Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please help! Viral/Worm infection in all machines in home network


  • Please log in to reply

#31
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP

Sorry for the delay.  Sundays are busy here.  Glad you have connectivity again.  The ipconfig shows the PC was not connected.  Can you give me one with the PC connected to the router?  I assume you have rebooted at least once since running the Windows Repair?


  • 0

Advertisements


#32
majorlag

majorlag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Nothing for you to be sorry about, I really appreciate all your help at anytime!

I'll hook Machine 2 up to the router and re-do the ipconfig capture this evening.

Attached are the VEW logs for Machine 2.

Attached File  VEW Logs 4.14.pdf   1.59MB   290 downloads
  • 0

#33
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP

The error you are getting for launchpad.exe is related to Windows Server.  Supposedly there is a log at %PROGRAMDATA%\Microsoft\Windows Server\Logs. You may find something helpful in Launchpad.log.  Might just be because it can't connect.


  • 0

#34
majorlag

majorlag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts

Machine 2

 

I will check the log. 

 

I changed the adapter settings to receive IP automatically, moved and connected the backup router, and voila!  IP address assigned. 

 

I may try to see if that machine can get internet access with the router in its proper position.  That would be great. 

 

Here's the ipconfig readout:

 

These Windows services are started:

   AMD External Events Utility
   Application Experience
   Application Information
   avast! Antivirus
   Background Intelligent Transfer Service
   Base Filtering Engine
   CNG Key Isolation
   COM+ Event System
   COMODO Dragon Update Service
   Cryptographic Services
   DCOM Server Process Launcher
   Desktop Window Manager Session Manager
   DHCP Client
   Diagnostic Policy Service
   Diagnostic Service Host
   Distributed Link Tracking Client
   DNS Client
   Encrypting File System (EFS)
   Function Discovery Provider Host
   Group Policy Client
   IKE and AuthIP IPsec Keying Modules
   IP Helper
   Machine Debug Manager
   Multimedia Class Scheduler
   Net.Tcp Port Sharing Service
   Network Connections
   Network List Service
   Network Location Awareness
   Network Store Interface Service
   Plug and Play
   PnP-X IP Bus Enumerator
   Portable Device Enumerator Service
   Power
   Print Spooler
   Program Compatibility Assistant Service
   Remote Access Connection Manager
   Remote Procedure Call (RPC)
   RPC Endpoint Mapper
   SAS Core Service
   Secondary Logon
   Secure Socket Tunneling Protocol Service
   Security Accounts Manager
   Security Center
   Server
   Shell Hardware Detection
   SSDP Discovery
   Superfetch
   System Event Notification Service
   Task Scheduler
   TCP/IP NetBIOS Helper
   Telephony
   Themes
   User Profile Service
   Windows Audio
   Windows Audio Endpoint Builder
   Windows Defender
   Windows Driver Foundation - User-mode Driver Framework
   Windows Event Log
   Windows Firewall
   Windows Font Cache Service
   Windows Management Instrumentation
   Windows Presentation Foundation Font Cache 3.0.0.0
   Windows Search
   Windows Server Client Computer Backup Provider Service
   Windows Server Connector Update
   Windows Server Download Service
   Windows Server Health Service
   Windows Server LAN Configuration
   Windows Server Media Center Client Service
   Windows Server Notifications Provider Service
   Windows Server Service Provider Registry
   Windows Server SQM Service
   Windows Time
   Windows Update
   WinHTTP Web Proxy Auto-Discovery Service
   Workstation

The command completed successfully.

Windows IP Configuration

   Host Name . . . . . . . . . . . . : HUTSELL2S
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 78-AC-C0-BE-D4-A8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.0.100(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, April 14, 2014 6:36:15 PM
   Lease Expires . . . . . . . . . . : Tuesday, April 15, 2014 6:36:15 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 8.8.8.8
                                       192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled


  • 0

#35
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP

OK this one seems to be working OK now.  Perhaps it was just the original router at fault?


  • 0

#36
majorlag

majorlag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts

I've reconnected Machine 2 to my switch and router, and it seems to be working OK. Reinstalled comodo from download from the work machine, GeekBuddy failed to install with a fatal error.

 

Posting an OTL log; does it appear clean? I am noticing a fair amount of TCP traffic between port 6602 and other random ports, all on this machine's IP (ie, from 192.168.0.100:6602 to 192.168.0.100:49204, for example).  I'm assuming the llmnr traffic to 224.0.0.252 is trying to talk to the home server, but I'm not sure.

 

Also seeing some UDP out to 192.168.0.255:137; nothing on my network has that address.

 

I tried reinstalling Avast on Machine 1, and it failed to initialize the pre-install scan (in safe mode).  Machine 1 also won't boot all the way.  i ran OTL on it, and will post that log as soon as I get up the nerve to copy the TXT file over via CD.  :upset:   I did notice there were two alternate data streams in the scan.

 

Anyhow, below is OTL from Machine 2, which is working but still looks a bit sketchy to me.

 

Thanks again for your help and your patience with me! 

 

OTL logfile created on: 4/14/2014 8:57:08 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\srhutsell\Desktop\Cleanup Aisle 5
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.75 Gb Total Physical Memory | 3.53 Gb Available Physical Memory | 74.26% Memory free
9.50 Gb Paging File | 7.23 Gb Available in Paging File | 76.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 536.05 Gb Free Space | 89.93% Space Free | Partition Type: NTFS
 
