ok
    18:35:06.0342 5552 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
    18:35:06.0342 5552 TabletInputService - ok
    18:35:06.0382 5552 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
    18:35:06.0392 5552 TapiSrv - ok
    18:35:06.0422 5552 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
    18:35:06.0432 5552 TBS - ok
    18:35:06.0502 5552 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    18:35:06.0512 5552 Tcpip - ok
    18:35:06.0538 5552 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    18:35:06.0554 5552 TCPIP6 - ok
    18:35:06.0600 5552 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    18:35:06.0616 5552 tcpipreg - ok
    18:35:06.0663 5552 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    18:35:06.0663 5552 TDPIPE - ok
    18:35:06.0678 5552 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    18:35:06.0694 5552 TDTCP - ok
    18:35:06.0725 5552 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    18:35:06.0725 5552 tdx - ok
    18:35:06.0756 5552 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
    18:35:06.0756 5552 TermDD - ok
    18:35:06.0803 5552 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
    18:35:06.0819 5552 TermService - ok
    18:35:06.0850 5552 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
    18:35:06.0850 5552 Themes - ok
    18:35:06.0881 5552 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
    18:35:06.0897 5552 THREADORDER - ok
    18:35:06.0912 5552 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
    18:35:06.0928 5552 TrkWks - ok
    18:35:06.0975 5552 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    18:35:06.0990 5552 TrustedInstaller - ok
    18:35:07.0006 5552 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    18:35:07.0006 5552 tssecsrv - ok
    18:35:07.0037 5552 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    18:35:07.0053 5552 TsUsbFlt - ok
    18:35:07.0100 5552 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    18:35:07.0100 5552 tunnel - ok
    18:35:07.0131 5552 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    18:35:07.0131 5552 uagp35 - ok
    18:35:07.0162 5552 [ E0C67BE430C6DE490D6CCAECFA071F9E ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
    18:35:07.0162 5552 UBHelper - ok
    18:35:07.0193 5552 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    18:35:07.0193 5552 udfs - ok
    18:35:07.0240 5552 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    18:35:07.0256 5552 UI0Detect - ok
    18:35:07.0287 5552 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    18:35:07.0287 5552 uliagpkx - ok
    18:35:07.0334 5552 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    18:35:07.0334 5552 umbus - ok
    18:35:07.0365 5552 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    18:35:07.0365 5552 UmPass - ok
    18:35:07.0380 5552 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
    18:35:07.0396 5552 upnphost - ok
    18:35:07.0427 5552 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
    18:35:07.0443 5552 USBAAPL - ok
    18:35:07.0474 5552 [ AF9388E736AF0C325067F05EDC350010 ] usbbus C:\Windows\system32\DRIVERS\lgusbbus.sys
    18:35:07.0474 5552 usbbus - ok
    18:35:07.0505 5552 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    18:35:07.0505 5552 usbccgp - ok
    18:35:07.0536 5552 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    18:35:07.0536 5552 usbcir - ok
    18:35:07.0568 5552 [ AE30EA96E60E823C7B525DA356283AE8 ] UsbDiag C:\Windows\system32\DRIVERS\lgusbdiag.sys
    18:35:07.0568 5552 UsbDiag - ok
    18:35:07.0583 5552 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    18:35:07.0583 5552 usbehci - ok
    18:35:07.0630 5552 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    18:35:07.0630 5552 usbhub - ok
    18:35:07.0661 5552 [ 46AC66DF3D6EFE81F69BEA823A53AAB5 ] USBModem C:\Windows\system32\DRIVERS\lgusbmodem.sys
    18:35:07.0661 5552 USBModem - ok
    18:35:07.0692 5552 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    18:35:07.0692 5552 usbohci - ok
    18:35:07.0739 5552 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    18:35:07.0739 5552 usbprint - ok
    18:35:07.0770 5552 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    18:35:07.0770 5552 usbscan - ok
    18:35:07.0786 5552 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    18:35:07.0786 5552 USBSTOR - ok
    18:35:07.0802 5552 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    18:35:07.0802 5552 usbuhci - ok
    18:35:07.0848 5552 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
    18:35:07.0848 5552 UxSms - ok
    18:35:07.0864 5552 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
    18:35:07.0880 5552 VaultSvc - ok
    18:35:07.0911 5552 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    18:35:07.0911 5552 vdrvroot - ok
    18:35:07.0958 5552 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
    18:35:07.0973 5552 vds - ok
    18:35:08.0004 5552 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    18:35:08.0004 5552 vga - ok
    18:35:08.0020 5552 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
    18:35:08.0020 5552 VgaSave - ok
    18:35:08.0067 5552 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    18:35:08.0067 5552 vhdmp - ok
    18:35:08.0098 5552 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
    18:35:08.0098 5552 viaagp - ok
    18:35:08.0129 5552 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
    18:35:08.0129 5552 ViaC7 - ok
    18:35:08.0145 5552 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
    18:35:08.0145 5552 viaide - ok
    18:35:08.0192 5552 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    18:35:08.0192 5552 volmgr - ok
    18:35:08.0223 5552 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    18:35:08.0223 5552 volmgrx - ok
    18:35:08.0270 5552 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    18:35:08.0270 5552 volsnap - ok
    18:35:08.0301 5552 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    18:35:08.0301 5552 vsmraid - ok
    18:35:08.0348 5552 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
    18:35:08.0363 5552 VSS - ok
    18:35:08.0394 5552 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    18:35:08.0394 5552 vwifibus - ok
    18:35:08.0426 5552 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
    18:35:08.0441 5552 W32Time - ok
    18:35:08.0472 5552 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    18:35:08.0472 5552 WacomPen - ok
    18:35:08.0504 5552 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    18:35:08.0504 5552 WANARP - ok
    18:35:08.0519 5552 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    18:35:08.0519 5552 Wanarpv6 - ok
    18:35:08.0582 5552 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    18:35:08.0597 5552 WatAdminSvc - ok
    18:35:08.0644 5552 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
    18:35:08.0675 5552 wbengine - ok
    18:35:08.0706 5552 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    18:35:08.0722 5552 WbioSrvc - ok
    18:35:08.0753 5552 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
    18:35:08.0769 5552 wcncsvc - ok
    18:35:08.0784 5552 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    18:35:08.0800 5552 WcsPlugInService - ok
    18:35:08.0831 5552 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
    18:35:08.0831 5552 Wd - ok
    18:35:08.0862 5552 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    18:35:08.0862 5552 Wdf01000 - ok
    18:35:08.0878 5552 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
    18:35:08.0894 5552 WdiServiceHost - ok
    18:35:08.0909 5552 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
    18:35:08.0909 5552 WdiSystemHost - ok