Computer Name: HUTSELL2S | User Name: srhutsell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/06 18:42:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\srhutsell\Desktop\Cleanup Aisle 5\OTL.exe
PRC - [2014/04/06 04:31:57 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/04/06 03:53:17 | 003,854,640 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/04/06 03:53:17 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/05/29 08:19:04 | 002,094,216 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/06 04:31:56 | 003,642,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/12/25 00:07:03 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/04/06 03:53:17 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/03/01 00:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/11/02 22:43:00 | 000,112,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\WhsMcClient.exe -- (WhsMcClient)
SRV:64bit: - [2012/11/02 22:07:28 | 000,080,504 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe -- (arXfrSvc)
SRV:64bit: - [2012/11/02 22:07:28 | 000,041,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe -- (ServiceProviderRegistry)
SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/06/30 00:42:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/03/02 16:46:44 | 000,027,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\LANConfigSvc.exe -- (LANConfig)
SRV:64bit: - [2011/03/02 16:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (WSS_ComputerBackupProviderSvc)
SRV:64bit: - [2011/03/02 16:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (SqmProviderSvc)
SRV:64bit: - [2011/03/02 16:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (providers_system)
SRV:64bit: - [2011/03/02 16:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (NotificationsProviderSvc)
SRV:64bit: - [2011/03/02 16:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (initMonitor)
SRV:64bit: - [2011/03/02 16:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (HealthAlertsSvc)
SRV:64bit: - [2011/03/02 16:46:34 | 000,228,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe -- (WSConnectorUpdate)
SRV - [2014/04/06 04:31:57 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/29 08:19:04 | 002,094,216 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/04/06 03:53:27 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/04/06 03:53:27 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/04/06 03:53:27 | 000,208,928 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/04/06 03:53:27 | 000,084,816 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/04/06 03:53:27 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/04/06 03:53:27 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/04/06 03:53:26 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/12/19 09:11:27 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/11/22 02:18:37 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/30 02:33:12 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/30 00:00:50 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/04/21 18:17:04 | 000,471,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/02 13:33:12 | 000,063,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BackupReader.sys -- (BackupReader)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/03/10 07:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AGERESoftModem)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/10/12 21:24:56 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...rchTerms}&crm=1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...soft:{language}
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...rchTerms}&crm=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.19
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/04/06 03:53:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/07/14 17:40:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\srhutsell\AppData\Roaming\Mozilla\Extensions
[2014/04/06 04:16:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\srhutsell\AppData\Roaming\Mozilla\Firefox\Profiles\gzywid7h.default\extensions
[2014/04/06 04:16:41 | 000,537,316 | ---- | M] () (No name found) -- C:\Users\srhutsell\AppData\Roaming\Mozilla\Firefox\Profiles\gzywid7h.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/04/06 04:31:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/04/06 04:31:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2014/04/13 17:07:40 | 000,000,835 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Launchpad] C:\Program Files\Windows Server\Bin\Launchpad.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - Startup: C:\Users\srhutsell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\procexp.exe (Sysinternals - www.sysinternals.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E194A9-4AC7-436E-B26B-BA50A034DC4D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E194A9-4AC7-436E-B26B-BA50A034DC4D}: NameServer = 8.8.8.8,192.168.0.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/13 17:06:34 | 000,000,000 | ---D | C] -- C:\Users\srhutsell\Desktop\ComIntRepair
[2014/04/13 00:22:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/04/11 21:41:31 | 000,000,000 | ---D | C] -- C:\FRST
[2014/04/11 21:41:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2014/04/11 21:41:17 | 002,157,056 | ---- | C] (Farbar) -- C:\Users\srhutsell\Desktop\FRST64.exe
[2014/04/10 03:51:19 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/10 03:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/10 03:51:09 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/10 03:51:09 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/10 03:51:09 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/10 03:51:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/10 03:49:36 | 017,305,616 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\srhutsell\Desktop\mbam-setup-2.0.1.1004.exe
[2014/04/10 03:45:25 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\srhutsell\Desktop\tdsskiller.exe
[2014/04/10 03:07:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/04/10 03:07:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/04/10 03:07:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/04/10 03:07:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/04/10 03:07:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/04/10 03:04:47 | 005,196,025 | R--- | C] (Swearware) -- C:\Users\srhutsell\Desktop\ComboFix.exe
[2014/04/10 02:58:48 | 000,000,000 | ---D | C] -- C:\Users\srhutsell\Desktop\4.10.14 Logs
[2014/04/10 02:58:17 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\srhutsell\Desktop\aswmbr.exe
[2014/04/09 04:59:58 | 000,000,000 | ---D | C] -- C:\Users\srhutsell\AppData\Local\ElevatedDiagnostics
[2014/04/08 01:29:06 | 004,900,568 | ---- | C] (COMODO) -- C:\ProgramData\cis26F0.exe
[2014/04/06 22:37:44 | 000,000,000 | ---D | C] -- C:\Users\srhutsell\Desktop\Cleanup Aisle 5
[2014/04/06 04:54:55 | 000,000,000 | ---D | C] -- C:\Users\srhutsell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft SmartSniff
[2014/04/06 04:54:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
[2014/04/06 04:31:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/04/06 03:53:24 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/14 20:53:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/14 18:34:47 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 501d43ed-97cc-46be-93a8-bfa21dc4efab.job
[2014/04/14 02:00:00 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 53e97ced-da88-404b-9dde-635c877baa69.job
[2014/04/13 17:15:53 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/13 17:15:53 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/13 17:12:49 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/13 17:12:49 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/13 17:12:49 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/13 17:08:27 | 3824,656,384 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/13 17:07:40 | 000,000,835 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/04/10 03:51:19 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/10 03:51:11 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/10 03:14:38 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2014/04/09 10:53:31 | 000,247,315 | ---- | M] () -- C:\Users\srhutsell\Desktop\4.9.14 Instructions.pdf
[2014/04/09 10:49:42 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\srhutsell\Desktop\tdsskiller.exe
[2014/04/09 10:47:22 | 000,061,440 | ---- | M] ( ) -- C:\Users\srhutsell\Desktop\VEW.exe
[2014/04/09 10:47:13 | 002,157,056 | ---- | M] (Farbar) -- C:\Users\srhutsell\Desktop\FRST64.exe
[2014/04/09 10:46:50 | 017,305,616 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\srhutsell\Desktop\mbam-setup-2.0.1.1004.exe
[2014/04/09 10:45:18 | 005,196,025 | R--- | M] (Swearware) -- C:\Users\srhutsell\Desktop\ComboFix.exe
[2014/04/09 10:43:25 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\srhutsell\Desktop\aswmbr.exe
[2014/04/09 05:33:46 | 000,053,064 | ---- | M] () -- C:\Users\srhutsell\Desktop\smsniff.4.9.14.ssp
[2014/04/06 04:14:12 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/04/06 04:14:12 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/04/06 03:54:09 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/04/06 03:53:27 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/04/06 03:53:27 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/04/06 03:53:27 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/04/06 03:53:27 | 000,208,928 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/04/06 03:53:27 | 000,084,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/04/06 03:53:27 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/04/06 03:53:27 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/04/06 03:53:26 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/04/06 03:53:24 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2014/04/11 21:43:41 | 000,061,440 | ---- | C] ( ) -- C:\Users\srhutsell\Desktop\VEW.exe
[2014/04/10 03:51:11 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/10 03:44:37 | 000,247,315 | ---- | C] () -- C:\Users\srhutsell\Desktop\4.9.14 Instructions.pdf
[2014/04/10 03:07:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/04/10 03:07:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/04/10 03:07:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/04/10 03:07:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/04/10 03:07:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/04/09 05:39:27 | 000,053,064 | ---- | C] () -- C:\Users\srhutsell\Desktop\smsniff.4.9.14.ssp
[2014/01/11 19:49:40 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/11/30 13:19:58 | 000,216,064 | ---- | C] () -- C:\Windows\SysWow64\gcapi_dll.dll
[2013/08/18 17:28:28 | 000,007,680 | ---- | C] () -- C:\Users\srhutsell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/22 23:43:31 | 003,566,434 | ---- | C] () -- C:\Windows\SysWow64\fun_avcodec.dll
[2013/07/22 23:43:31 | 000,827,392 | ---- | C] () -- C:\Windows\SysWow64\Mpeg4System.dll
[2013/07/22 23:43:31 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\Mpeg4Tools.dll
[2013/07/22 23:43:31 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\Mpeg4DSF.dll
[2013/07/22 23:43:31 | 000,042,108 | ---- | C] () -- C:\Windows\SysWow64\fun_avutil.dll
[2013/07/22 23:43:30 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\AMR.dll
[2013/07/22 23:43:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\EvrcDecDll.dll
[2013/07/22 23:43:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\AMRDSF.dll
[2013/07/14 18:36:06 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/07/13 13:07:28 | 000,774,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/10 01:07:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/07/09 22:55:14 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/15 22:50:17 | 000,001,024 | ---- | C] () -- C:\Users\srhutsell\.rnd.old
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
 


Edited by majorlag, 14 April 2014 - 08:54 PM.

  • 0

#37
majorlag

majorlag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts

Machine 1

 

OTL report (run in safe mode, machine extremely sluggish in normal boot)

 

OTL logfile created on: 4/14/2014 9:25:02 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ahutsell2001\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.97 Gb Total Physical Memory | 7.11 Gb Available Physical Memory | 89.19% Memory free
15.93 Gb Paging File | 15.10 Gb Available in Paging File | 94.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 866.68 Gb Free Space | 93.04% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1329.10 Gb Free Space | 71.34% Space Free | Partition Type: NTFS
Drive E: | 698.64 Gb Total Space | 693.64 Gb Free Space | 99.29% Space Free | Partition Type: NTFS
Drive F: | 292.97 Gb Total Space | 254.80 Gb Free Space | 86.97% Space Free | Partition Type: NTFS
Drive G: | 172.78 Gb Total Space | 172.42 Gb Free Space | 99.79% Space Free | Partition Type: NTFS
Drive H: | 2.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: HUTSELL1-7 | User Name: ahutsell2001 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2014/04/06 18:42:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ahutsell2001\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/01 00:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/02/10 15:16:01 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/10/20 03:23:22 | 006,254,152 | ---- | M] (COMODO) [Auto | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2013/10/16 09:08:06 | 000,186,056 | ---- | M] (Sandboxie Holdings, LLC) [Auto | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2013/10/10 18:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/09/24 12:53:32 | 000,164,056 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/11/02 22:43:00 | 000,112,224 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Server\Bin\WhsMcClient.exe -- (WhsMcClient)
SRV:64bit: - [2012/11/02 22:07:28 | 000,080,504 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe -- (arXfrSvc)
SRV:64bit: - [2012/11/02 22:07:28 | 000,041,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe -- (ServiceProviderRegistry)
SRV:64bit: - [2012/05/04 16:40:36 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/03/02 16:46:44 | 000,027,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Server\Bin\LANConfigSvc.exe -- (LANConfig)
SRV:64bit: - [2011/03/02 16:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (WSS_ComputerBackupProviderSvc)
SRV:64bit: - [2011/03/02 16:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (SqmProviderSvc)
SRV:64bit: - [2011/03/02 16:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (providers_system)
SRV:64bit: - [2011/03/02 16:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (NotificationsProviderSvc)
SRV:64bit: - [2011/03/02 16:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (initMonitor)
SRV:64bit: - [2011/03/02 16:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (HealthAlertsSvc)
SRV:64bit: - [2011/03/02 16:46:34 | 000,228,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe -- (WSConnectorUpdate)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/09/02 08:10:00 | 000,074,240 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Auto | Stopped] -- C:\Windows\SysNative\cypherixsrv.exe -- (cypherixservice)
SRV - [2014/03/20 13:31:01 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/17 09:09:48 | 004,915,040 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013/11/24 02:00:55 | 000,002,560 | ---- | M] () [Auto | Stopped] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2013/11/11 00:25:36 | 000,075,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/10/27 10:12:26 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/10/23 04:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/07/18 17:39:40 | 000,762,192 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2012/01/18 11:00:00 | 001,055,072 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Auto | Stopped] -- C:\Windows\SysWOW64\cypxsrv10.exe -- (cypherix10service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/24 11:31:28 | 000,928,496 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Auto | Stopped] -- C:\Windows\SysWow64\cypherixsrv.exe -- (cypherixservice)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/02/10 15:16:03 | 001,038,072 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/02/10 15:16:03 | 000,421,704 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/02/10 15:16:03 | 000,080,184 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/02/10 15:16:03 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/12/18 01:51:34 | 000,207,904 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/11/03 14:17:17 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/11/03 14:17:17 | 000,065,776 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/10/16 09:08:04 | 000,200,552 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2013/10/07 01:17:38 | 000,014,888 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\hmd.sys -- (HMD)
DRV:64bit: - [2013/09/24 12:54:12 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2013/05/07 03:00:18 | 000,037,976 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\CFRMD.sys -- (CFRMD)
DRV:64bit: - [2013/04/09 23:09:24 | 000,849,992 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/08/20 11:38:12 | 000,416,072 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2012/08/20 11:38:12 | 000,138,568 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2012/03/26 03:57:34 | 000,024,264 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NxDrv.sys -- (NxDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 11:00:00 | 000,102,656 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\cypxdv10.sys -- (cypxdv10)
DRV:64bit: - [2011/11/13 15:31:16 | 000,055,936 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/02 14:33:12 | 000,063,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BackupReader.sys -- (BackupReader)
DRV:64bit: - [2010/11/28 16:50:38 | 000,044,672 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 09:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/09 10:53:06 | 000,101,880 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\cyphxdrv.sys -- (cyphxdrv)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 16:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://myvaughnmelton.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "bing.com"
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.19
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/04/06 06:40:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2013/11/03 14:19:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ahutsell2001\AppData\Roaming\Mozilla\Extensions
[2014/03/25 23:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ahutsell2001\AppData\Roaming\Mozilla\Firefox\Profiles\r36d9hnq.default\extensions
[2014/03/25 23:58:20 | 000,537,316 | ---- | M] () (No name found) -- C:\Users\ahutsell2001\AppData\Roaming\Mozilla\Firefox\Profiles\r36d9hnq.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/03/20 13:30:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/20 13:31:01 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2014/03/12 06:09:55 | 000,000,877 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 192.168.0.176  OVERLORD  #Windows Server Added Entry#
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO)
O4:64bit: - HKLM..\Run: [Launchpad] C:\Program Files\Windows Server\Bin\Launchpad.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SonicWALLNetExtender] C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe (SonicWALL Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UVS12 Preload] C:\Program Files (x86)\Corel\Corel VideoStudio 12\uvPL.exe (Corel TW Corp.)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - Startup: C:\Users\ahutsell2001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8100 (Network).lnk =  File not found
O4 - Startup: C:\Users\ahutsell2001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\procexp.exe - Shortcut.lnk =  File not found
O4 - Startup: C:\Users\ahutsell2001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk = C:\Users\ahutsell2001\My Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: myvaughnmelton.com ([]https in Trusted sites)
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://myvaughnmelton.com/NELX.cab (NELaunchCtrl Class)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/01 01:29:35 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/14 21:24:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ahutsell2001\Desktop\OTL.exe
[2014/04/14 21:24:21 | 000,423,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\zopugfmj.sys
[2014/04/14 21:23:24 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\ahutsell2001\Desktop\aswmbr.exe
[2014/04/14 21:19:07 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2014/04/14 21:18:36 | 000,108,104 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2014/04/14 21:18:36 | 000,073,800 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll
[2014/03/27 15:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Video Converter Free 9
[2014/03/27 14:59:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Full Video Converter Free 9
[2014/03/27 12:47:18 | 000,000,000 | ---D | C] -- C:\Users\ahutsell2001\AppData\Roaming\LeapingBrain
[2014/03/27 12:46:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\tFolderToCreate
[2014/03/27 12:46:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LeapingBrain
[2014/03/20 13:30:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/03/18 15:07:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/14 21:24:21 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\zopugfmj.sys
[2014/04/14 21:20:10 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/14 21:20:10 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/14 21:20:10 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/14 21:16:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/14 21:15:59 | 2120,499,199 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/14 21:12:06 | 000,000,000 | ---- | M] () -- C:\Users\ahutsell2001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8100 (Network).lnk
[2014/04/14 21:11:37 | 000,001,393 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2014/04/09 10:43:25 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\ahutsell2001\Desktop\aswmbr.exe
[2014/04/06 18:42:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ahutsell2001\Desktop\OTL.exe
[2014/04/06 06:33:32 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/06 06:33:32 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/01 14:15:01 | 000,000,524 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task f0414407-5f3d-4e2b-a002-10e3e76b9ab0.job
[2014/04/01 02:00:02 | 000,000,524 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task efe55bae-0870-40a4-a515-a0bf0fab057d.job
[2014/03/31 21:52:02 | 000,001,772 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2014/03/31 20:46:48 | 000,268,952 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2014/03/27 15:00:26 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Full Video Converter Free 9.lnk
[2014/03/27 12:46:58 | 000,001,352 | ---- | M] () -- C:\Users\ahutsell2001\Desktop\Paladin Press On Demand.lnk
[2014/03/25 11:17:18 | 000,842,659 | ---- | M] () -- C:\Users\ahutsell2001\Desktop\TT-100.pdf
[2014/03/19 15:47:09 | 000,002,114 | ---- | M] () -- C:\Users\ahutsell2001\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/03/18 20:36:48 | 000,286,226 | ---- | M] () -- C:\Users\ahutsell2001\Desktop\Commands list  Wolfenstein Enemy Territory.pdf
 
========== Files Created - No Company Name ==========
 
[2014/03/27 15:00:26 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Full Video Converter Free 9.lnk
[2014/03/27 12:46:58 | 000,001,352 | ---- | C] () -- C:\Users\ahutsell2001\Desktop\Paladin Press On Demand.lnk
[2014/03/25 11:21:48 | 000,842,659 | ---- | C] () -- C:\Users\ahutsell2001\Desktop\TT-100.pdf
[2014/03/18 20:36:42 | 000,286,226 | ---- | C] () -- C:\Users\ahutsell2001\Desktop\Commands list  Wolfenstein Enemy Territory.pdf
[2014/01/13 22:47:12 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/12/10 12:54:49 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2013/12/10 12:54:49 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2013/12/10 12:54:49 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2013/12/10 12:54:49 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2013/12/10 12:54:49 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2013/12/10 12:54:49 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2013/11/24 02:01:00 | 000,001,393 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys
[2013/11/24 02:01:00 | 000,001,393 | -HS- | C] () -- C:\Windows\SysWow64\mmf(478).sys
[2013/11/24 02:00:55 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2013/11/24 02:00:51 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2013/11/18 22:44:32 | 000,005,632 | ---- | C] () -- C:\Users\ahutsell2001\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/11 00:26:01 | 000,268,952 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/11/11 00:25:36 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/11/08 01:38:13 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/11/07 22:32:34 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/11/03 14:44:41 | 000,001,772 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/05/04 16:37:46 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:9638A27E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:BC359956

< End of report >


  • 0

#38
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP

#2 looks OK except that Windows Defender is running.  Normally Avast will turn it off so it doesn't interfere.

 

#1 shows very little.  Some deadwood and some adware.  There is a strange driver that claims it is from Avast but doesn't look right.

 

[2014/04/14 21:24:21 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\zopugfmj.sys

 

Can you run FRST on it and also Process Explorer:

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 


  • 0

#39
majorlag

majorlag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts

Machine 1

 

Guess I should first say that before I came to Geekstogo with this problem, I tried a System Restore on this machine (and #2) and they both failed.

 

Process explorer was not running last night, said it needed to be run from a writeable directory.  Could not install/uninstall programs (said I needed to wait until the current one installed/uninstalled).  Avast service was not running (at least in safe mode), and Comodo was clearly not working.  Trying to run regedit (just as a test) made the screen go black.  I did run MBAM in safe mode (no hits), am running AVIRA recovery disk scan.  Tried to set AVAST to do a boot time scan, but it didn't do anything on reboot. 

 

I'll try FRST this evening.

 

Thanks!


  • 0

#40
majorlag

majorlag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts

Machine 1

 

Finally got FRST to run...it took disabling the Comodo HIPS feature to get anything to happen.  Tried uninstalling Comodo and it hung up...killed an msiexec process and it claimed to have finished. 