    18:35:08.0956 5552 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
    18:35:08.0972 5552 WebClient - ok
    18:35:09.0003 5552 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
    18:35:09.0003 5552 Wecsvc - ok
    18:35:09.0034 5552 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
    18:35:09.0034 5552 wercplsupport - ok
    18:35:09.0065 5552 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
    18:35:09.0065 5552 WerSvc - ok
    18:35:09.0112 5552 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    18:35:09.0112 5552 WfpLwf - ok
    18:35:09.0128 5552 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    18:35:09.0143 5552 WIMMount - ok
    18:35:09.0143 5552 WinHttpAutoProxySvc - ok
    18:35:09.0206 5552 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    18:35:09.0206 5552 Winmgmt - ok
    18:35:09.0268 5552 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
    18:35:09.0299 5552 WinRM - ok
    18:35:09.0362 5552 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    18:35:09.0362 5552 WinUsb - ok
    18:35:09.0408 5552 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
    18:35:09.0424 5552 Wlansvc - ok
    18:35:09.0455 5552 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    18:35:09.0455 5552 WmiAcpi - ok
    18:35:09.0486 5552 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    18:35:09.0502 5552 wmiApSrv - ok
    18:35:09.0580 5552 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    18:35:09.0596 5552 WMPNetworkSvc - ok
    18:35:09.0627 5552 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
    18:35:09.0642 5552 WPCSvc - ok
    18:35:09.0674 5552 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    18:35:09.0674 5552 WPDBusEnum - ok
    18:35:09.0705 5552 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    18:35:09.0705 5552 ws2ifsl - ok
    18:35:09.0720 5552 WSearch - ok
    18:35:09.0814 5552 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
    18:35:09.0845 5552 wuauserv - ok
    18:35:09.0876 5552 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    18:35:09.0892 5552 WudfPf - ok
    18:35:09.0908 5552 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    18:35:09.0923 5552 WUDFRd - ok
    18:35:09.0954 5552 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    18:35:09.0970 5552 wudfsvc - ok
    18:35:10.0001 5552 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
    18:35:10.0017 5552 WwanSvc - ok
    18:35:10.0048 5552 [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
    18:35:10.0048 5552 yukonw7 - ok
    18:35:10.0235 5552 [ F45EDE31290119600D88C6776253F5F7 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
    18:35:10.0344 5552 ZuneNetworkSvc - ok
    18:35:10.0391 5552 [ 79118FDC6E632D365B6AEAF8F287BDE4 ] ZuneWlanCfgSvc C:\Windows\system32\ZuneWlanCfgSvc.exe
    18:35:10.0407 5552 ZuneWlanCfgSvc - ok
    18:35:10.0422 5552 ================ Scan global ===============================
    18:35:10.0454 5552 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
    18:35:10.0500 5552 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
    18:35:10.0516 5552 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
    18:35:10.0547 5552 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
    18:35:10.0563 5552 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
    18:35:10.0578 5552 [Global] - ok
    18:35:10.0578 5552 ================ Scan MBR ==================================
    18:35:10.0594 5552 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    18:35:10.0859 5552 \Device\Harddisk0\DR0 - ok
    18:35:10.0859 5552 ================ Scan VBR ==================================
    18:35:10.0875 5552 [ C715A036A4724331353B91699DCC084E ] \Device\Harddisk0\DR0\Partition1
    18:35:10.0875 5552 \Device\Harddisk0\DR0\Partition1 - ok
    18:35:10.0890 5552 [ 4F5B54FC798E51E8D3B166441A9FBD5E ] \Device\Harddisk0\DR0\Partition2
    18:35:10.0890 5552 \Device\Harddisk0\DR0\Partition2 - ok
    18:35:10.0890 5552 ============================================================
    18:35:10.0890 5552 Scan finished
    18:35:10.0890 5552 ============================================================
    18:35:10.0922 1008 Detected object count: 0
    18:35:10.0922 1008 Actual detected object count: 0
    18:41:25.0066 4804 Deinitialize success
    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : Owner [Admin rights]
    Mode : Remove -- Date : 10/14/2012 18:46:53
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 6 ¤¤¤
    [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{49C3B646-9DDD-48CC-9F72-73B8A4DFDF00} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{49C3B646-9DDD-48CC-9F72-73B8A4DFDF00} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
    [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost
    127.0.0.1www.007guard.com
    127.0.0.1007guard.com
    127.0.0.1008i.com
    127.0.0.1www.008k.com
    127.0.0.1008k.com
    127.0.0.1www.00hq.com
    127.0.0.100hq.com
    127.0.0.1010402.com
    127.0.0.1www.032439.com
    127.0.0.1032439.com
    127.0.0.1www.0scan.com
    127.0.0.10scan.com
    127.0.0.1www.1000gratisproben.com
    127.0.0.11000gratisproben.com
    127.0.0.11001namen.com
    127.0.0.1www.1001namen.com
    127.0.0.1100888290cs.com
    127.0.0.1www.100888290cs.com
    [...]
    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: Hitachi HDT725032VLA SCSI Disk Device +++++
    --- User ---
    [MBR] b121865fec033995482a277fbde473bc
    [BSP] b14f291150c115cc82f05b680b8d3d11 : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 6997 Mo
    1 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 14329980 | Size: 149299 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 320095125 | Size: 148933 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-14 19:14:38
    -----------------------------
    19:14:38.170 OS Version: Windows 6.1.7601 Service Pack 1
    19:14:38.170 Number of processors: 2 586 0x4B02
    19:14:38.170 ComputerName: NRMTJ3JB7 UserName: Owner
    19:14:38.778 Initialize success
    19:14:38.903 AVAST engine defs: 12101401
    19:14:44.535 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
    19:14:44.535 Disk 0 Vendor: Hitachi_ V54O Size: 305245MB BusType: 3
    19:14:44.722 Disk 0 MBR read successfully
    19:14:44.722 Disk 0 MBR scan
    19:14:44.722 Disk 0 Windows 7 default MBR code
    19:14:44.769 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 6997 MB offset 63
    19:14:44.831 Disk 0 Partition 2 80 (A) 06 FAT16 NTFS 149299 MB offset 14329980
    19:14:44.878 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 148933 MB offset 320095125
    19:14:44.944 Disk 0 scanning sectors +625111728
    19:14:45.064 Disk 0 scanning C:\Windows\system32\drivers
    19:15:01.144 Service scanning
    19:15:25.293 Modules scanning
    19:15:42.375 Disk 0 trace - called modules:
    19:15:42.422 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
    19:15:42.438 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8691b030]
    19:15:42.453 3 CLASSPNP.SYS[8ba9959e] -> nt!IofCallDriver -> [0x8625b1c8]
    19:15:42.453 5 ACPI.sys[83dcf3d4] -> nt!IofCallDriver -> \Device\00000063[0x8625bc68]
    19:15:43.046 AVAST engine scan C:\Windows
    19:15:52.718 AVAST engine scan C:\Windows\system32
    19:18:03.880 AVAST engine scan C:\Windows\system32\drivers
    19:18:14.154 AVAST engine scan C:\Users\Owner
    19:27:46.498 AVAST engine scan C:\ProgramData
    19:31:01.561 Scan finished successfully
    19:32:29.964 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
    19:32:29.964 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"
  9. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    On Windows 7 that folder is a hidden system folder so you should hide it and not play with it.