 

FRST & Addition:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 33 days old and could be outdated)
Ran by ahutsell2001 (administrator) on HUTSELL1-7 on 15-04-2014 18:33:41
Running from C:\Users\ahutsell2001\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Cypherix Software (India) Pvt. Ltd.) C:\Windows\SysWOW64\cypxsrv10.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
() C:\Windows\runservice.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\WhsMcClient.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(SonicWALL Inc.) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Windows\SysWOW64\runonce.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1612504 2013-11-11] (COMODO)
HKLM\...\Run: [Launchpad] - C:\Program Files\Windows Server\Bin\Launchpad.exe [1099360 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [SonicWALLNetExtender] - C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [1100832 2012-03-29] (SonicWALL Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-10] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [UVS12 Preload] - C:\Program Files (x86)\Corel\Corel VideoStudio 12\uvPL.exe [397456 2008-06-09] (Corel TW Corp.)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-11-06] (Microsoft Corporation)
HKU\S-1-5-21-2368243782-2037709877-4180025535-1000\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2013-10-16] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2368243782-2037709877-4180025535-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-14] (SUPERAntiSpyware)
HKU\S-1-5-21-2368243782-2037709877-4180025535-1000\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
Startup: C:\Users\ahutsell2001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8100 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8100 (Network).lnk ->  (No File)
Startup: C:\Users\ahutsell2001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\procexp.exe - Shortcut.lnk
ShortcutTarget: procexp.exe - Shortcut.lnk -> C:\Windows\System32\Process Explorer\procexp.exe (Sysinternals - www.sysinternals.com)
Startup: C:\Users\ahutsell2001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk
ShortcutTarget: RCA Detective.lnk -> C:\Users\ahutsell2001\Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myvaughnmelton.com/
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://myvaughnmelton.com/NELX.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File

FireFox:
========
FF ProfilePath: C:\Users\ahutsell2001\AppData\Roaming\Mozilla\Firefox\Profiles\r36d9hnq.default
FF Homepage: bing.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF Extension: NoScript - C:\Users\ahutsell2001\AppData\Roaming\Mozilla\Firefox\Profiles\r36d9hnq.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-11-03]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-03]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-10] (AVAST Software)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6254152 2013-10-20] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [164056 2013-09-24] (COMODO)
R2 cypherix10service; C:\Windows\SysWOW64\cypxsrv10.exe [1055072 2012-01-18] (Cypherix Software (India) Pvt. Ltd.)
S2 cypherixservice; C:\Windows\system32\cypherixsrv.exe [74240 2008-09-02] (Cypherix Software (India) Pvt. Ltd.)
S2 cypherixservice; C:\Windows\SysWOW64\cypherixsrv.exe [928496 2009-12-24] (Cypherix Software (India) Pvt. Ltd.)
R2 HealthAlertsSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
S2 initMonitor; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
R2 LicCtrlService; C:\Windows\runservice.exe [2560 2013-11-24] ()
R2 NotificationsProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-11-11] ()
R2 providers_system; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
R2 ServiceProviderRegistry; C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [41568 2012-11-02] (Microsoft Corporation)
R2 SqmProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
R2 WSS_ComputerBackupProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-10] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-18] ()
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2013-05-07] (Windows ® Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-09-24] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [709144 2013-11-14] (COMODO)
S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48872 2013-09-24] (COMODO)
R2 cyphxdrv; C:\Windows\system32\Drivers\cyphxdrv.sys [101880 2010-02-09] (Cypherix Software (India) Pvt. Ltd.)
R1 cypxdv10; C:\Windows\system32\Drivers\cypxdv10.sys [102656 2012-01-18] (Cypherix Software (India) Pvt. Ltd.)
R1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [14888 2013-10-07] ()
S1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-09-24] (COMODO)
S3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [24264 2012-03-26] (SonicWALL Inc.)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 MSICDSetup; \??\H:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\H:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-15 18:33 - 2014-04-15 18:33 - 00015381 _____ () C:\Users\ahutsell2001\Desktop\FRST.txt
2014-04-15 17:51 - 2014-04-15 18:33 - 00000000 ____D () C:\FRST
2014-04-15 17:50 - 2014-04-07 17:09 - 02157056 _____ (Farbar) C:\Users\ahutsell2001\Desktop\FRST64.exe
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_9.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_8.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_7.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_6.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_5.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_4.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_33.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_32.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_31.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_30.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_3.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_29.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_28.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_27.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_26.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_25.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_24.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_23.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_22.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_20.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_2.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_19.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_18.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_17.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_16.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_15.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_14.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_13.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_12.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_11.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_10.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_1.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_0.log
2014-04-15 00:20 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_20_59.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_9.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_8.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_7.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_6.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_58.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_57.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_56.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_55.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_54.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_53.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_52.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_51.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_50.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_5.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_49.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_48.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_47.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_46.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_45.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_44.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_43.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_42.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_41.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_40.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_4.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_39.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_38.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_37.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_36.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_35.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_34.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_32.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_30.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_3.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_29.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_28.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_27.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_26.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_25.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_24.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_23.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_2.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_19.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_18.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_17.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_16.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_15.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_14.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_13.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_12.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_11.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_10.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_1.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_0.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000038 _____ () C:\15_4_20_31.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_59.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_58.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_57.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_56.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_55.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_54.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_53.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_52.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_51.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_50.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_49.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_48.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_47.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_46.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_45.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_44.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_43.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_42.log
2014-04-14 23:41 - 2014-04-15 00:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 23:41 - 2014-04-14 23:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-14 23:41 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-14 23:41 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-14 21:34 - 2014-04-14 21:34 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\cuggcwid.sys
2014-04-14 21:29 - 2014-04-14 21:29 - 00068906 _____ () C:\Users\ahutsell2001\Desktop\OTL.4.14.Txt
2014-04-14 21:27 - 2014-04-14 21:27 - 00068906 _____ () C:\Users\ahutsell2001\Desktop\OTL.Txt
2014-04-14 21:24 - 2014-04-14 21:24 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\zopugfmj.sys
2014-04-14 21:24 - 2014-04-06 18:42 - 00602112 _____ (OldTimer Tools) C:\Users\ahutsell2001\Desktop\OTL.exe
2014-04-14 21:23 - 2014-04-09 10:43 - 04745728 _____ (AVAST Software) C:\Users\ahutsell2001\Desktop\aswmbr.exe
2014-04-14 21:18 - 2013-04-09 23:09 - 00108104 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2014-04-14 21:18 - 2013-04-09 23:09 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-04-06 06:24 - 2014-04-06 06:24 - 00003290 _____ () C:\Windows\System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}
2014-03-27 15:00 - 2014-03-27 15:00 - 00001030 _____ () C:\Users\Public\Desktop\Full Video Converter Free 9.lnk
2014-03-27 14:59 - 2014-03-27 15:00 - 00000000 ____D () C:\Program Files (x86)\Full Video Converter Free 9
2014-03-27 12:47 - 2014-03-27 12:47 - 00000000 ____D () C:\Users\ahutsell2001\AppData\Roaming\LeapingBrain
2014-03-27 12:46 - 2014-03-27 12:46 - 00001352 _____ () C:\Users\ahutsell2001\Desktop\Paladin Press On Demand.lnk
2014-03-27 12:46 - 2014-03-27 12:46 - 00000000 ____D () C:\Windows\SysWOW64\tFolderToCreate
2014-03-27 12:46 - 2014-03-27 12:46 - 00000000 ____D () C:\Users\ahutsell2001\AppData\Roaming\Microsoft\Windows\Start Menu\LeapingBrain
2014-03-27 12:46 - 2014-03-27 12:46 - 00000000 ____D () C:\Program Files (x86)\LeapingBrain
2014-03-20 13:30 - 2014-03-20 13:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-18 15:07 - 2014-03-19 15:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