    ==============================

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    =============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  10. Grady Lenamond

    Grady Lenamond Newcomer, in training Topic Starter

    Here you go.

    ComboFix 12-10-14.03 - Owner 10/14/2012 21:33:17.1.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2816.1767 [GMT -5:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
    SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\fiThxK8bHjNXE6
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db
    c:\users\Owner\Documents\pub584.tmp
    c:\users\Owner\Documents\pubE2EC.tmp
    c:\users\Owner\Documents\pubF86F.tmp
    c:\users\Owner\Favorites\ehthumbs_vista.db
    c:\windows\system32\service
    c:\windows\system32\service\01082010_TIS17_SfFniAU.log
    c:\windows\system32\service\01102012_TIS17_SfFniAU.log
    c:\windows\system32\service\02082010_TIS17_SfFniAU.log
    c:\windows\system32\service\04092012_TIS17_SfFniAU.log
    c:\windows\system32\service\07062012_TIS17_SfFniAU.log
    c:\windows\system32\service\10092010_TIS17_SfFniAU.log
    c:\windows\system32\service\10102011_TIS17_SfFniAU.log
    c:\windows\system32\service\11102012_TIS17_SfFniAU.log
    D:\install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-15 to 2012-10-15 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-15 02:41 . 2012-10-15 02:49--------d-----w-c:\users\Owner\AppData\Local\temp
    2012-10-15 02:41 . 2012-10-15 02:41--------d-----w-c:\users\garrett lenamond\AppData\Local\temp
    2012-10-15 02:41 . 2012-10-15 02:41--------d-----w-c:\users\Experience\AppData\Local\temp
    2012-10-15 02:41 . 2012-10-15 02:41--------d-----w-c:\users\Default\AppData\Local\temp
    2012-10-15 02:32 . 2012-10-15 02:3256200----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF0BEF09-2023-4C2D-BAB6-9C37D7D05A70}\offreg.dll
    2012-10-13 23:57 . 2012-10-13 23:57--------d-----w-c:\program files\Common Files\Java
    2012-10-13 23:51 . 2012-10-13 23:51821736----a-w-c:\windows\system32\npDeployJava1.dll
    2012-10-13 23:51 . 2012-10-13 23:5193672----a-w-c:\windows\system32\WindowsAccessBridge.dll
    2012-10-13 23:50 . 2012-10-13 23:50--------d-----w-c:\programdata\McAfee
    2012-10-13 23:24 . 2012-10-13 23:26--------d-----w-c:\program files\SpywareBlaster
    2012-10-13 22:08 . 2012-10-13 22:36--------d-----w-c:\programdata\Spybot - Search & Destroy
    2012-10-13 22:08 . 2012-10-13 22:08--------d-----w-c:\program files\Spybot - Search & Destroy
    2012-10-13 21:29 . 2012-10-13 21:29--------d-----w-c:\users\Owner\AppData\Roaming\IObit
    2012-10-13 21:29 . 2012-10-13 21:29--------d-----w-c:\program files\IObit
    2012-10-13 21:11 . 2012-10-13 21:11--------d-----w-c:\program files\Common Files\Comodo
    2012-10-13 21:11 . 2012-10-13 21:11--------d-----w-c:\programdata\CPA_VA
    2012-10-13 20:59 . 2012-10-13 21:06--------d-----w-c:\programdata\Comodo
    2012-10-13 20:59 . 2012-10-13 20:59--------d-----w-c:\users\Owner\AppData\Local\Comodo
    2012-10-13 20:59 . 2012-10-13 21:1245320----a-w-c:\windows\system32\certsentry.dll
    2012-10-13 20:59 . 2012-10-13 21:11--------d-----w-c:\program files\Comodo
    2012-10-13 20:19 . 2012-08-21 09:1321256----a-w-c:\windows\system32\drivers\aswFsBlk.sys
    2012-10-13 20:19 . 2012-08-21 09:13355632----a-w-c:\windows\system32\drivers\aswSP.sys
    2012-10-13 20:19 . 2012-08-21 09:1344784----a-w-c:\windows\system32\drivers\aswRdr2.sys
    2012-10-13 20:19 . 2012-08-21 09:13729752----a-w-c:\windows\system32\drivers\aswSnx.sys
    2012-10-13 20:19 . 2012-08-21 09:1354232----a-w-c:\windows\system32\drivers\aswTdi.sys
    2012-10-13 20:19 . 2012-08-21 09:1358680----a-w-c:\windows\system32\drivers\aswMonFlt.sys
    2012-10-13 20:18 . 2012-08-21 09:1241224----a-w-c:\windows\avastSS.scr
    2012-10-13 20:18 . 2012-08-21 09:12227648----a-w-c:\windows\system32\aswBoot.exe
    2012-10-13 20:18 . 2012-10-13 20:18--------d-----w-c:\programdata\AVAST Software
    2012-10-13 20:18 . 2012-10-13 20:18--------d-----w-c:\program files\AVAST Software
    2012-10-13 19:37 . 2012-10-13 19:37--------d-----w-c:\program files\CCleaner
    2012-10-13 19:20 . 2012-10-13 19:22--------d-----w-C:\MGtools
    2012-10-13 19:14 . 2012-10-13 19:1412872----a-w-c:\windows\system32\bootdelete.exe
    2012-10-13 05:07 . 2012-10-13 05:07--------d-----w-c:\programdata\NtiDvdCopy
    2012-10-13 00:00 . 2012-10-13 00:00--------d-----w-c:\program files\HitmanPro
    2012-10-13 00:00 . 2012-10-13 00:06--------d-----w-c:\programdata\HitmanPro
    2012-10-12 23:09 . 2012-10-12 23:09--------d-sh--w-c:\windows\system32\%APPDATA%
    2012-10-12 23:06 . 2012-10-12 23:06--------d-----w-c:\users\Owner\AppData\Roaming\Malwarebytes
    2012-10-12 23:05 . 2012-10-12 23:05--------d-----w-c:\programdata\Malwarebytes
    2012-10-12 23:05 . 2012-10-12 23:05--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2012-10-12 23:03 . 2012-10-12 23:03--------d-----w-c:\windows\Sun
    2012-10-10 06:03 . 2012-08-30 17:123968880----a-w-c:\windows\system32\ntkrnlpa.exe
    2012-10-10 06:03 . 2012-08-30 17:123914096----a-w-c:\windows\system32\ntoskrnl.exe
    2012-10-10 06:03 . 2012-08-10 23:56542208----a-w-c:\windows\system32\kerberos.dll
    2012-10-09 10:49 . 2012-08-30 08:176980552----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF0BEF09-2023-4C2D-BAB6-9C37D7D05A70}\mpengine.dll
    2012-10-05 06:32 . 2012-10-05 06:3282952----a-w-c:\windows\system32\drivers\inspect.sys
    2012-10-05 06:32 . 2012-10-05 06:32494416----a-w-c:\windows\system32\drivers\cmdGuard.sys
    2012-10-05 06:32 . 2012-10-05 06:3236072----a-w-c:\windows\system32\drivers\cmdhlp.sys
    2012-10-05 06:32 . 2012-10-05 06:3219632----a-w-c:\windows\system32\drivers\cmderd.sys
    2012-10-05 06:32 . 2012-10-05 06:3234024----a-w-c:\windows\system32\cmdcsr.dll
    2012-10-05 06:32 . 2012-10-05 06:32301264----a-w-c:\windows\system32\guard32.dll
    2012-09-26 12:40 . 2012-08-21 20:12245760----a-w-c:\windows\system32\OxpsConverter.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-13 23:51 . 2011-12-19 02:52746984----a-w-c:\windows\system32\deployJava1.dll
    2012-10-13 19:22 . 2012-10-13 19:20185284----a-w-C:\MGlogs.zip
    2012-08-22 17:16 . 2012-09-11 21:111292144----a-w-c:\windows\system32\drivers\tcpip.sys
    2012-08-22 17:16 . 2012-09-11 21:11712048----a-w-c:\windows\system32\drivers\ndis.sys
    2012-08-22 17:16 . 2012-09-11 21:11240496----a-w-c:\windows\system32\drivers\netio.sys
    2012-08-22 17:16 . 2012-09-11 21:11187760----a-w-c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-02 16:57 . 2012-09-11 21:11490496----a-w-c:\windows\system32\d3d10level9.dll
    2012-07-18 17:47 . 2012-08-15 18:142345984----a-w-c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2008-08-26 16:32279944----a-w-c:\program files\AskBarDis\bar\bin\askBar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
    .
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-08-21 09:12121528----a-w-c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
    "RunSpySweeperScheduleAtStartup"="c:\windows\system32\msfeedssync.exe" [2011-10-10 10752]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
    "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIHSA.EXE" [2011-04-24 219008]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
    "Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2006-12-13 3166208]
    "Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]
    "Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2006-12-04 1261568]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
    "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
    "FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
    "FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
    "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2012-04-05 371864]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-10-05 6756048]
    "tvncontrol"="c:\program files\Common Files\Comodo\GeekBuddyRSP.exe" [2012-09-28 1815040]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-12 528384]
    Start GeekBuddy.lnk - c:\program files\Comodo\GeekBuddy\launcher.exe [2012-10-5 49360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Citrix\ICACLI~1\RSHook.dll c:\windows\System32\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
    @=""
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AutoMailer.lnk]
    path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoMailer.lnk
    backup=c:\windows\pss\AutoMailer.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-07-11 19:00919008----a-r-c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2012-07-31 11:2038872----a-w-c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2011-11-02 05:2559240----a-w-c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BYR_AGENT]
    2011-06-14 06:45392280----a-w-c:\programdata\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2006-12-11 02:5249152----a-w-c:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-12-08 07:36421736----a-w-c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 20:28421888----a-w-c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2006-11-09 02:573784704----a-w-c:\windows\RtHDVCpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
    2009-09-04 18:16158448----a-w-c:\program files\Zune\ZuneLauncher.exe
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R2 netlimiter;netlimiter;c:\windows\system32\drivers\netlimiter.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\Comodo\launcher_service.exe [x]
    S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [x]
    S2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [x]
    S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [x]
    S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
    S2 GeekBuddyRSP;GeekBuddy Remote Screen Protocol;c:\program files\Common Files\Comodo\GeekBuddyRSP.exe [x]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-14 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-26 02:46]
    .
    2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 21:34]
    .
    2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 21:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uStart Page = hxxp://us.yahoo.com?fr=fp-comodo
    mStart Page = hxxp://en.us.acer.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: tmfhs.org\tmfremote
    TCP: DhcpNameServer = 208.180.42.68 208.180.42.100
    TCP: Interfaces\{49C3B646-9DDD-48CC-9F72-73B8A4DFDF00}: NameServer = 8.26.56.26,156.154.70.22
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Notify-DfLogon - LogonDll.dll
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(644)
    c:\windows\system32\guard32.dll
    .
    - - - - - - - > 'Explorer.exe'(2308)
    c:\windows\system32\guard32.dll
    c:\windows\System32\pnidui.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\acer\Empowering Technology\ePerformance\MemCheck.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
    c:\windows\system32\WUDFHost.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Zune\ZuneNss.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    .
    **************************************************************************
    .
    Completion time: 2012-10-14 21:53:15 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-10-15 02:53
    .
    Pre-Run: 79,327,223,808 bytes free
    Post-Run: 79,061,278,720 bytes free
    .
    - - End Of File - - A61238BB80401D07F0468F8DDFBBABEC
  11. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Looks good :)

    Any current issues?

    =================================

    Uninstall Ask Toolbar, typical foistware.

    ==================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. Grady Lenamond

    Grady Lenamond Newcomer, in training Topic Starter

    Its looking good. My homegroup is responding well and I can access my windows firewall. Should I turn off the windows firewall since I am using the Comodo firewall? Here are the Logs you requested.

    OTL logfile created on: 10/14/2012 10:43:00 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.75 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 64.70% Memory free
    5.50 Gb Paging File | 4.23 Gb Available in Paging File | 76.94% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 145.80 Gb Total Space | 73.70 Gb Free Space | 50.55% Space Free | Partition Type: NTFS
    Drive D: | 145.44 Gb Total Space | 144.87 Gb Free Space | 99.61% Space Free | Partition Type: NTFS

    Computer Name: NRMTJ3JB7 | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/14 22:40:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    PRC - [2012/10/11 11:15:26 | 001,853,584 | ---- | M] () -- C:\Program Files\Comodo\Dragon\dragon_updater.exe
    PRC - [2012/10/05 14:30:36 | 000,876,240 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Comodo\GeekBuddy\unit.exe
    PRC - [2012/10/05 14:30:36 | 000,875,216 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
    PRC - [2012/10/05 14:30:36 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) -- C:\Program Files\Common Files\Comodo\launcher_service.exe
    PRC - [2012/10/05 01:32:18 | 001,990,464 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
    PRC - [2012/10/05 01:31:48 | 006,756,048 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
    PRC - [2012/09/28 14:21:26 | 001,815,040 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe
    PRC - [2012/08/21 04:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/04/05 11:11:18 | 001,144,704 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
    PRC - [2012/04/05 09:17:42 | 000,871,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    PRC - [2012/04/05 09:15:18 | 000,130,200 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\redirector.exe
    PRC - [2012/04/05 09:14:40 | 000,371,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
    PRC - [2012/04/03 11:00:24 | 000,051,128 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    PRC - [2011/06/09 13:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
    PRC - [2011/04/24 13:01:00 | 000,219,008 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHSA.EXE
    PRC - [2011/04/24 13:00:00 | 000,130,944 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
    PRC - [2011/03/09 00:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
    PRC - [2011/03/09 00:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
    PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2010/10/12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
    PRC - [2009/09/04 13:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe
    PRC - [2009/09/01 19:38:39 | 000,266,240 | ---- | M] () -- C:\Windows\System32\CSHelper.exe
    PRC - [2009/08/17 01:32:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2006/12/08 18:45:32 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    PRC - [2006/11/23 18:24:54 | 000,319,488 | ---- | M] () -- C:\Windows\System32\SysMonitor.exe
    PRC - [2006/11/17 11:26:58 | 000,453,120 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    PRC - [2006/11/13 00:35:08 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    PRC - [2006/11/12 15:35:58 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/13 03:25:50 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/06/13 03:25:40 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/05/11 03:29:46 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/11 03:29:34 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2009/07/13 20:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
    MOD - [2006/11/23 18:24:54 | 000,319,488 | ---- | M] () -- C:\Windows\System32\SysMonitor.exe
    MOD - [2006/11/16 16:19:10 | 000,037,376 | ---- | M] () -- C:\Windows\System32\MSNChatHook.dll
    MOD - [2006/11/16 16:18:50 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
    SRV - [2012/10/11 11:15:26 | 001,853,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
    SRV - [2012/10/05 14:30:36 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) [Auto | Running] -- C:\Program Files\Common Files\Comodo\launcher_service.exe -- (CLPSLauncher)
    SRV - [2012/10/05 01:32:18 | 001,990,464 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV - [2012/09/28 14:21:26 | 001,815,040 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe -- (GeekBuddyRSP)
    SRV - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/06/09 13:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
    SRV - [2011/04/24 13:00:00 | 000,130,944 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE -- (EPSON_PM_RPCV4_05)
    SRV - [2010/04/06 03:00:45 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2009/09/04 13:17:00 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
    SRV - [2009/09/04 13:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
    SRV - [2009/09/01 19:38:39 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Windows\System32\CSHelper.exe -- (CSHelper)
    SRV - [2009/08/17 01:32:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2006/12/08 18:45:32 | 000,045,056 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
    SRV - [2006/11/13 00:35:08 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\osaio.sys -- (osaio)
    DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\netlimiter.sys -- (netlimiter)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/10/05 01:32:36 | 000,082,952 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
    DRV - [2012/10/05 01:32:34 | 000,494,416 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
    DRV - [2012/10/05 01:32:34 | 000,036,072 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
    DRV - [2012/08/21 04:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/08/21 04:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/08/21 04:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/08/21 04:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2012/08/21 04:13:14 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
    DRV - [2012/08/21 04:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2012/02/14 01:42:32 | 000,067,960 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
    DRV - [2011/02/14 03:42:36 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2011/02/14 03:42:34 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2011/02/14 03:42:32 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/07/13 17:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
    DRV - [2009/07/13 17:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
    DRV - [2009/06/10 16:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2006/12/07 21:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com?fr=fp-comodo
    IE - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBF
    IE - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\..\SearchScopes\{F713BE65-D907-432F-B390-E5F1BA53BE4D}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
    IE - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\e-webprint@epson.com: C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2012/04/09 18:08:00 | 000,000,000 | ---D | M]