2014-04-15 18:33 - 2014-04-15 18:33 - 00015381 _____ () C:\Users\ahutsell2001\Desktop\FRST.txt
2014-04-15 18:33 - 2014-04-15 17:51 - 00000000 ____D () C:\FRST
2014-04-15 18:26 - 2013-11-03 13:26 - 01498754 _____ () C:\Windows\WindowsUpdate.log
2014-04-15 18:26 - 2009-07-14 01:13 - 00779266 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-15 18:17 - 2013-11-29 01:57 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-15 18:17 - 2013-11-24 02:01 - 00001393 ___SH () C:\Windows\SysWOW64\mmf.sys
2014-04-15 18:17 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-15 18:17 - 2009-07-14 00:51 - 00024813 _____ () C:\Windows\setupact.log
2014-04-15 00:39 - 2014-04-14 23:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_9.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_8.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_7.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_6.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_5.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_4.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_33.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_32.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_31.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_30.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_3.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_29.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_28.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_27.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_26.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_25.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_24.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_23.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_22.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_20.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_2.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_19.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_18.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_17.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_16.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_15.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_14.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_13.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_12.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_11.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_10.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_1.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_0.log
2014-04-15 00:21 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_59.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_9.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_8.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_7.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_6.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_58.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_57.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_56.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_55.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_54.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_53.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_52.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_51.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_50.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_5.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_49.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_48.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_47.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_46.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_45.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_44.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_43.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_42.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_41.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_40.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_4.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_39.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_38.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_37.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_36.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_35.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_34.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_32.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_30.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_3.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_29.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_28.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_27.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_26.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_25.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_24.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_23.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_2.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_19.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_18.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_17.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_16.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_15.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_14.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_13.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_12.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_11.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_10.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_1.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_0.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000038 _____ () C:\15_4_20_31.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_59.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_58.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_57.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_56.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_55.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_54.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_53.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_52.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_51.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_50.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_49.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_48.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_47.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_46.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_45.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_44.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_43.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_42.log
2014-04-14 23:41 - 2014-04-14 23:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-14 23:41 - 2013-11-03 15:16 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-14 23:41 - 2013-11-03 15:16 - 00000000 ____D () C:\Users\ahutsell2001\AppData\Roaming\Malwarebytes
2014-04-14 23:41 - 2013-11-03 15:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 21:34 - 2014-04-14 21:34 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\cuggcwid.sys
2014-04-14 21:29 - 2014-04-14 21:29 - 00068906 _____ () C:\Users\ahutsell2001\Desktop\OTL.4.14.Txt
2014-04-14 21:27 - 2014-04-14 21:27 - 00068906 _____ () C:\Users\ahutsell2001\Desktop\OTL.Txt
2014-04-14 21:24 - 2014-04-14 21:24 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\zopugfmj.sys
2014-04-14 21:18 - 2013-11-03 13:34 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-04-09 10:43 - 2014-04-14 21:23 - 04745728 _____ (AVAST Software) C:\Users\ahutsell2001\Desktop\aswmbr.exe
2014-04-07 17:09 - 2014-04-15 17:50 - 02157056 _____ (Farbar) C:\Users\ahutsell2001\Desktop\FRST64.exe
2014-04-06 18:42 - 2014-04-14 21:24 - 00602112 _____ (OldTimer Tools) C:\Users\ahutsell2001\Desktop\OTL.exe
2014-04-06 06:43 - 2013-11-03 13:25 - 00000000 ____D () C:\Users\ahutsell2001
2014-04-06 06:42 - 2013-11-03 14:47 - 00000000 ____D () C:\ProgramData\COMODO
2014-04-06 06:40 - 2014-01-04 17:02 - 00000000 ____D () C:\Users\ahutsell2001\Desktop\H&R Block Tax Software Deluxe 2013 Win (Download)
2014-04-06 06:40 - 2013-12-10 12:53 - 00000000 ____D () C:\ProgramData\Ulead Systems
2014-04-06 06:40 - 2013-11-03 15:27 - 00000000 ____D () C:\Windows\system32\Macromed
2014-04-06 06:40 - 2013-11-03 14:48 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2014-04-06 06:40 - 2013-11-03 14:46 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-04-06 06:40 - 2013-11-03 14:46 - 00000000 ____D () C:\Program Files\COMODO
2014-04-06 06:40 - 2013-11-03 14:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-06 06:40 - 2013-11-03 13:25 - 00000000 ___RD () C:\Users\ahutsell2001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-06 06:40 - 2009-07-14 03:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-06 06:40 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-04-06 06:40 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-04-06 06:33 - 2009-07-14 00:45 - 00015168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-06 06:33 - 2009-07-14 00:45 - 00015168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-06 06:24 - 2014-04-06 06:24 - 00003290 _____ () C:\Windows\System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}
2014-04-03 09:51 - 2014-04-14 23:41 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-14 23:41 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2013-11-03 15:16 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 23:47 - 2013-12-10 22:41 - 00000000 ____D () C:\Users\ahutsell2001\AppData\Local\Adobe
2014-04-01 14:15 - 2013-11-03 15:15 - 00000524 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f0414407-5f3d-4e2b-a002-10e3e76b9ab0.job
2014-04-01 02:00 - 2014-03-08 23:32 - 00000524 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task efe55bae-0870-40a4-a515-a0bf0fab057d.job
2014-03-31 23:27 - 2013-11-03 15:12 - 00003812 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1159398F-F9D3-44D7-81DC-485539E19408}
2014-03-31 21:52 - 2013-11-03 14:44 - 00001772 _____ () C:\Windows\Sandboxie.ini
2014-03-31 20:46 - 2013-11-11 00:26 - 00268952 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-03-27 15:00 - 2014-03-27 15:00 - 00001030 _____ () C:\Users\Public\Desktop\Full Video Converter Free 9.lnk
2014-03-27 15:00 - 2014-03-27 14:59 - 00000000 ____D () C:\Program Files (x86)\Full Video Converter Free 9
2014-03-27 12:47 - 2014-03-27 12:47 - 00000000 ____D () C:\Users\ahutsell2001\AppData\Roaming\LeapingBrain
2014-03-27 12:46 - 2014-03-27 12:46 - 00001352 _____ () C:\Users\ahutsell2001\Desktop\Paladin Press On Demand.lnk
2014-03-27 12:46 - 2014-03-27 12:46 - 00000000 ____D () C:\Windows\SysWOW64\tFolderToCreate
2014-03-27 12:46 - 2014-03-27 12:46 - 00000000 ____D () C:\Users\ahutsell2001\AppData\Roaming\Microsoft\Windows\Start Menu\LeapingBrain
2014-03-27 12:46 - 2014-03-27 12:46 - 00000000 ____D () C:\Program Files (x86)\LeapingBrain
2014-03-20 13:31 - 2014-03-20 13:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-19 15:47 - 2014-03-18 15:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-18 23:09 - 2013-11-24 18:08 - 00000000 ____D () C:\Users\ahutsell2001\Desktop\eBay
2014-03-17 23:06 - 2013-11-06 12:19 - 00000000 ____D () C:\Users\ahutsell2001\AppData\Local\Paint.NET

Some content of TEMP:
====================
C:\Users\ahutsell2001\AppData\Local\Temp\procexp64.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-30 01:43

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by ahutsell2001 at 2014-04-15 18:34:04
Running from C:\Users\ahutsell2001\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

==================== Installed Programs ======================

[email protected] KillDisk Professional Suite 7.5 (HKLM-x32\...\{3F36F1F6-D55E-4C60-A9DD-809FED24CED7}_is1) (Version: 7.5 - LSoft Technologies Inc)
[email protected] KillDisk Professional Suite 8.0 (HKLM\...\{0F62EFB8-3C1C-4EE6-B6EF-9593007F9B03}_is1) (Version: 8.0 - LSoft Technologies Inc)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
AMD APP SDK Runtime (Version: 10.0.873.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{DD562794-C098-A1E5-66ED-10E8BD1C84C5}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden
ArcGIS Explorer Desktop (32 bit) (HKLM-x32\...\ArcGIS Explorer Desktop) (Version: 10.1.2500 - Environmental Systems Research Institute, Inc.)
ArcGIS Explorer Desktop (x32 Version: 10.1.2500 - Environmental Systems Research Institute, Inc.) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.2.0 - Asmedia Technology)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2013 - Avast Software)
Beyond Compare 3.3.8 (HKLM-x32\...\BeyondCompare3_is1) (Version: 3.3.8.16340 - Scooter Software)
BufferChm (x32 Version: 130.0.327.000 - Hewlett-Packard) Hidden
Catalyst Control Center (x32 Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Combat Mission Beyond Overlord v1.12 (HKLM-x32\...\Combat Mission Beyond Overlord v1.12_is1) (Version:  - Battlefront.com, Inc.)
COMODO Firewall (HKLM\...\{40F962CF-3C1E-44EB-A319-5590BEEB90CF}) (Version: 6.3.35694.2953 - COMODO Security Solutions Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Content Manager (HKLM-x32\...\{B64BC516-2406-43AE-A21A-1E387A2343B1}) (Version: 2.70 - Magellan)
Corel VideoStudio 12 (HKLM-x32\...\InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}) (Version: 12.0.0.0000 - Corel Corporation)
Cypherix Drivers (HKLM\...\crydrs_is1) (Version: 8.0 - Cypherix)
Cypherix Drivers (HKLM-x32\...\cypdrs_is1) (Version: 8.1 - Cypherix Software)
Cypherix LE 10 (HKLM-x32\...\cyple10_is1) (Version: 10 - Cypherix Software)
Darklands (HKLM-x32\...\GOGPACKDARKLANDS_is1) (Version: 2.0.0.6 - GOG.com)
DeCypherIT (HKLM-x32\...\crydecit_is1) (Version: 2.0.6 - Cypherix)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
DVDFab HD Decrypter 3.2.1.0 (HKLM-x32\...\DVDFab HD Decrypter_is1) (Version:  - Fengtao Software Inc.)
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Forge of Freedom (HKLM-x32\...\Forge of Freedom1.10.10b) (Version: 1.10.10b - Matrix Games)
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version:  - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.2.413 - Foxit Corporation)
Full Video Converter Free 9 (HKLM-x32\...\{D7A1BF13-4DA3-4391-855D-D61ADADF74A6}_is1) (Version:  - Full Video Studio)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPBaseService2 (x32 Version: 130.0.367.000 - Hewlett-Packard) Hidden
H&R Block Basic + Efile 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.02.7803 - HRB Technology, LLC.)
H&R Block Deluxe + Efile 2013 (HKLM-x32\...\{AD9F55C5-93F8-4CAB-A311-77C195912CA4}) (Version: 13.04.6401 - HRB Technology, LLC.)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet Pro 8100 Basic Device Software (HKLM\...\{E6403545-8324-47B4-ADCD-4F8A4CD8A1E1}) (Version: 28.0.1321.0 - Hewlett-Packard Co.)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Scanjet G3010 (HKLM\...\{3B3FA519-42F3-4534-B867-960481329CFC}) (Version: 13.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
hpg3010 (x32 Version: 14.0.0.0 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.367.000 - Hewlett-Packard) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
KeyboardTest V3.0 (HKLM-x32\...\KeyboardTest_is1) (Version:  - PassMark Software)
LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91E30409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 en-US)) (Version: 24.4.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Neo's SafeKeys v3 (HKCU\...\Neo's SafeKeys v3) (Version: 3.1.4.0 - Aplin Software)
Nero Burning Core (x32 Version: 15.0.25001 - Nero AG) Hidden
Nero Burning ROM (x32 Version: 15.0.25001 - Nero AG) Hidden
Nero Burning ROM 2014 (HKLM-x32\...\{AAC14A8B-EA9B-433C-829D-1EE29CED5625}) (Version: 15.0.01400 - Nero AG)
Nero Burning ROM Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.16700 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.22900 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.15005 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.13300.42.0 - Nero AG) Hidden
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Paint.NET v3.31 (HKLM\...\{51AFB69C-1C54-4C77-A888-2860F8CD3E7E}) (Version: 3.31.0 - dotPDN LLC)
PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
RCA Detective™ 2.0.0.99 (HKLM-x32\...\RCA Detective™_is1) (Version:  - RCA)
RCA Digital Voice Manager 5.1.1.2 (HKLM-x32\...\RCA Digital Voice Manager_is1) (Version:  - RCA)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6959 - Realtek Semiconductor Corp.)
Sandboxie 4.06 (64-bit) (HKLM\...\Sandboxie) (Version: 4.06 - Sandboxie Holdings, LLC)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.5.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (x32 Version: 3.0.5.0 - SmartSound Software Inc) Hidden
SolutionCenter (x32 Version: 130.0.369.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1040 - SUPERAntiSpyware.com)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
VideoStudio (x32 Version: 12.0.0.0000 - Corel Corporation) Hidden
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Wars in America 1.01b (HKLM-x32\...\Wars in America_is1) (Version:  - AGEOD)
WebReg (x32 Version: 130.0.128.017 - Hewlett-Packard) Hidden
Windows Home Server 2011 Connector (HKLM\...\{C1E4D639-4A33-4314-809E-89BD0EF48522}) (Version: 6.1.8800.16400 - Microsoft Corporation)
Wolfenstein - Enemy Territory (HKLM-x32\...\Wolfenstein - Enemy Territory) (Version:  - )

==================== Restore Points  =========================

18-03-2014 13:08:50 Windows Update
21-03-2014 18:34:02 Windows Update
29-03-2014 04:36:54 Scheduled Checkpoint
31-03-2014 21:11:58 Windows Update
01-04-2014 18:48:59 avast! antivirus system restore point
05-04-2014 04:05:19 Windows Update
06-04-2014 10:38:36 Restore Operation
06-04-2014 10:43:04 avast! antivirus system restore point
15-04-2014 03:36:42 avast! antivirus system restore point
15-04-2014 03:37:17 avast! antivirus system restore point
15-04-2014 11:32:21 avast! antivirus system restore point

==================== Hosts content: ==========================

2009-07-13 22:34 - 2014-04-15 17:51 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1820E7A6-09F0-414F-89B8-B617B449B535} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd)
Task: {2D1D33BC-68B2-4586-AFBF-C124F6235807} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-10] (AVAST Software)
Task: {38B10C9B-34D4-439F-90D1-73081F43F6F4} - System32\Tasks\Microsoft\Windows\Windows Server\SaveCEIPData => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation)
Task: {3C338DFE-E55A-4B94-AE38-4BFFFBB3FC6B} - System32\Tasks\SUPERAntiSpyware Scheduled Task efe55bae-0870-40a4-a515-a0bf0fab057d => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-10-10] (SUPERAdBlocker.com)
Task: {591574CC-091E-45D1-9E38-A99B9578645B} - System32\Tasks\Microsoft\Windows\Windows Server\Backup_On_Idle => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation)
Task: {6C01DE1F-C254-4CAE-87A7-8DA2E9FF5DB6} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-11-11] (COMODO)
Task: {7B79CA9F-1067-4699-8EFE-F51398FC4BBC} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2013-11-20] (COMODO)
Task: {7D91873D-69EE-462C-93A2-46AA2418A1C5} - System32\Tasks\Microsoft\Windows\Windows Server\UploadCEIPData => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation)
Task: {8559B59D-235C-4FE7-8792-A6B614B61094} - System32\Tasks\Microsoft\Windows\Windows Server\Alert Evaluations => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation)
Task: {8F4A6D50-FDF8-413F-826B-9BD72F8B0002} - System32\Tasks\SERVER SYNC => C:\Program Files\SyncToy 2.1\SyncToyCmd.exe [2009-10-19] (Microsoft Corporation)
Task: {9E3F93CF-3964-41D0-9687-40EAC0E820BD} - System32\Tasks\Microsoft\Windows\Windows Server\Backup => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation)
Task: {9F366EDF-A3A0-46E9-904C-787DF22478C9} - System32\Tasks\SUPERAntiSpyware Scheduled Task f0414407-5f3d-4e2b-a002-10e3e76b9ab0 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-10-10] (SUPERAdBlocker.com)
Task: {B477D468-34D1-477C-8CFF-3BD944E56D29} - System32\Tasks\Microsoft\Windows\Windows Server\Health Definition Updates => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation)
Task: {BA7072AA-0CC7-4499-B3C9-DCEA441173EF} - System32\Tasks\Microsoft\Windows\Windows Server\RenewClientCertificate => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation)
Task: {D92F9EFA-A53A-4554-B94D-7AAAC9A33011} - System32\Tasks\Microsoft\Windows\Windows Server\InstallAddIns => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation)
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task efe55bae-0870-40a4-a515-a0bf0fab057d.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f0414407-5f3d-4e2b-a002-10e3e76b9ab0.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2013-11-29 01:56 - 2013-10-23 04:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-06-06 10:20 - 2010-06-06 10:20 - 00065344 _____ () C:\Windows\System32\PDFreDirectMon64.dll
2012-11-22 09:48 - 2012-11-22 09:48 - 00034304 _____ () C:\Windows\System32\ssi5mlm.dll
2013-11-24 02:00 - 2013-11-24 02:00 - 00002560 _____ () C:\Windows\runservice.exe
2013-11-11 00:25 - 2013-11-11 00:25 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-11-24 02:00 - 2013-11-24 02:00 - 00048640 _____ () C:\Windows\mmfs.dll
2011-03-04 13:02 - 2011-03-04 13:02 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2011-03-04 13:02 - 2011-03-04 13:02 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2011-03-04 13:02 - 2011-03-04 13:02 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:9638A27E
AlternateDataStreams: C:\ProgramData\TEMP:BC359956

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: COMODO Internet Security Firewall Driver
Description: COMODO Internet Security Firewall Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: inspect
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: COMODO Internet Security Helper Driver
Description: COMODO Internet Security Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: cmdHlp
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/15/2014 06:32:09 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files\AVAST Software\Avast\setup\instup.exe Files\AVAST Software\Avast\setup\instup.exe" /instop:repair; Description = avast! antivirus system restore point; Error = 0x80070005).

Error: (04/15/2014 06:17:50 PM) (Source: cyphxservice) (User: )
Description: cyphxservice error: 2The system cannot find the file specified. (0x2)

Error: (04/15/2014 06:09:12 PM) (Source: cyphxservice) (User: )
Description: cyphxservice error: 2The system cannot find the file specified. (0x2)

Error: (04/15/2014 06:01:11 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files\AVAST Software\Avast\setup\instup.exe Files\AVAST Software\Avast\setup\instup.exe" /instop:repair; Description = avast! antivirus system restore point; Error = 0x80070005).