    [2011/12/05 23:02:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\extensions
    [2011/12/05 23:02:29 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Citrix ICA Client (Enabled) = C:\Program Files\Citrix\ICA Client\npicaN.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Harmony Firefox Plugin (Enabled) = C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: avast! WebRep = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
    CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/10/14 21:48:55 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
    O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O2 - BHO: (CtxIEInterceptorBHO Class) - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
    O3 - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
    O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
    O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Windows\System32\SysMonitor.exe ()
    O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
    O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
    O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [tvncontrol] C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
    O4 - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIHSA.EXE (SEIKO EPSON CORPORATION)
    O4 - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000..\Run: [RunSpySweeperScheduleAtStartup] C:\Windows\System32\msfeedssync.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
    O7 - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\..Trusted Domains: tmfhs.org ([tmfremote] http in Trusted sites)
    O15 - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\..Trusted Domains: tmfhs.org ([tmfremote] https in Trusted sites)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.68 208.180.42.100
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49C3B646-9DDD-48CC-9F72-73B8A4DFDF00}: DhcpNameServer = 208.180.42.68 208.180.42.100
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49C3B646-9DDD-48CC-9F72-73B8A4DFDF00}: NameServer = 8.26.56.26,156.154.70.22
    O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll) - C:\Program Files\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)
    O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O24 - Desktop WallPaper:
    O24 - Desktop BackupWallPaper:
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/14 22:40:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2012/10/14 21:51:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/10/14 21:41:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
    [2012/10/14 20:30:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/10/14 20:30:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/10/14 20:30:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/10/14 20:30:02 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/14 20:29:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/14 20:22:57 | 004,980,339 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
    [2012/10/14 18:32:34 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
    [2012/10/14 17:09:58 | 000,706,431 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.com
    [2012/10/13 18:57:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/10/13 18:50:23 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2012/10/13 18:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2012/10/13 18:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
    [2012/10/13 18:24:43 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
    [2012/10/13 17:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2012/10/13 17:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2012/10/13 17:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2012/10/13 16:29:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\IObit
    [2012/10/13 16:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
    [2012/10/13 16:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Comodo
    [2012/10/13 16:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
    [2012/10/13 16:06:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
    [2012/10/13 15:59:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
    [2012/10/13 15:59:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Comodo
    [2012/10/13 15:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
    [2012/10/13 15:59:24 | 000,045,320 | ---- | C] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll
    [2012/10/13 15:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
    [2012/10/13 15:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/10/13 15:19:55 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2012/10/13 15:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/10/13 15:19:54 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2012/10/13 15:19:52 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
    [2012/10/13 15:19:50 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2012/10/13 15:19:50 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2012/10/13 15:19:46 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2012/10/13 15:18:59 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2012/10/13 15:18:59 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/10/13 15:18:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/10/13 15:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/10/13 14:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2012/10/13 14:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012/10/13 14:20:33 | 000,000,000 | ---D | C] -- C:\MGtools
    [2012/10/13 14:14:57 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
    [2012/10/13 00:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\NtiDvdCopy
    [2012/10/12 20:17:05 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
    [2012/10/12 19:31:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\RK_Quarantine
    [2012/10/12 19:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
    [2012/10/12 19:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
    [2012/10/12 19:00:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
    [2012/10/12 18:09:20 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
    [2012/10/12 18:06:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
    [2012/10/12 18:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/10/12 18:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/10/12 18:05:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/10/12 18:03:05 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2012/10/05 01:32:36 | 000,082,952 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
    [2012/10/05 01:32:34 | 000,494,416 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys
    [2012/10/05 01:32:34 | 000,036,072 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
    [2012/10/05 01:32:32 | 000,019,632 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys
    [2012/10/05 01:32:14 | 000,034,024 | ---- | C] (COMODO) -- C:\Windows\System32\cmdcsr.dll
    [2012/10/05 01:32:12 | 000,301,264 | ---- | C] (COMODO) -- C:\Windows\System32\guard32.dll
  13. Grady Lenamond

    Grady Lenamond Newcomer, in training Topic Starter

    Here is the rest of the log

    ========== Files - Modified Within 30 Days ==========

    [2012/10/14 22:40:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2012/10/14 22:04:02 | 000,010,048 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/14 22:04:02 | 000,010,048 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/14 21:56:59 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/14 21:56:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/14 21:56:24 | 2214,240,256 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/14 21:51:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/14 21:48:55 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/10/14 21:29:55 | 000,626,922 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/10/14 21:29:55 | 000,107,238 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/10/14 20:22:41 | 004,980,339 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
    [2012/10/14 19:32:29 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.dat
    [2012/10/14 18:44:31 | 001,422,336 | ---- | M] () -- C:\Users\Owner\Desktop\RogueKiller.exe
    [2012/10/14 18:32:35 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
    [2012/10/14 17:10:26 | 000,706,431 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.com
    [2012/10/14 16:36:01 | 000,302,592 | ---- | M] () -- C:\Users\Owner\Desktop\en3g5rd1.exe
    [2012/10/14 13:59:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2012/10/14 11:29:34 | 000,000,000 | -H-- | M] () -- C:\Users\Owner\Documents\Default.rdp
    [2012/10/14 11:19:16 | 000,077,301 | ---- | M] () -- C:\Users\Owner\Documents\mevsa tv repair form.pdf
    [2012/10/13 18:24:45 | 000,001,045 | ---- | M] () -- C:\Users\Owner\Desktop\SpywareBlaster.lnk
    [2012/10/13 17:38:28 | 000,444,348 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20121013-174712.backup
    [2012/10/13 17:08:38 | 000,001,248 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2012/10/13 16:12:39 | 000,045,320 | ---- | M] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll
    [2012/10/13 16:11:59 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\AntiError.lnk
    [2012/10/13 16:11:59 | 000,002,017 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
    [2012/10/13 16:11:59 | 000,002,017 | ---- | M] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
    [2012/10/13 16:03:35 | 000,000,000 | ---- | M] () -- C:\Windows\EEventManager.INI
    [2012/10/13 16:00:09 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
    [2012/10/13 15:59:49 | 000,001,230 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
    [2012/10/13 15:59:30 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
    [2012/10/13 15:27:22 | 000,002,243 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/10/13 15:27:22 | 000,002,227 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/10/13 15:19:55 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/10/13 15:19:46 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2012/10/13 14:37:26 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/10/13 14:22:47 | 000,185,284 | ---- | M] () -- C:\MGlogs.zip
    [2012/10/13 14:20:33 | 001,674,318 | ---- | M] () -- C:\MGtools.exe
    [2012/10/13 14:14:57 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
    [2012/10/12 20:18:00 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
    [2012/10/12 19:08:12 | 000,000,176 | ---- | M] () -- C:\ProgramData\-fiThxK8bHjNXE6r
    [2012/10/12 19:08:12 | 000,000,168 | ---- | M] () -- C:\ProgramData\-fiThxK8bHjNXE6
    [2012/10/12 19:06:06 | 000,035,944 | ---- | M] () -- C:\Windows\System32\.crusader
    [2012/10/12 19:00:55 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
    [2012/10/12 18:05:56 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/05 01:32:36 | 000,082,952 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
    [2012/10/05 01:32:34 | 000,494,416 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys
    [2012/10/05 01:32:34 | 000,036,072 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
    [2012/10/05 01:32:32 | 000,019,632 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys
    [2012/10/05 01:32:14 | 000,034,024 | ---- | M] (COMODO) -- C:\Windows\System32\cmdcsr.dll
    [2012/10/05 01:32:12 | 000,301,264 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
    [2012/09/17 16:23:08 | 001,321,629 | ---- | M] () -- C:\Users\Owner\Documents\9-17-2012.jpg

    ========== Files Created - No Company Name ==========

    [2012/10/14 20:30:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/10/14 20:30:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/10/14 20:30:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/10/14 20:30:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/10/14 20:30:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/10/14 19:32:29 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.dat
    [2012/10/14 18:44:31 | 001,422,336 | ---- | C] () -- C:\Users\Owner\Desktop\RogueKiller.exe
    [2012/10/14 16:36:00 | 000,302,592 | ---- | C] () -- C:\Users\Owner\Desktop\en3g5rd1.exe
    [2012/10/14 11:29:34 | 000,000,000 | -H-- | C] () -- C:\Users\Owner\Documents\Default.rdp
    [2012/10/14 11:19:16 | 000,077,301 | ---- | C] () -- C:\Users\Owner\Documents\mevsa tv repair form.pdf
    [2012/10/13 18:24:45 | 000,001,045 | ---- | C] () -- C:\Users\Owner\Desktop\SpywareBlaster.lnk
    [2012/10/13 17:08:38 | 000,001,248 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2012/10/13 16:11:59 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\AntiError.lnk
    [2012/10/13 16:11:59 | 000,002,017 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
    [2012/10/13 16:11:59 | 000,002,017 | ---- | C] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
    [2012/10/13 16:03:35 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
    [2012/10/13 16:00:09 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
    [2012/10/13 15:59:49 | 000,001,230 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
    [2012/10/13 15:59:30 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
    [2012/10/13 15:27:22 | 000,002,243 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/10/13 15:27:22 | 000,002,227 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/10/13 15:19:55 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/10/13 14:37:26 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/10/13 14:20:34 | 000,185,284 | ---- | C] () -- C:\MGlogs.zip
    [2012/10/13 14:20:16 | 001,674,318 | ---- | C] () -- C:\MGtools.exe
    [2012/10/12 20:27:48 | 000,002,495 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk
    [2012/10/12 20:27:48 | 000,002,044 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 1942.lnk
    [2012/10/12 20:27:48 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\WorkForce 845 User's Guide.lnk
    [2012/10/12 20:27:48 | 000,002,000 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
    [2012/10/12 20:27:48 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
    [2012/10/12 20:27:48 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2012/10/12 20:27:48 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Easy Transfer 7.lnk
    [2012/10/12 20:27:48 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/10/12 20:27:48 | 000,001,675 | ---- | C] () -- C:\Users\Public\Desktop\TroopMaster.LNK
    [2012/10/12 20:27:48 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    [2012/10/12 20:27:48 | 000,001,493 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
    [2012/10/12 20:27:48 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
    [2012/10/12 20:27:48 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2012/10/12 20:27:48 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
    [2012/10/12 20:27:48 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    [2012/10/12 20:27:48 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk
    [2012/10/12 20:27:48 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
    [2012/10/12 20:27:48 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
    [2012/10/12 20:27:47 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2012/10/12 20:27:46 | 000,001,470 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
    [2012/10/12 20:27:45 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    [2012/10/12 20:27:45 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
    [2012/10/12 20:27:45 | 000,001,731 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Registration.lnk
    [2012/10/12 20:27:45 | 000,001,711 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Assist.lnk
    [2012/10/12 20:27:45 | 000,000,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
    [2012/10/12 19:06:06 | 000,035,944 | ---- | C] () -- C:\Windows\System32\.crusader
    [2012/10/12 19:00:55 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
    [2012/10/12 18:05:56 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/11 23:47:01 | 000,000,176 | ---- | C] () -- C:\ProgramData\-fiThxK8bHjNXE6r
    [2012/10/11 23:47:01 | 000,000,168 | ---- | C] () -- C:\ProgramData\-fiThxK8bHjNXE6
    [2012/09/17 16:22:20 | 001,321,629 | ---- | C] () -- C:\Users\Owner\Documents\9-17-2012.jpg
    [2012/04/09 17:40:27 | 000,000,090 | ---- | C] () -- C:\Windows\EWF845.ini
    [2011/12/22 00:06:11 | 000,002,427 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
    [2011/08/29 19:25:22 | 000,002,309 | ---- | C] () -- C:\Users\Owner\ADVS0359.CSV
    [2011/03/11 11:25:21 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2010/08/29 22:08:36 | 000,022,062 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Comma Separated Values (Windows).ADR
    [2009/12/03 21:39:17 | 000,007,624 | ---- | C] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg
    [2009/11/26 04:53:53 | 000,016,896 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/12/22 15:13:59 | 000,781,312 | -HS- | C] () -- C:\Users\Owner\ehthumbs_vista.db

    ========== ZeroAccess Check ==========

    [2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2009/11/25 00:40:14 | 000,000,000 | ---D | M] -- C:\Users\Experience\AppData\Roaming\Acer
    [2009/11/25 00:40:14 | 000,000,000 | ---D | M] -- C:\Users\Experience\AppData\Roaming\Leadertech
    [2012/08/23 17:56:44 | 000,000,000 | ---D | M] -- C:\Users\garrett lenamond\AppData\Roaming\Acer
    [2012/08/23 17:56:42 | 000,000,000 | ---D | M] -- C:\Users\garrett lenamond\AppData\Roaming\Epson
    [2012/08/31 06:39:46 | 000,000,000 | ---D | M] -- C:\Users\garrett lenamond\AppData\Roaming\ICAClient
    [2012/08/23 17:56:43 | 000,000,000 | ---D | M] -- C:\Users\garrett lenamond\AppData\Roaming\Leadertech
    [2009/11/25 00:50:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Acer
    [2009/11/26 13:14:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Avocent AdminWorks
    [2012/08/12 15:20:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2012/04/19 21:59:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Epson
    [2012/08/30 18:54:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ICAClient
    [2012/09/07 19:38:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Image Zone Express
    [2012/10/13 16:29:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IObit
    [2009/11/25 00:50:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
    [2012/09/07 19:38:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Printer Info Cache

    ========== Purity Check ==========



    < End of report >
    OTL Extras logfile created on: 10/14/2012 10:43:00 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.75 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 64.70% Memory free
    5.50 Gb Paging File | 4.23 Gb Available in Paging File | 76.94% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 145.80 Gb Total Space | 73.70 Gb Free Space | 50.55% Space Free | Partition Type: NTFS
    Drive D: | 145.44 Gb Total Space | 144.87 Gb Free Space | 99.61% Space Free | Partition Type: NTFS

    Computer Name: NRMTJ3JB7 | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-1904182780-2584462688-3666631873-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{E10991E5-2AF1-48BE-BD3F-6BD33011E21B}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
    "UDP Query User{060450F6-A27B-4807-8B5C-A06F819B57CF}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
    "{007C5268-FB1C-49B9-A5E7-37D66DE46B9C}" = Online Plug-in
    "{0414F6AB-EAE7-44F8-8A32-5AD9629BC8EE}" = GeekBuddy
    "{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
    "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
    "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2DE9C112-2482-4D27-AA90-1504DFD9F117}" = Citrix Authentication Manager
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer Picture Slide DVD
    "{44715246-18E9-4EDF-AA03-94E4B4F80EA8}" = Download Navigator
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B360FD5-D497-46E2-9488-C6B649871662}" = Epson E-Web Print
    "{4FB600F5-C478-4DF7-A2BC-57D3807BAC91}" = BPDSoftware_Ini
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
    "{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
    "{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
    "{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
    "{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8EC50898-E24A-4C0C-A1F2-A71A8DBF291F}" = Citrix Receiver Inside
    "{8F968232-15C6-4872-84C2-9FCDAA1AEAB6}" = MPM
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A0791198-3F0C-4FB4-870C-5734C4CB5F16}" = Citrix Receiver(USB)
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer Zone SoftDMA
    "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
    "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
    "{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
    "{B03954CC-E130-4E57-BC83-869978685902}" = LG United Mobile Drivers
    "{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer Zone MakeDisk
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B48A3CE4-2F1E-45EF-841A-C0A3C407EB0F}" = Self-service Plug-in
    "{B4D8A5FE-83C9-44AB-88C7-9AB30EFE482A}" = Citrix Receiver(Aero)
    "{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
    "{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}" = EPSON Printer Finder
    "{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
    "{C7C7FA4B-40FF-4B4E-A566-1ABF8FAC38BB}" = Citrix Receiver (HDX Flash Redirection)
    "{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
    "{D777101F-1708-46ED-916E-3BE885F78F55}" = Citrix Receiver(DV)
    "{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
    "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
    "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
    "{E142615E-5ED8-4511-9BF0-0284BFA25766}" = ArcSoft PhotoImpression
    "{E62381A7-B1C1-4121-8262-84D38C77786C}" = COMODO Internet Security
    "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
    "{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
    "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Zone Main Page
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer Plug and Record
    "{F79A208D-D929-11D9-9D77-000129760D75}" = Acer Zone MagicDirector
    "{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}" = Epson Event Manager
    "{FB9C1550-C380-11E0-6784-0B93E74E18BE}" = TroopMaster
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Acer Assist" = Acer Assist
    "Acer Registration" = Acer Registration
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Ask Toolbar_is1" = Ask Toolbar
    "avast" = avast! Free Antivirus
    "CameraWindowDC" = Canon Utilities CameraWindow DC
    "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    "CameraWindowLauncher" = Canon Utilities CameraWindow
    "Canon MOV Decoder" = Canon MOV Decoder
    "Canon MOV Encoder" = Canon MOV Encoder
    "CCleaner" = CCleaner
    "CitrixOnlinePluginPackWeb" = Citrix Receiver
    "Comodo Dragon" = Comodo Dragon
    "ENTERPRISER" = Microsoft Office Enterprise 2007
    "EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
    "EPSON Printer and Utilities" = EPSON Printer Software
    "EPSON Scanner" = EPSON Scan
    "EPSON WorkForce 845 Series" = EPSON WorkForce 845 Series Printer Uninstall
    "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
    "Google Chrome" = Google Chrome
    "Google Updater" = Google Updater
    "HitmanPro36" = HitmanPro 3.6
    "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "MyCamera" = Canon Utilities MyCamera
    "MyCameraDC" = Canon Utilities MyCamera DC
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "RemoteCaptureDC" = Canon Utilities RemoteCapture DC
    "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
    "SpywareBlaster_is1" = SpywareBlaster 4.6
    "SystemRequirementsLab" = System Requirements Lab
    "TroopMaster 2010" = TroopMaster 2010
    "Uninstall_is1" = Uninstall 1.0.0.1
    "Vivitar Experience Image Manager" = Vivitar Experience Image Manager
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
    "Zune" = Zune

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/13/2012 5:05:59 PM | Computer Name = NRMTJ3JB7 | Source = Windows Search Service | ID = 9002
    Description =

    Error - 10/13/2012 5:05:59 PM | Computer Name = NRMTJ3JB7 | Source = Windows Search Service | ID = 3029
    Description =

    Error - 10/13/2012 5:06:03 PM | Computer Name = NRMTJ3JB7 | Source = Windows Search Service | ID = 3029
    Description =

    Error - 10/13/2012 5:06:03 PM | Computer Name = NRMTJ3JB7 | Source = Windows Search Service | ID = 3028
    Description =

    Error - 10/13/2012 5:06:03 PM | Computer Name = NRMTJ3JB7 | Source = Windows Search Service | ID = 3058
    Description =

    Error - 10/13/2012 5:06:03 PM | Computer Name = NRMTJ3JB7 | Source = Windows Search Service | ID = 7010
    Description =

    Error - 10/14/2012 1:30:01 AM | Computer Name = NRMTJ3JB7 | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\EPSON Software\Download
    Navigator\Resource01\E_UPBW01.EXE". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 10/14/2012 1:31:49 AM | Computer Name = NRMTJ3JB7 | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
    Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
    of attribute "version" in element "assemblyIdentity" is invalid.

    Error - 10/14/2012 1:34:29 AM | Computer Name = NRMTJ3JB7 | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
    - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
    in element "assemblyIdentity" is invalid.

    Error - 10/14/2012 7:50:24 PM | Computer Name = NRMTJ3JB7 | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16450 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: bb8 Start
    Time: 01cdaa6643f34558 Termination Time: 40 Application Path: C:\Program Files\Internet
    Explorer\iexplore.exe Report Id: e64b63a9-1659-11e2-9730-0019216b9a41

    Error - 10/14/2012 8:41:38 PM | Computer Name = NRMTJ3JB7 | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16450 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 155c Start
    Time: 01cdaa6c962d4ae8 Termination Time: 40 Application Path: C:\Program Files\Internet
    Explorer\iexplore.exe Report Id: 11172ef9-1661-11e2-9730-0019216b9a41

    [ Media Center Events ]
    Error - 12/22/2007 3:20:11 PM | Computer Name = NRMTJ3JB7 | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 4/1/2008 11:21:04 PM | Computer Name = NRMTJ3JB7 | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 4/17/2008 7:16:09 PM | Computer Name = NRMTJ3JB7 | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 5/26/2008 12:46:55 PM | Computer Name = NRMTJ3JB7 | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 5/31/2008 2:21:51 AM | Computer Name = NRMTJ3JB7 | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 6/6/2008 7:51:48 PM | Computer Name = NRMTJ3JB7 | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 3/3/2009 10:36:18 PM | Computer Name = NRMTJ3JB7 | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 9/9/2009 7:31:26 PM | Computer Name = NRMTJ3JB7 | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 9/9/2009 9:38:26 PM | Computer Name = NRMTJ3JB7 | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 10/7/2009 4:39:07 PM | Computer Name = NRMTJ3JB7 | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ OSession Events ]
    Error - 5/22/2009 10:58:51 AM | Computer Name = NRMTJ3JB7 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 57736
    seconds with 1500 seconds of active time. This session ended with a crash.

    Error - 6/18/2009 6:35:57 PM | Computer Name = NRMTJ3JB7 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 97853
    seconds with 540 seconds of active time. This session ended with a crash.

    Error - 7/11/2009 8:54:20 AM | Computer Name = NRMTJ3JB7 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 39213
    seconds with 2160 seconds of active time. This session ended with a crash.

    Error - 10/13/2009 9:06:37 PM | Computer Name = NRMTJ3JB7 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 163921
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 12/3/2009 6:06:23 PM | Computer Name = NRMTJ3JB7 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6245
    seconds with 960 seconds of active time. This session ended with a crash.

    Error - 1/4/2010 11:27:22 PM | Computer Name = NRMTJ3JB7 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2430
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 2/11/2010 4:51:24 PM | Computer Name = NRMTJ3JB7 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 41417
    seconds with 120 seconds of active time. This session ended with a crash.

    Error - 3/25/2010 6:55:22 PM | Computer Name = NRMTJ3JB7 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 93744
    seconds with 240 seconds of active time. This session ended with a crash.

    Error - 9/1/2010 6:57:00 PM | Computer Name = NRMTJ3JB7 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 1005
    seconds with 900 seconds of active time. This session ended with a crash.

    Error - 4/19/2012 2:11:31 PM | Computer Name = NRMTJ3JB7 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18002
    seconds with 1620 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 10/14/2012 10:37:18 PM | Computer Name = NRMTJ3JB7 | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 10/14/2012 10:43:19 PM | Computer Name = NRMTJ3JB7 | Source = Application Popup | ID = 875
    Description = Driver UBHelper.SYS has been blocked from loading.

    Error - 10/14/2012 10:43:34 PM | Computer Name = NRMTJ3JB7 | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 9:41:55 PM on ?10/?14/?2012 was unexpected.

    Error - 10/14/2012 10:43:45 PM | Computer Name = NRMTJ3JB7 | Source = Service Control Manager | ID = 7000
    Description = The netlimiter service failed to start due to the following error:
    %%2

    Error - 10/14/2012 10:43:45 PM | Computer Name = NRMTJ3JB7 | Source = Service Control Manager | ID = 7000
    Description = The osaio service failed to start due to the following error: %%2

    Error - 10/14/2012 10:43:54 PM | Computer Name = NRMTJ3JB7 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    UBHelper

    Error - 10/14/2012 10:56:16 PM | Computer Name = NRMTJ3JB7 | Source = Application Popup | ID = 875
    Description = Driver UBHelper.SYS has been blocked from loading.

    Error - 10/14/2012 10:56:39 PM | Computer Name = NRMTJ3JB7 | Source = Service Control Manager | ID = 7000
    Description = The netlimiter service failed to start due to the following error:
    %%2

    Error - 10/14/2012 10:56:39 PM | Computer Name = NRMTJ3JB7 | Source = Service Control Manager | ID = 7000
    Description = The osaio service failed to start due to the following error: %%2

    Error - 10/14/2012 10:56:57 PM | Computer Name = NRMTJ3JB7 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    UBHelper


    < End of report >
  14. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Yes.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
      IE - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
      [2011/12/05 23:02:29 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
      O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
      O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
      O15 - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\..Trusted Domains: tmfhs.org ([tmfremote] http in Trusted sites)
      O15 - HKU\S-1-5-21-1904182780-2584462688-3666631873-1000\..Trusted Domains: tmfhs.org ([tmfremote] https in Trusted sites)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
      [2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
      
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files\AskBarDis
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ==================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  15. Grady Lenamond

    Grady Lenamond Newcomer, in training Topic Starter

    Here are the results from the OTL. I am running other scans now will post when I get results.

    All processes killed
    ========== OTL ==========
    Service SBSDWSCService stopped successfully!
    Service SBSDWSCService deleted successfully!
    File C:\Program Files\Spybot not found.
    Registry value HKEY_USERS\S-1-5-21-1904182780-2584462688-3666631873-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
    Folder C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
    File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
    File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
    Registry key HKEY_USERS\S-1-5-21-1904182780-2584462688-3666631873-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tmfhs.org\tmfremote\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1904182780-2584462688-3666631873-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tmfhs.org\tmfremote\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\Windows\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    C:\Windows\assembly\Desktop.ini moved successfully.
    File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
    File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File\Folder C:\Program Files\AskBarDis not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 41 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Experience
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: garrett lenamond
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 24207388 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 1516 bytes

    User: Owner
    ->Temp folder emptied: 731012 bytes
    ->Temporary Internet Files folder emptied: 9476563 bytes
    ->Java cache emptied: 2656214 bytes
    ->Google Chrome cache emptied: 13425619 bytes
    ->Flash cache emptied: 1960936 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 7280 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 50.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Experience

    User: garrett lenamond
    ->Java cache emptied: 0 bytes

    User: Owner
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Experience

    User: garrett lenamond
    ->Flash cache emptied: 0 bytes

    User: Owner
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10142012_232203

    Files\Folders moved on Reboot...
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ZJZB9ZF\us_yahoo_com[1].htm moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  16. Grady Lenamond

    Grady Lenamond Newcomer, in training Topic Starter

    Here are the other scan results

    Results of screen317's Security Check version 0.99.51
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Firewall Disabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    SpywareBlaster 4.6
    Spybot - Search & Destroy
    Malwarebytes Anti-Malware version 1.65.0.1400
    CCleaner
    Java 7 Update 7
    Adobe Reader 9 Adobe Reader out of Date!
    Google Chrome 22.0.1229.94
    ````````Process Check: objlist.exe by Laurent````````
    Comodo Firewall cmdagent.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````

    Farbar Service Scanner Version: 07-10-2012
    Ran by Owner (administrator) on 14-10-2012 at 23:38:16
    Running from "C:\Users\Owner\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Attempt to access Local Host IP returned error: Localhost is blocked: Destination is offline
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys
    [2012-09-11 16:11] - [2012-08-22 12:16] - 1292144 ____A (Microsoft Corporation) A5EBB8F648000E88B7D9390B514976BF

    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll
    [2012-10-10 01:04] - [2012-06-01 23:36] - 0140288 ____A (Microsoft Corporation) 96C0E38905CFD788313BE8E11DAE3F2F

    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****

    # AdwCleaner v2.005 - Logfile created 10/14/2012 at 23:41:21
    # Updated 14/10/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
    # User : Owner - NRMTJ3JB7
    # Boot Mode : Normal
    # Running from : C:\Users\Owner\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****

    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Registry is clean.

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [2050 octets] - [14/10/2012 23:41:21]

    ########## EOF - C:\AdwCleaner[S1].txt - [2110 octets] ##########
  17. Grady Lenamond

    Grady Lenamond Newcomer, in training Topic Starter

    The eset online scan took forever and no log was made. The computer seems to be working well. Am I all done? I will check back after work. Thanks.
  18. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    ============================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    13. Please, let me know, how your computer is doing.
     
  19. Grady Lenamond

    Grady Lenamond Newcomer, in training Topic Starter

    Here is the OTL log. I'm still working on the rest and will let you know when I finish.

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Experience
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: garrett lenamond
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Owner
    ->Temp folder emptied: 315644 bytes
    ->Temporary Internet Files folder emptied: 266746935 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 251227515 bytes
    ->Flash cache emptied: 1430 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 31456 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 494.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Experience

    User: garrett lenamond
    ->Flash cache emptied: 0 bytes

    User: Owner
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Experience

    User: garrett lenamond
    ->Java cache emptied: 0 bytes

    User: Owner
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 10162012_210108

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  20. Grady Lenamond

    Grady Lenamond Newcomer, in training Topic Starter

    The computer seems to be running fine. I only had one glitch when my outlook express kept sending and email over and over. The recipient received 90+ copies of the same email. I truly appreciate all of your help. I do not know what I would have done without it. Thanks again.
  21. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Way to go!! [​IMG]
    Good luck and stay safe :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.