Error: (04/15/2014 05:53:10 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000294,(null),0,REG_BINARY,0000000002C0DE60.72).  hr = 0x80070005, Access is denied.
.

Operation:
   Gathering Writer Data
   Executing Asynchronous Operation

Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata

Error: (04/15/2014 05:49:41 PM) (Source: cyphxservice) (User: )
Description: cyphxservice error: 2The system cannot find the file specified. (0x2)

Error: (04/15/2014 07:32:05 AM) (Source: cyphxservice) (User: )
Description: cyphxservice error: 2The system cannot find the file specified. (0x2)

Error: (04/14/2014 11:36:19 PM) (Source: cyphxservice) (User: )
Description: cyphxservice error: 2The system cannot find the file specified. (0x2)

Error: (04/14/2014 09:18:29 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Users\AHUTSE~1\AppData\Local\Temp\{B6B196F1-B7B3-4EB9-8028-76D6C8283020}\setup.exe  -media_path:"H:\Network\Realtek\PCIE\WIN7\" -tempdisk1folder:"C:\Users\AHUTSE~1\AppData\Local\Temp\{B6B196F1-B7B3-4EB9-8028-76D6C8283020}\"; Description = Installed Realtek Ethernet Controller Driver; Error = 0x8007043c).

Error: (04/14/2014 09:11:37 PM) (Source: cyphxservice) (User: )
Description: cyphxservice error: 2The system cannot find the file specified. (0x2)

System errors:
=============
Error: (04/15/2014 06:32:02 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (04/15/2014 06:31:13 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (04/15/2014 06:31:13 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (04/15/2014 06:30:43 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (04/15/2014 06:30:43 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (04/15/2014 06:30:13 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (04/15/2014 06:30:13 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (04/15/2014 06:25:01 PM) (Source: DCOM) (User: )
Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

Error: (04/15/2014 06:24:33 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Nero Update service to connect.

Error: (04/15/2014 06:24:02 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Microsoft Office Sessions:
=========================
Error: (04/15/2014 06:32:09 PM) (Source: System Restore)(User: )
Description: C:\Program Files\AVAST Software\Avast\setup\instup.exe Files\AVAST Software\Avast\setup\instup.exe" /instop:repairavast! antivirus system restore point0x80070005

Error: (04/15/2014 06:17:50 PM) (Source: cyphxservice)(User: )
Description: cyphxservice error: 2The system cannot find the file specified. (0x2)

Error: (04/15/2014 06:09:12 PM) (Source: cyphxservice)(User: )
Description: cyphxservice error: 2The system cannot find the file specified. (0x2)

Error: (04/15/2014 06:01:11 PM) (Source: System Restore)(User: )
Description: C:\Program Files\AVAST Software\Avast\setup\instup.exe Files\AVAST Software\Avast\setup\instup.exe" /instop:repairavast! antivirus system restore point0x80070005

Error: (04/15/2014 05:53:10 PM) (Source: VSS)(User: )
Description: RegSetValueExW(0x00000294,(null),0,REG_BINARY,0000000002C0DE60.72)0x80070005, Access is denied.

Operation:
   Gathering Writer Data
   Executing Asynchronous Operation

Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata

Error: (04/15/2014 05:49:41 PM) (Source: cyphxservice)(User: )
Description: cyphxservice error: 2The system cannot find the file specified. (0x2)

Error: (04/15/2014 07:32:05 AM) (Source: cyphxservice)(User: )
Description: cyphxservice error: 2The system cannot find the file specified. (0x2)

Error: (04/14/2014 11:36:19 PM) (Source: cyphxservice)(User: )
Description: cyphxservice error: 2The system cannot find the file specified. (0x2)

Error: (04/14/2014 09:18:29 PM) (Source: System Restore)(User: )
Description: C:\Users\AHUTSE~1\AppData\Local\Temp\{B6B196F1-B7B3-4EB9-8028-76D6C8283020}\setup.exe  -media_path:"H:\Network\Realtek\PCIE\WIN7\" -tempdisk1folder:"C:\Users\AHUTSE~1\AppData\Local\Temp\{B6B196F1-B7B3-4EB9-8028-76D6C8283020}\"Installed Realtek Ethernet Controller Driver0x8007043c

Error: (04/14/2014 09:11:37 PM) (Source: cyphxservice)(User: )
Description: cyphxservice error: 2The system cannot find the file specified. (0x2)

CodeIntegrity Errors:
===================================
  Date: 2014-04-15 18:17:40.574
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\cmdhlp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-15 18:17:40.481
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\cmdhlp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-15 18:09:03.488
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\cmdhlp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-15 18:09:03.394
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\cmdhlp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-15 18:07:26.722
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\cmdhlp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-15 18:07:26.644
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\cmdhlp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-15 17:48:58.991
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\cmdhlp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-15 17:48:58.898
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\cmdhlp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-15 07:31:56.970
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\cmdhlp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-15 07:31:56.876
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\cmdhlp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 8157.69 MB
Available physical RAM: 5963.71 MB
Total Pagefile: 16313.55 MB
Available Pagefile: 13689.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:866.06 GB) NTFS
Drive d: (MAINSTORAGE) (Fixed) (Total:1863.01 GB) (Free:1329.1 GB) NTFS
Drive e: (STORAGE) (Fixed) (Total:698.64 GB) (Free:693.64 GB) NTFS
Drive f: () (Fixed) (Total:292.97 GB) (Free:254.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (MoreStore) (Fixed) (Total:172.78 GB) (Free:172.42 GB) NTFS
Drive h: (Apr 09 2014) (CDROM) (Total:2.16 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 699 GB) (Disk ID: BA80A267)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 04170416)
Partition 1: (Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=173 GB) - (Type=OF Extended)

========================================================
Disk: 2 (Size: 932 GB) (Disk ID: 6EFA6EFA)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: C7883F68)

Partition: GPT Partition Type.

==================== End Of Log ============================


  • 0

Advertisements


#41
majorlag

majorlag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts

It's strange, but before all this happened I never had to run procexp as admin to see process user names and to have full access to processes.

 

Process explorer, run as admin:

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer User Name
System Idle Process 95.27 0 K 24 K 0    NT AUTHORITY\SYSTEM
procexp64.exe 3.07 31,968 K 54,092 K 4364 Sysinternals Process Explorer Sysinternals - www.sysinternals.com  HUTSELL1-7\ahutsell2001
dwm.exe 0.44 33,360 K 37,148 K 2104 Desktop Window Manager Microsoft Corporation  HUTSELL1-7\ahutsell2001
Interrupts 0.42 0 K 0 K n/a Hardware Interrupts and DPCs   
ProviderRegistryService.exe 0.20 52,952 K 53,236 K 3004 Windows Server Provider Registry Service Microsoft Corporation  NT AUTHORITY\NETWORK SERVICE
System 0.18 308 K 9,096 K 4    NT AUTHORITY\SYSTEM
LANConfigSvc.exe 0.10 62,052 K 57,908 K 4880 Windows Server LAN Configuration Service Microsoft Corporation Microsoft Corporation NT AUTHORITY\SYSTEM
csrss.exe 0.09 3,812 K 17,836 K 648 Client Server Runtime Process Microsoft Corporation  NT AUTHORITY\SYSTEM
cmdagent.exe 0.06 14,196 K 6,688 K 520 COMODO Internet Security COMODO  NT AUTHORITY\SYSTEM
explorer.exe 0.05 76,964 K 90,768 K 1500 Windows Explorer Microsoft Corporation  HUTSELL1-7\ahutsell2001
nvtray.exe 0.04 18,092 K 25,208 K 364 NVIDIA Settings NVIDIA Corporation  HUTSELL1-7\ahutsell2001
svchost.exe 0.01 18,476 K 21,928 K 672 Host Process for Windows Services Microsoft Corporation  NT AUTHORITY\NETWORK SERVICE
HpqSRmon.exe 0.01 3,464 K 7,880 K 1640 HpqSRmon Hewlett-Packard  HUTSELL1-7\ahutsell2001
SUPERANTISPYWARE.EXE 0.01 187,864 K 928 K 4596 SUPERAntiSpyware Application SUPERAntiSpyware  HUTSELL1-7\ahutsell2001
svchost.exe < 0.01 26,336 K 42,568 K 1124 Host Process for Windows Services Microsoft Corporation  NT AUTHORITY\SYSTEM
lsm.exe < 0.01 5,224 K 8,636 K 752 Local Session Manager Service Microsoft Corporation  NT AUTHORITY\SYSTEM
taskhost.exe < 0.01 15,344 K 15,888 K 2932 Host Process for Windows Tasks Microsoft Corporation  HUTSELL1-7\ahutsell2001
Runservice.exe < 0.01 2,564 K 5,496 K 2148    NT AUTHORITY\SYSTEM
PnkBstrA.exe < 0.01 2,708 K 6,356 K 2288    NT AUTHORITY\SYSTEM
SASCore64.exe < 0.01 3,876 K 6,980 K 1980 Core Service SUPERAntiSpyware.com  NT AUTHORITY\SYSTEM
cypxsrv10.exe < 0.01 6,660 K 8,928 K 1132 Cypherix Service Cypherix Software (India) Pvt. Ltd.  NT AUTHORITY\SYSTEM
csrss.exe < 0.01 2,640 K 5,104 K 544 Client Server Runtime Process Microsoft Corporation  NT AUTHORITY\SYSTEM
SearchIndexer.exe < 0.01 55,528 K 45,804 K 3220 Microsoft Windows Search Indexer Microsoft Corporation  NT AUTHORITY\SYSTEM
SharedServiceHost.exe < 0.01 51,108 K 52,120 K 3272 Windows Server Shared Service Host Microsoft Corporation  NT AUTHORITY\SYSTEM
SharedServiceHost.exe < 0.01 53,492 K 51,656 K 1312 Windows Server Shared Service Host Microsoft Corporation  NT AUTHORITY\SYSTEM
SharedServiceHost.exe < 0.01 55,360 K 53,096 K 3436 Windows Server Shared Service Host Microsoft Corporation  NT AUTHORITY\SYSTEM
SharedServiceHost.exe < 0.01 44,504 K 47,992 K 3084 Windows Server Shared Service Host Microsoft Corporation  NT AUTHORITY\NETWORK SERVICE
nvvsvc.exe < 0.01 7,560 K 15,740 K 1608 NVIDIA Driver Helper Service, Version 331.65 NVIDIA Corporation  NT AUTHORITY\SYSTEM
SharedServiceHost.exe < 0.01 68,740 K 70,368 K 2960 Windows Server Shared Service Host Microsoft Corporation  NT AUTHORITY\SYSTEM
SMSvcHost.exe < 0.01 41,764 K 36,984 K 2228 SMSvcHost.exe Microsoft Corporation  NT AUTHORITY\LOCAL SERVICE
SearchProtocolHost.exe < 0.01 2,988 K 8,764 K 5980 Microsoft Windows Search Protocol Host Microsoft Corporation  NT AUTHORITY\SYSTEM
TeamViewer_Service.exe < 0.01 9,120 K 18,100 K 2416 TeamViewer 9 TeamViewer GmbH  NT AUTHORITY\SYSTEM
svchost.exe < 0.01 174,760 K 181,992 K 1032 Host Process for Windows Services Microsoft Corporation  NT AUTHORITY\SYSTEM
WUDFHost.exe  4,160 K 8,828 K 1804 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation  NT AUTHORITY\LOCAL SERVICE
WSConnectorUpdate.exe  5,140 K 10,696 K 2540 Windows Server Connector Update Service Microsoft Corporation  NT AUTHORITY\SYSTEM
WmiPrvSE.exe  4,976 K 9,168 K 4088 WMI Provider Host Microsoft Corporation  NT AUTHORITY\SYSTEM
winlogon.exe  3,224 K 8,308 K 728 Windows Logon Application Microsoft Corporation  NT AUTHORITY\SYSTEM
wininit.exe  1,716 K 4,616 K 612 Windows Start-Up Application Microsoft Corporation  NT AUTHORITY\SYSTEM
WhsMcClient.exe  5,976 K 11,572 K 2504 Windows Media Center Client Service Microsoft Corporation  NT AUTHORITY\SYSTEM
svchost.exe  13,028 K 14,912 K 1908 Host Process for Windows Services Microsoft Corporation  NT AUTHORITY\LOCAL SERVICE
svchost.exe  19,396 K 21,356 K 280 Host Process for Windows Services Microsoft Corporation  NT AUTHORITY\LOCAL SERVICE
svchost.exe  6,752 K 11,296 K 300 Host Process for Windows Services Microsoft Corporation  NT AUTHORITY\NETWORK SERVICE
svchost.exe  12,668 K 20,756 K 1088 Host Process for Windows Services Microsoft Corporation  NT AUTHORITY\LOCAL SERVICE
svchost.exe  5,516 K 10,980 K 2336 Host Process for Windows Services Microsoft Corporation  NT AUTHORITY\LOCAL SERVICE
svchost.exe  7,116 K 13,232 K 892 Host Process for Windows Services Microsoft Corporation  NT AUTHORITY\SYSTEM
svchost.exe  4,020 K 8,144 K 1948 Host Process for Windows Services Microsoft Corporation  NT AUTHORITY\NETWORK SERVICE
svchost.exe  7,516 K 11,632 K 2384 Host Process for Windows Services Microsoft Corporation  NT AUTHORITY\LOCAL SERVICE
spoolsv.exe  10,392 K 17,620 K 1864 Spooler SubSystem App Microsoft Corporation  NT AUTHORITY\SYSTEM
smss.exe  536 K 1,180 K 384 Windows Session Manager Microsoft Corporation  NT AUTHORITY\SYSTEM
services.exe  8,324 K 12,908 K 684 Services and Controller app Microsoft Corporation  NT AUTHORITY\SYSTEM
SearchFilterHost.exe  3,376 K 7,068 K 2708 Microsoft Windows Search Filter Host Microsoft Corporation  NT AUTHORITY\SYSTEM
SbieSvc.exe  4,456 K 7,312 K 1336 Sandboxie Service Sandboxie Holdings, LLC  NT AUTHORITY\SYSTEM
procexp.exe  4,184 K 10,060 K 5732 Sysinternals Process Explorer Sysinternals - www.sysinternals.com  HUTSELL1-7\ahutsell2001
nvxdsync.exe  10,500 K 22,320 K 1600 NVIDIA User Experience Driver Component NVIDIA Corporation  NT AUTHORITY\SYSTEM
nvvsvc.exe  5,028 K 10,308 K 988 NVIDIA Driver Helper Service, Version 331.65 NVIDIA Corporation  NT AUTHORITY\SYSTEM
nvSCPAPISvr.exe  4,376 K 8,216 K 1016 Stereo Vision Control Panel API Server NVIDIA Corporation  NT AUTHORITY\SYSTEM
notepad.exe  4,128 K 9,340 K 4048 Notepad Microsoft Corporation  HUTSELL1-7\ahutsell2001
msiexec.exe  6,972 K 17,480 K 2872 Windows® installer Microsoft Corporation  NT AUTHORITY\SYSTEM
MDM.EXE  3,856 K 7,516 K 2196 Machine Debug Manager Microsoft Corporation  NT AUTHORITY\SYSTEM
LSSrvc.exe  2,944 K 6,700 K 2172 LightScribe Service Hewlett-Packard Company  NT AUTHORITY\SYSTEM
lsass.exe  7,420 K 15,332 K 740 Local Security Authority Process Microsoft Corporation  NT AUTHORITY\SYSTEM
LightScribeControlPanel.exe  9,300 K 13,048 K 4644  Hewlett-Packard Company  HUTSELL1-7\ahutsell2001
jusched.exe  4,428 K 11,088 K 5004 Java™ Update Scheduler Oracle Corporation  HUTSELL1-7\ahutsell2001
Fuel.Service.exe  4,280 K 8,984 K 2020 AMD Fuel Service Advanced Micro Devices, Inc.  NT AUTHORITY\SYSTEM


  • 0

#42
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP

Open the file C:\15_4_21_9.log in notepad and tell me what it says.  Can you tell what process created it?  Looks to me like the logging process has gone bonkers.

 

There is a Comodo removal tool at:

 

http://forums.comodo.../-t71897.0.html

 

Comodo is still running but showing a lot of errors so it needs to be removed.

 

We can try to remove the remnants with FRST:

 

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that then you should be able to boot into regular mode.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.


  • 0

#43
majorlag

majorlag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts

Sorry, I don't see the attachment for the fixlist.txt.  Could just be the browser I'm having to use on this machine.

 

All of those logs have two lines, as far as I can tell:

 

CMpeg4Splitter::BreakConnect() Enter

CMpeg4Splitter::BreakConnect() Enter

 

I've read that this is maybe related to Corel VideoStudio, but I'm baffled as to why that would even be running.

 

I'll try the Comodo removal tool and report back.  Thanks!


  • 0

#44
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP

oops


  • 0

#45
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP

Also Corel is running per FRST:

 

HKLM-x32\...\Run: [UVS12 Preload] - C:\Program Files (x86)\Corel\Corel VideoStudio 12\uvPL.exe [397456 2008-06-09] (Corel TW Corp.)

 

You might use msconfig to uncheck it.  See if the logs stop.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP