Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Tried installing Comodo, everything is slowed to a crawl. [Solved]


  • This topic is locked This topic is locked

#1
tl79

tl79

    Member

  • Member
  • PipPipPip
  • 178 posts

I tried installing Comodo last night and the installation was interrupted.  Since then we are unable to get internet access and everything is extremely slow.  Windows XP is the OS.  Everything worked fine until this attempted installation.  We tried running Super-Anti-Spyware but it wouldn't start.  Any help would be greatly appreciated!  Thanks!


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.

  • Please read through my instructions carefully and completely before executing them.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  • Please remember, the fixes are for your machine and your machine ONLY!
Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)

Now, let's get started, shall we? :thumbsup:




Step 1: Scan with FRST

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Step 2: Scan with aswMBR
  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.
aswmbrscan_zpsdc05b0f9.jpg
  • Click the Scan button to begin the scan.
aswmbrsavelog_zps1aeef48e.jpg
  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit
Things I need to see in your next post:

FRST Log

Additions.txt Log

aswMBR Log

  • 0

#3
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-04-2014
Ran by Owner (administrator) on D5YG9NF1 on 14-04-2014 18:50:58
Running from K:\DAD 2014
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(ScanSoft, Inc) C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
(Microsoft Corporation) C:\WINDOWS\vVX3000.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Logitech Inc.) C:\Program Files\Logitech\Vid HD\Vid.exe
() C:\Program Files\SpywareGuard\sgmain.exe
() C:\Program Files\SpywareGuard\sgbhp.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SingleClick Systems) C:\Program Files\Dell Network Assistant\hnm_svc.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Microsoft Corporation) C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Pinnacle Systems) C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16132608 2007-07-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2007-07-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Omnipage] => C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [49152 2002-06-03] (ScanSoft, Inc)
HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [VX3000] => C:\WINDOWS\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [PinnacleDriverCheck] => C:\WINDOWS\system32\PSDrvCheck.exe [406016 2004-03-11] ()
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-12] (AVAST Software)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [15711008 2013-11-11] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMCTray.dll [209184 2013-11-11] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2602784 2013-11-11] ()
HKLM\...\Run: [Nvtmru] => C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [Monitor] => C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2013-11-27] (LeapFrog Enterprises, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-927226146-1572789124-4019323850-1003\...\Run: [ctfmon.exe] => C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-927226146-1572789124-4019323850-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-31] (SUPERAntiSpyware)
HKU\S-1-5-21-927226146-1572789124-4019323850-1003\...\Run: [Google Update] => C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-06-05] (Google Inc.)
HKU\S-1-5-21-927226146-1572789124-4019323850-1003\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Vid HD\Vid.exe [6129496 2011-01-12] (Logitech Inc.)
HKU\S-1-5-21-927226146-1572789124-4019323850-1003\...\MountPoints2: {6a3f8d99-59ab-11dd-8a1d-cb22b4539c44} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-927226146-1572789124-4019323850-1003\...\MountPoints2: {ae025438-1f79-11dd-89a9-fa0d89eeaafb} - O:\LaunchU3.exe -a
HKU\S-1-5-21-927226146-1572789124-4019323850-1003\...\MountPoints2: {cd0e6d32-1eaa-11dd-89a7-cda8a13906f8} - O:\LaunchU3.exe -a
Lsa: [Notification Packages] scecli scecli
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk
ShortcutTarget: SpywareGuard.lnk -> C:\Program Files\SpywareGuard\sgmain.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...?channel=us-smb
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co...?channel=us-smb
SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yah...}&fr=chr-comodo
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [86016 2004-02-24] (Qualcomm Inc.)
ShellExecuteHooks: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll [126976 2003-08-03] ()
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\[email protected]
FF Homepage: hxxp://us.yahoo.com?fr=fp-comodo
FF DefaultSearchEngine: Yahoo
FF Keyword.URL: hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p=
FF SelectedSearchEngine: Yahoo
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-01-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======
CHR HomePage: hxxp://us.yahoo.com?fr=fpc-comodo
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.116\gcswf32.dll No File
CHR Plugin: (Java™ Platform SE 6 U13) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Chrome NaCl) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.116\gears.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Move Streaming Media Player) - C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071705000014.dll No File
CHR Plugin: (Google Update) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Wallet) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-15] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-31] (AVAST Software)
S4 GFIBckHAtt; N:\Program Files\GFI Backup 2009 - Home Edition\GFIHInst.exe [440616 2009-09-15] (GFI Software Ltd.)
S4 GFIBckHSched; N:\Program Files\GFI Backup 2009 - Home Edition\GFIHSched.exe [1412392 2009-09-15] (GFI Software Ltd.)
R2 hnmsvc; C:\Program Files\Dell Network Assistant\hnm_svc.exe [112176 2007-05-25] (SingleClick Systems)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2009-03-09] (Sun Microsystems, Inc.)
R2 MSSQL$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [9158656 2008-12-18] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [73728 2005-05-03] (Microsoft Corporation)
R2 PinnacleSys.MediaServer; C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe [49152 2006-01-19] (Pinnacle Systems)
S3 SQLAgent$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE [323584 2005-05-03] (Microsoft Corporation)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S4 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [X]

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 ASAPIW2K; C:\WINDOWS\System32\drivers\ASAPIW2k.sys [11264 2005-02-23] (VOB Computersysteme GmbH)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-04-12] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-31] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2013-11-02] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-31] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-01-31] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-31] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-01-31] ()
S3 BCM42RLY; C:\WINDOWS\System32\BCM42RLY.SYS [17992 2005-02-01] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 DigiartyVirtualCDBus; C:\WINDOWS\System32\drivers\DigiartyVirtualCDBus.sys [163616 2013-05-08] (Digiarty Software, Inc.)
S3 HP8107Fltr; C:\WINDOWS\System32\DRIVERS\HP8107.sys [12672 2010-02-05] (Windows ® Win 7 DDK provider)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-05-16] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-05-16] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-05-16] (HP)
R3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171008 2005-07-13] (Pinnacle Systems GmbH)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [128672 2013-06-16] (NVIDIA Corporation)
R2 Packet; C:\WINDOWS\System32\DRIVERS\packet.sys [12672 2006-12-18] (SingleClick Systems)
R1 PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH)
S3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [245248 2005-11-24] (Ralink Technology, Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys [X]
S2 PCASp50; System32\Drivers\PCASp50.sys [X]
S3 rt2870; system32\DRIVERS\rt2870.sys [X]
S3 RTL8187B; system32\DRIVERS\RTL8187B.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-13] (Microsoft Corporation)
S3 SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys [X]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

NETSVC: qwbgaaml -> No Registry Path.
NETSVC: oenzbwuo -> No Registry Path.

==================== One Month Created Files and Folders ========

2014-04-14 18:50 - 2014-04-14 18:50 - 00000000 ____D () C:\FRST
2014-04-12 17:50 - 2014-04-12 17:50 - 00000686 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-12 17:50 - 2014-04-12 17:50 - 00000000 ____D () C:\Program Files\Malwarebytes
2014-04-12 17:50 - 2014-04-12 17:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-12 17:50 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-12 17:50 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-12 17:46 - 2014-04-12 17:50 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-04-12 10:21 - 2014-02-25 20:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-04-12 10:21 - 2014-02-25 20:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-04-12 08:32 - 2014-04-12 08:32 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Application Data\SUPERAntiSpyware.com
2014-04-11 19:38 - 2014-04-11 19:38 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Application Data\AVAST Software
2014-04-11 18:23 - 2014-04-11 18:23 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Application Data\Malwarebytes
2014-04-11 17:07 - 2014-04-11 17:07 - 00000000 ____D () C:\cis
2014-04-11 17:03 - 2014-04-11 18:09 - 00001238 __RSH () C:\WINDOWS\system32\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf
2014-04-11 17:03 - 2014-04-11 18:09 - 00000720 _____ () C:\WINDOWS\system32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
2014-04-11 15:35 - 2014-04-12 09:55 - 00000012 _____ () C:\WINDOWS\CUAppUsage.Dat
2014-04-11 15:27 - 2014-04-11 15:27 - 00090112 _____ () C:\WINDOWS\Minidump\Mini041114-01.dmp
2014-04-11 15:18 - 2014-04-11 15:18 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Local Settings\Application Data\Adobe
2014-04-11 15:15 - 2014-04-12 10:10 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Application Data\Adobe
2014-04-11 15:14 - 2014-04-11 15:14 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\PrivacIE
2014-04-11 15:13 - 2014-04-12 10:10 - 00000000 ___SD () C:\Documents and Settings\Administrator.D5YG9NF1
2014-04-11 15:13 - 2014-01-31 23:02 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Application Data\Macromedia
2014-04-11 15:13 - 2013-03-13 22:00 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\IETldCache
2014-04-11 15:13 - 2008-02-19 00:49 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\My Documents\My Google Gadgets
2014-04-11 15:13 - 2008-02-19 00:48 - 00029528 _____ () C:\Documents and Settings\Administrator.D5YG9NF1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-04-11 15:13 - 2008-02-19 00:42 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Local Settings\Application Data\SingleClick Systems
2014-04-11 15:13 - 2008-02-19 00:39 - 00267662 _____ () C:\Documents and Settings\Administrator.D5YG9NF1\BD=1
2014-04-10 20:14 - 2014-04-12 10:58 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-10 20:09 - 2014-04-12 10:55 - 00025150 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-10 20:05 - 2014-04-13 09:26 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
2014-04-10 20:05 - 2014-04-13 09:03 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
2014-04-10 20:05 - 2014-04-12 09:59 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
2014-04-10 20:05 - 2014-04-12 09:59 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
2014-04-10 19:29 - 2014-04-12 10:09 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO I.evt
2014-04-10 19:29 - 2014-04-10 19:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Comodo Downloader
2014-04-10 17:44 - 2014-04-12 10:58 - 00027912 _____ () C:\WINDOWS\KB2922229.log
2014-03-23 12:26 - 2014-04-14 18:45 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-23 12:26 - 2014-04-13 08:52 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-22 21:54 - 2014-03-22 21:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-22 21:53 - 2014-04-12 10:55 - 00015095 _____ () C:\WINDOWS\KB2934207.log
2014-03-19 17:06 - 2014-03-19 17:06 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Skype
2014-03-19 17:05 - 2014-03-19 17:05 - 00000000 ___RD () C:\Program Files\Skype
2014-03-19 17:05 - 2014-03-19 17:05 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-19 17:05 - 2014-03-19 17:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype

==================== One Month Modified Files and Folders =======

2014-04-14 18:50 - 2014-04-14 18:50 - 00000000 ____D () C:\FRST
2014-04-14 18:50 - 2013-12-25 19:59 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-14 18:50 - 2013-05-04 11:01 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-04-14 18:49 - 2013-11-20 18:23 - 00005146 _____ () C:\WINDOWS\system32\nvAppTimestamps
2014-04-14 18:49 - 2013-01-20 10:37 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Free Download Manager
2014-04-14 18:49 - 2004-08-10 13:02 - 01318109 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-14 18:45 - 2014-03-23 12:26 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-14 18:45 - 2013-05-05 19:56 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-14 18:45 - 2004-08-10 13:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-14 18:45 - 2004-08-10 12:59 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-14 18:45 - 2004-08-10 12:59 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-04-14 18:45 - 2004-08-10 12:51 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-13 11:34 - 2004-08-10 13:08 - 00032086 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-13 11:34 - 2004-08-10 13:08 - 00000278 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-04-13 09:28 - 2013-05-16 15:03 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-927226146-1572789124-4019323850-1003UA.job
2014-04-13 09:26 - 2014-04-10 20:05 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
2014-04-13 09:23 - 2013-05-05 19:56 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-13 09:03 - 2014-04-10 20:05 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
2014-04-13 08:53 - 2013-08-01 16:35 - 00000000 ____D () C:\Program Files\SpywareBlaster2013
2014-04-13 08:52 - 2014-03-23 12:26 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-04-12 17:50 - 2014-04-12 17:50 - 00000686 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-12 17:50 - 2014-04-12 17:50 - 00000000 ____D () C:\Program Files\Malwarebytes
2014-04-12 17:50 - 2014-04-12 17:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-12 17:50 - 2014-04-12 17:46 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-04-12 17:50 - 2009-01-17 10:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-04-12 16:28 - 2011-06-05 09:40 - 00002284 _____ () C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
2014-04-12 10:58 - 2014-04-10 20:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-12 10:58 - 2014-04-10 17:44 - 00027912 _____ () C:\WINDOWS\KB2922229.log
2014-04-12 10:58 - 2013-10-12 16:46 - 00170874 _____ () C:\WINDOWS\setupapi.log
2014-04-12 10:58 - 2013-07-23 18:58 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-12 10:58 - 2004-08-10 12:57 - 02850063 _____ () C:\WINDOWS\FaxSetup.log
2014-04-12 10:58 - 2004-08-10 12:57 - 01371796 _____ () C:\WINDOWS\ocgen.log
2014-04-12 10:58 - 2004-08-10 12:57 - 01091368 _____ () C:\WINDOWS\tsoc.log
2014-04-12 10:58 - 2004-08-10 12:57 - 00798346 _____ () C:\WINDOWS\comsetup.log
2014-04-12 10:58 - 2004-08-10 12:57 - 00483391 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-12 10:58 - 2004-08-10 12:57 - 00451157 _____ () C:\WINDOWS\iis6.log
2014-04-12 10:58 - 2004-08-10 12:57 - 00141987 _____ () C:\WINDOWS\msgsocm.log
2014-04-12 10:58 - 2004-08-10 12:57 - 00131119 _____ () C:\WINDOWS\ocmsn.log
2014-04-12 10:58 - 2004-08-10 12:57 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-04-12 10:55 - 2014-04-10 20:09 - 00025150 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-12 10:55 - 2014-03-22 21:53 - 00015095 _____ () C:\WINDOWS\KB2934207.log
2014-04-12 10:55 - 2009-05-23 16:25 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-12 10:55 - 2008-02-19 00:33 - 00514601 _____ () C:\WINDOWS\updspapi.log
2014-04-12 10:55 - 2004-08-10 12:57 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-04-12 10:52 - 2009-01-19 10:06 - 00000554 _____ () C:\hpfr5550.xml
2014-04-12 10:52 - 2008-08-18 17:29 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\MEL
2014-04-12 10:52 - 2008-02-23 11:57 - 00002483 _____ () C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
2014-04-12 10:35 - 2013-05-04 11:01 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2014-04-12 10:28 - 2013-05-16 15:03 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-927226146-1572789124-4019323850-1003Core.job
2014-04-12 10:27 - 2011-07-29 17:23 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-04-12 10:18 - 2013-05-04 11:01 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-04-12 10:14 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-04-12 10:14 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-04-12 10:14 - 2004-08-10 13:08 - 00000000 ____D () C:\Documents and Settings\Owner
2014-04-12 10:14 - 2004-08-10 13:02 - 00000000 ____D () C:\WINDOWS\Registration
2014-04-12 10:10 - 2014-04-11 15:15 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Application Data\Adobe
2014-04-12 10:10 - 2014-04-11 15:13 - 00000000 ___SD () C:\Documents and Settings\Administrator.D5YG9NF1
2014-04-12 10:09 - 2014-04-10 19:29 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO I.evt
2014-04-12 09:59 - 2014-04-10 20:05 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
2014-04-12 09:59 - 2014-04-10 20:05 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
2014-04-12 09:55 - 2014-04-11 15:35 - 00000012 _____ () C:\WINDOWS\CUAppUsage.Dat
2014-04-12 08:32 - 2014-04-12 08:32 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Application Data\SUPERAntiSpyware.com
2014-04-11 19:38 - 2014-04-11 19:38 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Application Data\AVAST Software
2014-04-11 19:35 - 2013-12-10 20:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2014-04-11 18:23 - 2014-04-11 18:23 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Application Data\Malwarebytes
2014-04-11 18:09 - 2014-04-11 17:03 - 00001238 __RSH () C:\WINDOWS\system32\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf
2014-04-11 18:09 - 2014-04-11 17:03 - 00000720 _____ () C:\WINDOWS\system32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
2014-04-11 17:07 - 2014-04-11 17:07 - 00000000 ____D () C:\cis
2014-04-11 16:28 - 2004-08-10 12:51 - 00000676 _____ () C:\WINDOWS\win.ini
2014-04-11 16:28 - 2004-08-10 12:51 - 00000254 _____ () C:\WINDOWS\SYSTEM.INI
2014-04-11 15:27 - 2014-04-11 15:27 - 00090112 _____ () C:\WINDOWS\Minidump\Mini041114-01.dmp
2014-04-11 15:27 - 2008-03-17 20:07 - 00000000 ____D () C:\WINDOWS\Minidump
2014-04-11 15:18 - 2014-04-11 15:18 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Local Settings\Application Data\Adobe
2014-04-11 15:14 - 2014-04-11 15:14 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\PrivacIE
2014-04-10 20:11 - 2009-07-19 11:50 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-04-10 19:29 - 2014-04-10 19:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Comodo Downloader
2014-04-08 17:29 - 2012-09-08 20:57 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Skype
2014-04-03 09:51 - 2014-04-12 17:50 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-03 09:50 - 2014-04-12 17:50 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-23 14:11 - 2013-09-14 16:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\rionix
2014-03-22 21:54 - 2014-03-22 21:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-22 12:06 - 2008-02-23 11:57 - 00002469 _____ () C:\Documents and Settings\Owner\Desktop\Microsoft PowerPoint.lnk
2014-03-19 17:06 - 2014-03-19 17:06 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Skype
2014-03-19 17:06 - 2012-09-08 20:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-03-19 17:06 - 2004-08-10 12:57 - 00632734 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-19 17:05 - 2014-03-19 17:05 - 00000000 ___RD () C:\Program Files\Skype
2014-03-19 17:05 - 2014-03-19 17:05 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-19 17:05 - 2014-03-19 17:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-03-19 17:02 - 2012-09-08 20:57 - 00002265 _____ () C:\Documents and Settings\All Users\Desktop\Skype (hellothomas2011).lnk

Files to move or delete:
====================
C:\Documents and Settings\All Users\dcmsvcsetup.exe
C:\Documents and Settings\All Users\invokesi.exe

Some content of TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\Temp\CallHome.dll
C:\Documents and Settings\Owner\Local Settings\Temp\epurcmainver20.dll
C:\Documents and Settings\Owner\Local Settings\Temp\jre-6u13-windows-i586-p-iftw.exe
C:\Documents and Settings\Owner\Local Settings\Temp\mpegc.dll
C:\Documents and Settings\Owner\Local Settings\Temp\nos_uninstall_helper.dll
C:\Documents and Settings\Owner\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Owner\Local Settings\Temp\tempmessage.bfg
C:\Documents and Settings\Owner\Local Settings\Temp\tmpsetup.exe
C:\Documents and Settings\Owner\Local Settings\Temp\TsuFAA866BE.dll
C:\Documents and Settings\Owner\Local Settings\Temp\Uninstall.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-04-2014
Ran by Owner at 2014-04-14 18:51:33
Running from K:\DAD 2014
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG Anti-Virus Free Edition 2012 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

4 Elements (HKLM\...\4 Elements_is1) (Version:  - Playrix Entertainment)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader 7.0.8 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A70800000002}) (Version: 7.0.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Aiseesoft Total Media Converter 6.2.18 (HKLM\...\{42087B24-ECD8-41d2-8053-E6EB99E5083F}_is1) (Version:  - )
Alexander the Great - The Secrets of Power (HKLM\...\Alexander the Great - The Secrets of Power_is1) (Version:  - Playrix Entertainment)
Alice in Wonderland (HKLM\...\Alice in Wonderland) (Version: 1.00 - Boonty)
Alice's Magical Mahjong (HKLM\...\Alice's Magical Mahjong_is1) (Version: 1.0 - Playrix Entertainment)
Almeza MultiSet Professional 7.8.8 (HKLM\...\Almeza MultiSet Professional_is1) (Version:  - Almeza Company)
Annie's Millions (HKLM\...\Annie's Millions_is1) (Version: 1.0 - Playrix Entertainment)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoBase 3 (HKLM\...\{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}) (Version:  - )
ArcSoft PhotoStudio 5 (HKLM\...\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}) (Version:  - )
Autumn's Treasures the Jade Coin (HKLM\...\Autumn's Treasures the Jade Coin_is1) (Version: 1.0 - Playrix Entertainment)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2013 - Avast Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brickshooter Egypt (HKLM\...\Brickshooter Egypt_is1) (Version:  - Playrix Entertainment)
BufferChm (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Cake Mania 5 Lights Camera Action 1.00 (HKLM\...\Cake Mania 5 Lights Camera Action 1.00) (Version:  - )
Call of Atlantis (HKLM\...\Call of Atlantis_is1) (Version:  - Playrix Entertainment)
CameraHelperMsi (Version: 13.31.1038.0 - Logitech) Hidden
Canon CanoScan Toolbox 4.1 (HKLM\...\{BCE46757-7674-4416-BEDB-68205A60409E}) (Version:  - )
CanoScan LiDE20,30 Manual (HKLM\...\{B360A8E5-C171-4AAE-9777-65B3CDB0072C}) (Version:  - )
Chainz 2 (HKLM\...\Chainz 2_is1) (Version:  - )
CinemaNow Player (HKLM\...\com.bby.cinemanowplayer) (Version: 3.1.4 - Rovi Corporation)
CinemaNow Player (Version: 3.1.4 - Rovi Corporation) Hidden
Coffee Rush (HKLM\...\Coffee Rush_is1) (Version:  - )
Collectorz.com Book Collector (HKLM\...\Collectorz.com Book Collector) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows4.0) (Version: 4.0 - Coupons, Inc.) <==== ATTENTION
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
coverXP (remove only) (HKLM\...\coverXP) (Version:  - )
Crayon Physics Deluxe - release 53 (HKLM\...\Crayon Physics Deluxe_is1) (Version:  - Kloonigames)
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Data Lifeguard Tools (HKLM\...\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}) (Version:  - )
Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
Dell Network Assistant (HKLM\...\{0240BDFB-2995-4A3F-8C96-18D41282B716}) (Version: 3.0.0.0 - Dell Inc.)
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Digital Copy (HKLM\...\Digital Copy) (Version:  - )
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.18 - BVRP Software, Inc)
Diner Dash (HKLM\...\Diner Dash_is1) (Version:  - )
DiscAPI (Studio 10) (Version: 2.10.0081 - Pinnacle Systems) Hidden
EaseUS Data Recovery Wizard 5.8.5 (HKLM\...\EaseUS Data Recovery Wizard 5.8.5_is1) (Version:  - EaseUS)
Elementals - The Magic Key (HKLM\...\Elementals - The Magic Key_is1) (Version:  - Playrix Entertainment)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
Eudora (HKLM\...\{06BCBFBA-9604-4250-A3B9-E8B9FC33127C}) (Version: 6.1.2 - )
Fairy Island (HKLM\...\Fairy Island_is1) (Version:  - Playrix Entertainment)
Free Download Manager 3.9.2 (HKLM\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
GFI Backup 2009 - Home Edition (HKLM\...\GFI Backup 2009 - Home Edition) (Version: 3.0 - GFI Software Ltd.)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
HandBrake 0.9.8 (HKLM\...\HandBrake) (Version: 0.9.8 - )
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
Hotfix 2055 for SQL Server 2000 ENU (KB960082) (HKLM\...\KB960082(ENU)) (Version: 1 - Microsoft Corporation)
hp deskjet 5550 series (HKLM\...\hp deskjet 5550 series_Driver) (Version:  - )
hp deskjet 5550 series (Remove only) (HKLM\...\hp deskjet 5550 series) (Version:  - )
HP Imaging Device Functions 7.0 (HKLM\...\HP Imaging Device Functions) (Version: 7.0 - HP)
HP Photosmart and Deskjet 7.0 Software (HKLM\...\{D1AE6D4D-C37A-487d-83D8-C333125B2459}) (Version: 7.1 - HP)
hp print screen utility (HKLM\...\hp print screen utility) (Version:  - )
hph_software_req (Version: 70.0.260.000 - Hewlett-Packard) Hidden
iCare Data Recovery Free 5.0 (HKLM\...\iCare Data Recovery Free_is1) (Version:  - iCare Software)
Image Resizer Powertoy for Windows XP (HKLM\...\{1CB92574-96F2-467B-B793-5CEB35C40C29}) (Version: 1.00.0001 - Microsoft Corporation)
Inca Ball (HKLM\...\Inca Ball_is1) (Version:  - Playrix Entertainment)
Inpaint 3.0 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version:  - teorex)
Intel® PRO Network Connections 12.1.12.0 (HKLM\...\{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}) (Version:  - Intel)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java™ 6 Update 13 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.130 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
K-Lite Codec Pack 6.4.0 (Basic) (HKLM\...\KLiteCodecPack_is1) (Version: 6.4.0 - )
LeapFrog Connect (HKLM\...\UPCShell) (Version: 5.2.4.18506 - LeapFrog)
LeapFrog Connect (Version: 5.2.4.18506 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (Version: 5.2.1.18456 - LeapFrog) Hidden
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Logos 4 Prerequisites (HKLM\...\{C2824B54-B9E6-4CB3-BD6E-A94B74423E22}) (Version: 4.62.02680 - Logos Bible Software)
Logos Bible Software 4 (HKLM\...\{2C7C5B3C-1D1C-404E-850B-6F83E65D8B51}) (Version: 4.62.02681 - Logos Bible Software)
LWS Facebook (Version: 13.31.1038.0 - Logitech) Hidden
LWS Gallery (Version: 13.31.1038.0 - Logitech) Hidden
LWS Help_main (Version: 13.31.1044.0 - Logitech) Hidden
LWS Launcher (Version: 13.31.1038.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.31.1038.0 - Logitech) Hidden
LWS Twitter (Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.31.1038.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.31.1038.0 - Logitech) Hidden
MahJong Suite 2012 v9.0 (HKLM\...\MahJong Suite_is1) (Version:  - TreeCardGames)
Mahjongg Ancient Mayas (HKLM\...\Mahjongg Ancient Mayas_is1) (Version:  - )
Mahjongg Dimensions Deluxe 1.00 (HKLM\...\Mahjongg Dimensions Deluxe 1.00) (Version:  - )
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Master Of Defense 1.67e (HKLM\...\Master Of Defense_is1) (Version:  - Voodoo Dimention)
MaxBlast 4 (HKLM\...\{639858DD-4966-40F3-A706-7C838BCF3A2B}) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office XP Media Content (HKLM\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
Microsoft Office XP Standard for Students and Teachers (HKLM\...\{913D0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server Desktop Engine (PINNACLESYS) (HKLM\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.2039 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}) (Version: 1.0.17.2 - )
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
Nero 6 Ultra Edition (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
NVIDIA Control Panel 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.7.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.7.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA nView 140.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.84 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (Version: 6.14.10.13550 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Update 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 9.3.21 - NVIDIA Corporation) Hidden
OmniPage SE (HKLM\...\{6249C22D-E6A8-407B-BA8B-40298848ED94}) (Version: 11.00.0001 - ScanSoft, Inc.)
PandoraRecovery (Remove Only) (HKLM\...\PandoraRecovery) (Version:  - )
Paramount Download Manager (HKCU\...\2104578600.www.paramountmovies.com) (Version:  - www.paramountmovies.com)
PC Inspector File Recovery (HKLM\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
Pinnacle Instant DVD Recorder (HKLM\...\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}) (Version: 1.70.127 - )
Pinnacle MediaServer (HKLM\...\{460CE8B9-6EC2-458A-90D4-691631ECE9D9}) (Version: 1.10.166 - )
PowerDVD (HKLM\...\{281ECE39-F043-492B-8337-F2E546B5604A}) (Version: 7.0 - Dell)
proDAD Heroglyph 2.5 (HKLM\...\proDAD-Heroglyph-2.5) (Version:  - )
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
RAPID (Studio 10) (Version: 1.00.0022 - Pinnacle Systems) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Recuva (HKLM\...\Recuva) (Version: 1.46 - Piriform)
Royal Envoy (HKLM\...\Royal Envoy_is1) (Version:  - Playrix Entertainment)
Royal Envoy 2 Collectors Edition (HKLM\...\{B5701215-30BF-456B-811F-42A4F2FA0D93}) (Version: 1.2.0 - LeeGT-Games)
Samsung ML-1865W Series (HKLM\...\Samsung ML-1865W Series) (Version:  - Samsung Electronics Co., Ltd.)
SearchAssist (HKLM\...\SearchAssist) (Version:  - )
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.2.7 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.2.7 - SmartSound Software Inc) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Sony Pictures Download Manager (HKCU\...\803962794.ultraviolet.sonypictures.com) (Version:  - ultraviolet.sonypictures.com)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.5.2 - Safer Networking Limited)
SpywareGuard v2.2 (HKLM\...\SpywareGuard_is1) (Version: 2.2 - Javacool Software LLC)
Studio 10 (HKLM\...\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}) (Version: 10.6 - Pinnacle Systems)
Studio 10 Bonus DVD (HKLM\...\{6A012D9C-2E2E-405A-B87C-E909F5297C3F}) (Version: 10.0.000 - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1144 - SUPERAntiSpyware.com)
The Rise of Atlantis (HKLM\...\The Rise of Atlantis_is1) (Version:  - Playrix Entertainment)
Toolbox (Version: 70.0.170.000 - Hewlett-Packard) Hidden
UnderCoverXP 1.23 (HKLM\...\UnderCoverXP_is1) (Version:  - Wicked & Wild Inc.)
upapp (HKLM\...\{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}) (Version: 0.20.0000 - Hewlett-Packard)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB971930) (HKLM\...\KB971930-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Backup Utility (HKLM\...\{76EFFC7C-17A6-479D-9E47-8E658C1695AE}) (Version: 5.1 - Microsoft Corporation)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinX DVD Copy Pro 3.0.0 (HKLM\...\WinX DVD Copy Pro_is1) (Version:  - Digiarty Software,Inc.)
WinX DVD Ripper Platinum 6.3.1 (HKLM\...\WinX DVD Ripper Platinum_is1) (Version:  - Digiarty Software, Inc.)
Zam Beezee (HKLM\...\Zam Beezee) (Version:  - )

==================== Restore Points  =========================

28-01-2014 18:01:16 Software Distribution Service 3.0
01-02-2014 00:15:25 System Checkpoint
01-02-2014 03:34:15 avast! antivirus system restore point
02-02-2014 20:27:59 System Checkpoint
09-02-2014 15:44:11 System Checkpoint
11-02-2014 00:04:48 System Checkpoint
15-02-2014 00:03:09 Software Distribution Service 3.0
16-02-2014 15:37:04 System Checkpoint
23-02-2014 17:39:52 System Checkpoint
02-03-2014 15:07:59 System Checkpoint
11-03-2014 21:39:53 Software Distribution Service 3.0
15-03-2014 13:25:28 System Checkpoint
16-03-2014 23:21:27 System Checkpoint
18-03-2014 00:01:26 Software Distribution Service 3.0
19-03-2014 23:02:13 System Checkpoint
22-03-2014 17:56:51 System Checkpoint
23-03-2014 02:53:07 Software Distribution Service 3.0
23-03-2014 17:40:22 avast! antivirus system restore point
10-04-2014 23:33:40 System Checkpoint
11-04-2014 01:09:34 Software Distribution Service 3.0
12-04-2014 13:31:16 Removed COMODO Internet Security
12-04-2014 15:09:25 Restore Operation
12-04-2014 15:27:24 Removed Apple Mobile Device Support
12-04-2014 15:30:04 Removed COMODO Internet Security
12-04-2014 15:53:23 Software Distribution Service 3.0

==================== Hosts content: ==========================

2004-08-10 12:51 - 2009-05-23 09:07 - 00306048 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123simsen.com
127.0.0.1 123simsen.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-927226146-1572789124-4019323850-1003Core.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-927226146-1572789124-4019323850-1003UA.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2014-04-12 19:04 - 2014-04-12 11:20 - 02210304 _____ () C:\Program Files\AVAST Software\Avast\defs\14041201\algo.dll
2003-08-03 00:20 - 2003-08-03 00:20 - 00126976 ____R () C:\Program Files\SpywareGuard\spywareguard.dll
2012-03-03 09:25 - 2010-06-10 03:00 - 00026624 _____ () C:\WINDOWS\system32\ssp8ml3.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 02145304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 07956504 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00342552 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00029208 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00128536 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2013-11-02 09:08 - 2013-11-02 09:08 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-11-11 14:07 - 2011-11-11 14:07 - 00265240 _____ () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2011-11-11 14:09 - 2011-11-11 14:09 - 00336408 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2011-08-12 12:19 - 2011-08-12 12:19 - 00680984 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
2009-04-09 18:04 - 2009-04-09 18:04 - 02141008 _____ () C:\Program Files\Logitech\Vid HD\QtCore4.dll
2009-03-03 17:17 - 2009-03-03 17:17 - 07704400 _____ () C:\Program Files\Logitech\Vid HD\QtGui4.dll
2009-04-22 16:53 - 2009-04-22 16:53 - 00969040 _____ () C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
2009-03-03 17:17 - 2009-03-03 17:17 - 00475472 _____ () C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
2009-03-03 17:17 - 2009-03-03 17:17 - 00363856 _____ () C:\Program Files\Logitech\Vid HD\QtXml4.dll
2009-03-03 17:17 - 2009-03-03 17:17 - 00200016 _____ () C:\Program Files\Logitech\Vid HD\QtSql4.dll
2011-01-12 20:55 - 2011-01-12 20:55 - 00027472 _____ () C:\Program Files\Logitech\Vid HD\SDL.dll
2009-03-03 17:17 - 2009-03-03 17:17 - 11311952 _____ () C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
2009-03-03 17:17 - 2009-03-03 17:17 - 00291664 _____ () C:\Program Files\Logitech\Vid HD\phonon4.dll
2004-08-10 12:51 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2011-01-12 20:57 - 2011-01-12 20:57 - 00751616 _____ () C:\Program Files\Logitech\Vid HD\vpxmd.dll
2009-03-03 17:18 - 2009-03-03 17:18 - 00029008 _____ () C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
2009-03-03 17:18 - 2009-03-03 17:18 - 00035152 _____ () C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
2009-03-03 17:18 - 2009-03-03 17:18 - 00138064 _____ () C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
2004-08-10 12:50 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2003-08-29 20:05 - 2003-08-29 20:05 - 00360448 _____ () C:\Program Files\SpywareGuard\sgmain.exe
2003-08-29 12:14 - 2003-08-29 12:14 - 00233472 _____ () C:\Program Files\SpywareGuard\sgbhp.exe
2013-07-11 09:14 - 2013-07-11 09:14 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e1bef242\mscorlib.dll
2013-07-11 09:13 - 2013-07-11 09:13 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_fc348eec\system.dll
2013-07-11 09:14 - 2013-07-11 09:14 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_e6899d60\system.xml.dll
2013-01-20 10:36 - 2013-01-11 04:17 - 00105984 _____ () C:\Program Files\Free Download Manager\fdmumsp.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:12D2EB9C
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:24FFE96C
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2AE74FF9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:397D67BA
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:40D8F125
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:52C24010
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:65B8AF94
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:689AB7E9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:7F24D3D8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:93C48025
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9FD757A9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:AA0017FD
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:ADF211B1
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E0888117
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E805D576
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E80802C7
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:EE198B1F
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:EEB25EAE

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Warner Bros.lnk => C:\WINDOWS\pss\Warner Bros.lnkStartup
MSCONFIG\startupreg: Ad-Watch => C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
MSCONFIG\startupreg: AmazonGSDownloaderTray => C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
MSCONFIG\startupreg: dcmsvc => C:\Program Files\dcmsvc\dcmsvc.exe
MSCONFIG\startupreg: DellAutomatedPCTuneUp => "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: dscactivate => "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
MSCONFIG\startupreg: GFI Backup 2009 - Home Edition => "N:\PROGRA~1\GFIBAC~1\GFIAgent.exe"
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: LifeCam => "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: RoxioDragToDisc => "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
MSCONFIG\startupreg: Samsung PanelMgr => C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre6\bin\jusched.exe"
MSCONFIG\startupreg: VX3000 => C:\WINDOWS\vVX3000.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/13/2014 09:58:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7860

Error: (04/13/2014 09:58:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7860

Error: (04/13/2014 09:58:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/13/2014 09:58:28 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5906

Error: (04/13/2014 09:58:28 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5906

Error: (04/13/2014 09:58:28 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/13/2014 09:58:26 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3953

Error: (04/13/2014 09:58:26 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3953

Error: (04/13/2014 09:58:26 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/13/2014 09:58:24 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1953

System errors:
=============
Error: (04/14/2014 06:45:30 PM) (Source: Service Control Manager) (User: )
Description: The Server Microsoft service terminated with the following error:
%%126

Error: (04/14/2014 06:45:30 PM) (Source: Service Control Manager) (User: )
Description: The PCASp50 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (04/13/2014 08:28:18 AM) (Source: Service Control Manager) (User: )
Description: The Server Microsoft service terminated with the following error:
%%126

Error: (04/13/2014 08:28:18 AM) (Source: Service Control Manager) (User: )
Description: The PCASp50 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (04/12/2014 11:12:03 AM) (Source: Service Control Manager) (User: )
Description: The Server Microsoft service terminated with the following error:
%%126

Error: (04/12/2014 11:12:03 AM) (Source: Service Control Manager) (User: )
Description: The PCASp50 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (04/12/2014 11:10:54 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (04/12/2014 10:33:39 AM) (Source: Service Control Manager) (User: )
Description: The Server Microsoft service terminated with the following error:
%%126

Error: (04/12/2014 10:33:39 AM) (Source: Service Control Manager) (User: )
Description: The PCASp50 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (04/12/2014 10:30:45 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Microsoft Office Sessions:
=========================
Error: (04/13/2014 09:58:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7860

Error: (04/13/2014 09:58:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7860

Error: (04/13/2014 09:58:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/13/2014 09:58:28 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5906

Error: (04/13/2014 09:58:28 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5906

Error: (04/13/2014 09:58:28 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/13/2014 09:58:26 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3953

Error: (04/13/2014 09:58:26 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3953

Error: (04/13/2014 09:58:26 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/13/2014 09:58:24 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1953

==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 2814.1 MB
Available physical RAM: 1895.1 MB
Total Pagefile: 4701.11 MB
Available Pagefile: 3298.17 MB
Total Virtual: 2047.88 MB
Available Virtual: 1941.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.96 GB) (Free:23.57 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive j: (DRV7_VOL5) (Fixed) (Total:76.5 GB) (Free:70.33 GB) NTFS
Drive k: (DRV7_VOL4) (Fixed) (Total:74.37 GB) (Free:48.27 GB) NTFS
Drive l: (DRV7_VOL3) (Fixed) (Total:73.85 GB) (Free:10.56 GB) NTFS
Drive m: (DRV7_VOL2(SCHOOL STUFF)) (Fixed) (Total:74.43 GB) (Free:71.6 GB) NTFS
Drive n: (DRV7_VOL1) (Fixed) (Total:73.46 GB) (Free:60.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: D0F4738C)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 373 GB) (Disk ID: 3B614427)
Partition 1: (Not Active) - (Size=73 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=299 GB) - (Type=OF Extended)

==================== End Of Log ============================

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-04-14 18:59:43
-----------------------------
18:59:43.015    OS Version: Windows 5.1.2600 Service Pack 3
18:59:43.015    Number of processors: 2 586 0xF0B
18:59:43.015    ComputerName: D5YG9NF1  UserName: Owner
18:59:43.406    Initialize success
18:59:46.281    AVAST engine defs: 14041201
19:01:20.953    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:01:20.953    Disk 0 Vendor: ST3160815AS 3.ADA Size: 152587MB BusType: 3
19:01:20.953    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-24
19:01:20.953    Disk 1 Vendor: WDC_WD4000AAJS-00YFA0 12.01C02 Size: 381554MB BusType: 3
19:01:21.062    Disk 0 MBR read successfully
19:01:21.062    Disk 0 MBR scan
19:01:21.062    Disk 0 Windows XP default MBR code
19:01:21.062    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       54 MB offset 63
19:01:21.078    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       152531 MB offset 112455
19:01:21.078    Disk 0 scanning sectors +312496380
19:01:21.125    Disk 0 scanning C:\WINDOWS\system32\drivers
19:01:28.890    Service scanning
19:01:42.250    Modules scanning
19:01:46.421    Disk 0 trace - called modules:
19:01:46.437    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:01:46.437    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae92ab8]
19:01:46.437    3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000006c[0x8ae4f5a0]
19:01:46.437    5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ae98d98]
19:01:46.859    AVAST engine scan C:\WINDOWS
19:02:06.765    AVAST engine scan C:\WINDOWS\system32
19:02:09.328    Disk 0 MBR has been saved successfully to "K:\DAD 2014\fix 2014\MBR.dat"
19:02:09.328    The log file has been saved successfully to "K:\DAD 2014\fix 2014\aswMBR.txt"

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-04-14 18:59:43
-----------------------------
18:59:43.015    OS Version: Windows 5.1.2600 Service Pack 3
18:59:43.015    Number of processors: 2 586 0xF0B
18:59:43.015    ComputerName: D5YG9NF1  UserName: Owner
18:59:43.406    Initialize success
18:59:46.281    AVAST engine defs: 14041201
19:01:20.953    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:01:20.953    Disk 0 Vendor: ST3160815AS 3.ADA Size: 152587MB BusType: 3
19:01:20.953    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-24
19:01:20.953    Disk 1 Vendor: WDC_WD4000AAJS-00YFA0 12.01C02 Size: 381554MB BusType: 3
19:01:21.062    Disk 0 MBR read successfully
19:01:21.062    Disk 0 MBR scan
19:01:21.062    Disk 0 Windows XP default MBR code
19:01:21.062    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       54 MB offset 63
19:01:21.078    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       152531 MB offset 112455
19:01:21.078    Disk 0 scanning sectors +312496380
19:01:21.125    Disk 0 scanning C:\WINDOWS\system32\drivers
19:01:28.890    Service scanning
19:01:42.250    Modules scanning
19:01:46.421    Disk 0 trace - called modules:
19:01:46.437    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:01:46.437    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae92ab8]
19:01:46.437    3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000006c[0x8ae4f5a0]
19:01:46.437    5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ae98d98]
19:01:46.859    AVAST engine scan C:\WINDOWS
19:02:06.765    AVAST engine scan C:\WINDOWS\system32
19:02:09.328    Disk 0 MBR has been saved successfully to "K:\DAD 2014\fix 2014\MBR.dat"
19:02:09.328    The log file has been saved successfully to "K:\DAD 2014\fix 2014\aswMBR.txt"
19:04:10.640    AVAST engine scan C:\WINDOWS\system32\drivers
19:04:23.500    AVAST engine scan C:\Documents and Settings\Owner
19:04:50.046    Disk 0 MBR has been saved successfully to "K:\DAD 2014\fix 2014\MBR.dat"
19:04:50.046    The log file has been saved successfully to "K:\DAD 2014\fix 2014\aswMBR.txt"

 


  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Please post the rest of the requested logs at your convenience and we'll continue. Also, please post the logs in a normal sized font, it makes them easier to research. :thumbsup:
  • 0

#5
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts

Hi!  You asked "Things I need to see in your next post:

FRST Log

Additions.txt Log

aswMBR Log"

 

I posted all of them...sorry about the font, I just copied and pasted from Notepad and never even noticed.  Is there something else I missed???


  • 0

#6
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
No, you didn't miss anything. That was my mistake, I guess the font just threw me off :)

I'll get to work on these immediately. :thumbsup:
  • 0

#7
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi :) Let's get started.

Step 1: Uninstall Programs and Comodo

Please click on the link below for a Comodo Removal tool to help remove it from your system.

http://forums.comodo.../-t71897.0.html

Please uninstall this program from your computer: Coupon Printer for Windows


Step 2: FRST Fix
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Documents and Settings\All Users\dcmsvcsetup.exe
C:\Documents and Settings\All Users\invokesi.exe
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:12D2EB9C
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:24FFE96C
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2AE74FF9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:397D67BA
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:40D8F125
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:52C24010
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:65B8AF94
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:689AB7E9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:7F24D3D8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:93C48025
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9FD757A9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:AA0017FD
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:ADF211B1
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E0888117
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E805D576
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E80802C7
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:EE198B1F
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:EEB25EAE
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 4: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 5: Fresh FRST Scan


Start Farbar's Recovery Scan Tool and press the Scan button.

The tool will scan your machine and produce one log this time, please post it in you next reply.

Things I need to see in your next post:

FRST Fix Log

AdwCleaner Log

Junkware Removal Tool Log

Fresh FRST Scan Log

Question: How is the computer running?

  • 0

#8
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-04-2014 02
Ran by Owner at 2014-04-16 16:04:13 Run:1
Running from K:\DAD 2014\fix 2014
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Documents and Settings\All Users\dcmsvcsetup.exe
C:\Documents and Settings\All Users\invokesi.exe
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:12D2EB9C
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:24FFE96C
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2AE74FF9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:397D67BA
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:40D8F125
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:52C24010
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:65B8AF94
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:689AB7E9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:7F24D3D8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:93C48025
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9FD757A9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:AA0017FD
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:ADF211B1
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E0888117
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E805D576
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E80802C7
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:EE198B1F
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:EEB25EAE
End

*****************

HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\Documents and Settings\All Users\dcmsvcsetup.exe => Moved successfully.
C:\Documents and Settings\All Users\invokesi.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":12D2EB9C" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":24FFE96C" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":2AE74FF9" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":397D67BA" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":40D8F125" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":52C24010" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":5C321E34" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":65B8AF94" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":689AB7E9" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":70E897B5" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":7F24D3D8" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":93C48025" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":9FD757A9" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":AA0017FD" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":ADF211B1" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":D31BE97C" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":E0888117" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":E805D576" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":E80802C7" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":E91ADC66" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":EE198B1F" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":EEB25EAE" ADS removed successfully.

==== End of Fixlog ====

 

 

 

# AdwCleaner v3.023 - Report created 16/04/2014 at 16:11:14
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - D5YG9NF1
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\FreeRIP
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Alawar
Folder Deleted : C:\Program Files\Trymedia
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Alawar

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\MGShareware
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\MGShareware
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Trymedia Systems

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v

[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\[email protected]\prefs.js ]

-\\ Google Chrome v

[ File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1897 octets] - [16/04/2014 16:08:36]
AdwCleaner[S0].txt - [1860 octets] - [16/04/2014 16:11:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1920 octets] ##########

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Owner on Wed 04/16/2014 at 16:43:50.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\big fish games"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\getrighttogo"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\thinstall"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\thinstall"
Successfully deleted: [Folder] "C:\Program Files\myfuncards_5mei"

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/16/2014 at 16:47:09.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-04-2014 02
Ran by Owner (administrator) on D5YG9NF1 on 16-04-2014 17:03:20
Running from K:\DAD 2014\fix 2014
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(ScanSoft, Inc) C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
(Microsoft Corporation) C:\WINDOWS\vVX3000.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
() C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
(Logitech Inc.) C:\Program Files\Logitech\Vid HD\Vid.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SingleClick Systems) C:\Program Files\Dell Network Assistant\hnm_svc.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Microsoft Corporation) C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Pinnacle Systems) C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16132608 2007-07-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2007-07-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Omnipage] => C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [49152 2002-06-03] (ScanSoft, Inc)
HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [VX3000] => C:\WINDOWS\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [PinnacleDriverCheck] => C:\WINDOWS\system32\PSDrvCheck.exe [406016 2004-03-11] ()
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-12] (AVAST Software)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [15711008 2013-11-11] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMCTray.dll [209184 2013-11-11] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2602784 2013-11-11] ()
HKLM\...\Run: [Nvtmru] => C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [Monitor] => C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2013-11-27] (LeapFrog Enterprises, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-927226146-1572789124-4019323850-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-31] (SUPERAntiSpyware)
HKU\S-1-5-21-927226146-1572789124-4019323850-1003\...\Run: [Google Update] => C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-06-05] (Google Inc.)
HKU\S-1-5-21-927226146-1572789124-4019323850-1003\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Vid HD\Vid.exe [6129496 2011-01-12] (Logitech Inc.)
HKU\S-1-5-21-927226146-1572789124-4019323850-1003\...\MountPoints2: {6a3f8d99-59ab-11dd-8a1d-cb22b4539c44} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-927226146-1572789124-4019323850-1003\...\MountPoints2: {ae025438-1f79-11dd-89a9-fa0d89eeaafb} - O:\LaunchU3.exe -a
HKU\S-1-5-21-927226146-1572789124-4019323850-1003\...\MountPoints2: {cd0e6d32-1eaa-11dd-89a7-cda8a13906f8} - O:\LaunchU3.exe -a
Lsa: [Notification Packages] scecli scecli
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk
ShortcutTarget: SpywareGuard.lnk -> C:\Program Files\SpywareGuard\sgmain.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...?channel=us-smb
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co...?channel=us-smb
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yah...}&fr=chr-comodo
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [86016 2004-02-24] (Qualcomm Inc.)
ShellExecuteHooks: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll [126976 2003-08-03] ()
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\[email protected]
FF Homepage: hxxp://us.yahoo.com?fr=fp-comodo
FF DefaultSearchEngine: Yahoo
FF Keyword.URL: hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p=
FF SelectedSearchEngine: Yahoo
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-01-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======
CHR HomePage: hxxp://us.yahoo.com?fr=fpc-comodo
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.116\gcswf32.dll No File
CHR Plugin: (Java™ Platform SE 6 U13) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Chrome NaCl) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.116\gears.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Move Streaming Media Player) - C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071705000014.dll No File
CHR Plugin: (Google Update) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Wallet) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-15] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-31] (AVAST Software)
S4 GFIBckHAtt; N:\Program Files\GFI Backup 2009 - Home Edition\GFIHInst.exe [440616 2009-09-15] (GFI Software Ltd.)
S4 GFIBckHSched; N:\Program Files\GFI Backup 2009 - Home Edition\GFIHSched.exe [1412392 2009-09-15] (GFI Software Ltd.)
R2 hnmsvc; C:\Program Files\Dell Network Assistant\hnm_svc.exe [112176 2007-05-25] (SingleClick Systems)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2009-03-09] (Sun Microsystems, Inc.)
R2 MSSQL$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [9158656 2008-12-18] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [73728 2005-05-03] (Microsoft Corporation)
R2 PinnacleSys.MediaServer; C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe [49152 2006-01-19] (Pinnacle Systems)
S3 SQLAgent$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE [323584 2005-05-03] (Microsoft Corporation)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S2 oenzbwuo; C:\WINDOWS\system32\hhvlawo.dll [X]
S4 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [X]

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 ASAPIW2K; C:\WINDOWS\System32\drivers\ASAPIW2k.sys [11264 2005-02-23] (VOB Computersysteme GmbH)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-04-12] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-31] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2013-11-02] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-31] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-01-31] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-31] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-01-31] ()
S3 BCM42RLY; C:\WINDOWS\System32\BCM42RLY.SYS [17992 2005-02-01] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 DigiartyVirtualCDBus; C:\WINDOWS\System32\drivers\DigiartyVirtualCDBus.sys [163616 2013-05-08] (Digiarty Software, Inc.)
S3 HP8107Fltr; C:\WINDOWS\System32\DRIVERS\HP8107.sys [12672 2010-02-05] (Windows ® Win 7 DDK provider)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-05-16] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-05-16] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-05-16] (HP)
R3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171008 2005-07-13] (Pinnacle Systems GmbH)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [128672 2013-06-16] (NVIDIA Corporation)
R2 Packet; C:\WINDOWS\System32\DRIVERS\packet.sys [12672 2006-12-18] (SingleClick Systems)
R1 PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH)
S3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [245248 2005-11-24] (Ralink Technology, Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys [X]
S2 PCASp50; System32\Drivers\PCASp50.sys [X]
S3 rt2870; system32\DRIVERS\rt2870.sys [X]
S3 RTL8187B; system32\DRIVERS\RTL8187B.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-13] (Microsoft Corporation)
S3 SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys [X]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

NETSVC: qwbgaaml -> No Registry Path.
NETSVC: oenzbwuo -> C:\WINDOWS\system32\hhvlawo.dll ==> No File.

==================== One Month Created Files and Folders ========

2014-04-16 17:02 - 2014-04-16 17:02 - 00000552 _____ () C:\Documents and Settings\Owner\Desktop\Shortcut to Fixlog.txt.lnk
2014-04-16 16:47 - 2014-04-16 16:47 - 00001369 _____ () C:\Documents and Settings\Owner\Desktop\JRT.txt
2014-04-16 16:38 - 2014-04-16 16:38 - 00002000 _____ () C:\Documents and Settings\Owner\Desktop\AdwCleaner[S0].txt
2014-04-16 16:37 - 2014-04-16 16:37 - 01016261 _____ (Thisisu) C:\Documents and Settings\Owner\Desktop\JRT.exe
2014-04-16 16:06 - 2014-04-16 16:11 - 00000000 ____D () C:\AdwCleaner
2014-04-16 16:05 - 2014-04-16 16:05 - 01426178 _____ () C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
2014-04-16 16:02 - 2014-04-16 16:02 - 00002171 _____ () C:\Documents and Settings\Owner\Desktop\fixlist.txt
2014-04-16 16:01 - 2014-04-16 16:01 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Uninstaller Tool(Comodo Forums)
2014-04-14 18:50 - 2014-04-16 17:03 - 00000000 ____D () C:\FRST
2014-04-12 17:50 - 2014-04-12 17:50 - 00000686 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-12 17:50 - 2014-04-12 17:50 - 00000000 ____D () C:\Program Files\Malwarebytes
2014-04-12 17:50 - 2014-04-12 17:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-12 17:50 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-12 17:50 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-12 17:46 - 2014-04-12 17:50 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-04-12 10:21 - 2014-02-25 20:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-04-12 10:21 - 2014-02-25 20:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-04-12 08:32 - 2014-04-12 08:32 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Application Data\SUPERAntiSpyware.com
2014-04-11 19:38 - 2014-04-11 19:38 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Application Data\AVAST Software
2014-04-11 18:23 - 2014-04-11 18:23 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Application Data\Malwarebytes
2014-04-11 17:07 - 2014-04-11 17:07 - 00000000 ____D () C:\cis
2014-04-11 17:03 - 2014-04-11 18:09 - 00001238 __RSH () C:\WINDOWS\system32\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf
2014-04-11 17:03 - 2014-04-11 18:09 - 00000720 _____ () C:\WINDOWS\system32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
2014-04-11 15:35 - 2014-04-12 09:55 - 00000012 _____ () C:\WINDOWS\CUAppUsage.Dat
2014-04-11 15:27 - 2014-04-11 15:27 - 00090112 _____ () C:\WINDOWS\Minidump\Mini041114-01.dmp
2014-04-11 15:18 - 2014-04-11 15:18 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Local Settings\Application Data\Adobe
2014-04-11 15:15 - 2014-04-12 10:10 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Application Data\Adobe
2014-04-11 15:14 - 2014-04-11 15:14 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\PrivacIE
2014-04-11 15:13 - 2014-04-12 10:10 - 00000000 ___SD () C:\Documents and Settings\Administrator.D5YG9NF1
2014-04-11 15:13 - 2014-01-31 23:02 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Application Data\Macromedia
2014-04-11 15:13 - 2013-03-13 22:00 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\IETldCache
2014-04-11 15:13 - 2008-02-19 00:49 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\My Documents\My Google Gadgets
2014-04-11 15:13 - 2008-02-19 00:48 - 00029528 _____ () C:\Documents and Settings\Administrator.D5YG9NF1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-04-11 15:13 - 2008-02-19 00:42 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Local Settings\Application Data\SingleClick Systems
2014-04-11 15:13 - 2008-02-19 00:39 - 00267662 _____ () C:\Documents and Settings\Administrator.D5YG9NF1\BD=1
2014-04-10 20:14 - 2014-04-12 10:58 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-10 20:09 - 2014-04-12 10:55 - 00025150 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-10 20:05 - 2014-04-16 16:54 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
2014-04-10 20:05 - 2014-04-13 09:26 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
2014-04-10 20:05 - 2014-04-12 09:59 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
2014-04-10 20:05 - 2014-04-12 09:59 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
2014-04-10 19:29 - 2014-04-12 10:09 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO I.evt
2014-04-10 17:44 - 2014-04-12 10:58 - 00027912 _____ () C:\WINDOWS\KB2922229.log
2014-03-23 12:26 - 2014-04-16 16:13 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-23 12:26 - 2014-04-13 08:52 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-22 21:54 - 2014-03-22 21:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-22 21:53 - 2014-04-12 10:55 - 00015095 _____ () C:\WINDOWS\KB2934207.log
2014-03-19 17:06 - 2014-03-19 17:06 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Skype
2014-03-19 17:05 - 2014-03-19 17:05 - 00000000 ___RD () C:\Program Files\Skype
2014-03-19 17:05 - 2014-03-19 17:05 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-19 17:05 - 2014-03-19 17:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype

==================== One Month Modified Files and Folders =======

2014-04-16 17:03 - 2014-04-14 18:50 - 00000000 ____D () C:\FRST
2014-04-16 17:02 - 2014-04-16 17:02 - 00000552 _____ () C:\Documents and Settings\Owner\Desktop\Shortcut to Fixlog.txt.lnk
2014-04-16 17:01 - 2013-11-20 18:23 - 00005146 _____ () C:\WINDOWS\system32\nvAppTimestamps
2014-04-16 16:54 - 2014-04-10 20:05 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
2014-04-16 16:50 - 2013-12-25 19:59 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-16 16:47 - 2014-04-16 16:47 - 00001369 _____ () C:\Documents and Settings\Owner\Desktop\JRT.txt
2014-04-16 16:43 - 2009-01-16 18:25 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-16 16:38 - 2014-04-16 16:38 - 00002000 _____ () C:\Documents and Settings\Owner\Desktop\AdwCleaner[S0].txt
2014-04-16 16:37 - 2014-04-16 16:37 - 01016261 _____ (Thisisu) C:\Documents and Settings\Owner\Desktop\JRT.exe
2014-04-16 16:37 - 2013-01-20 10:37 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Free Download Manager
2014-04-16 16:28 - 2013-05-16 15:03 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-927226146-1572789124-4019323850-1003UA.job
2014-04-16 16:23 - 2013-05-05 19:56 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-16 16:18 - 2013-05-04 11:01 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-04-16 16:16 - 2004-08-10 13:02 - 01338049 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-16 16:14 - 2004-08-10 12:59 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-16 16:14 - 2004-08-10 12:59 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-04-16 16:13 - 2014-03-23 12:26 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-16 16:13 - 2013-05-05 19:56 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-16 16:13 - 2004-08-10 13:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-16 16:12 - 2004-08-10 13:08 - 00032086 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-16 16:11 - 2014-04-16 16:06 - 00000000 ____D () C:\AdwCleaner
2014-04-16 16:11 - 2013-11-20 18:16 - 00000178 ___SH () C:\Documents and Settings\UpdatusUser\ntuser.ini
2014-04-16 16:11 - 2004-08-10 13:08 - 00000278 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-04-16 16:05 - 2014-04-16 16:05 - 01426178 _____ () C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
2014-04-16 16:02 - 2014-04-16 16:02 - 00002171 _____ () C:\Documents and Settings\Owner\Desktop\fixlist.txt
2014-04-16 16:01 - 2014-04-16 16:01 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Uninstaller Tool(Comodo Forums)
2014-04-16 15:50 - 2004-08-10 12:51 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-13 09:26 - 2014-04-10 20:05 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
2014-04-13 08:53 - 2013-08-01 16:35 - 00000000 ____D () C:\Program Files\SpywareBlaster2013
2014-04-13 08:52 - 2014-03-23 12:26 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-04-12 17:50 - 2014-04-12 17:50 - 00000686 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-12 17:50 - 2014-04-12 17:50 - 00000000 ____D () C:\Program Files\Malwarebytes
2014-04-12 17:50 - 2014-04-12 17:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-12 17:50 - 2014-04-12 17:46 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-04-12 17:50 - 2009-01-17 10:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-04-12 16:28 - 2011-06-05 09:40 - 00002284 _____ () C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
2014-04-12 10:58 - 2014-04-10 20:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-12 10:58 - 2014-04-10 17:44 - 00027912 _____ () C:\WINDOWS\KB2922229.log
2014-04-12 10:58 - 2013-10-12 16:46 - 00170874 _____ () C:\WINDOWS\setupapi.log
2014-04-12 10:58 - 2013-07-23 18:58 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-12 10:58 - 2004-08-10 12:57 - 02850063 _____ () C:\WINDOWS\FaxSetup.log
2014-04-12 10:58 - 2004-08-10 12:57 - 01371796 _____ () C:\WINDOWS\ocgen.log
2014-04-12 10:58 - 2004-08-10 12:57 - 01091368 _____ () C:\WINDOWS\tsoc.log
2014-04-12 10:58 - 2004-08-10 12:57 - 00798346 _____ () C:\WINDOWS\comsetup.log
2014-04-12 10:58 - 2004-08-10 12:57 - 00483391 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-12 10:58 - 2004-08-10 12:57 - 00451157 _____ () C:\WINDOWS\iis6.log
2014-04-12 10:58 - 2004-08-10 12:57 - 00141987 _____ () C:\WINDOWS\msgsocm.log
2014-04-12 10:58 - 2004-08-10 12:57 - 00131119 _____ () C:\WINDOWS\ocmsn.log
2014-04-12 10:58 - 2004-08-10 12:57 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-04-12 10:55 - 2014-04-10 20:09 - 00025150 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-12 10:55 - 2014-03-22 21:53 - 00015095 _____ () C:\WINDOWS\KB2934207.log
2014-04-12 10:55 - 2009-05-23 16:25 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-12 10:55 - 2008-02-19 00:33 - 00514601 _____ () C:\WINDOWS\updspapi.log
2014-04-12 10:55 - 2004-08-10 12:57 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-04-12 10:52 - 2009-01-19 10:06 - 00000554 _____ () C:\hpfr5550.xml
2014-04-12 10:52 - 2008-08-18 17:29 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\MEL
2014-04-12 10:52 - 2008-02-23 11:57 - 00002483 _____ () C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
2014-04-12 10:35 - 2013-05-04 11:01 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2014-04-12 10:28 - 2013-05-16 15:03 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-927226146-1572789124-4019323850-1003Core.job
2014-04-12 10:27 - 2011-07-29 17:23 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-04-12 10:18 - 2013-05-04 11:01 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-04-12 10:14 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-04-12 10:14 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-04-12 10:14 - 2004-08-10 13:08 - 00000000 ____D () C:\Documents and Settings\Owner
2014-04-12 10:14 - 2004-08-10 13:02 - 00000000 ____D () C:\WINDOWS\Registration
2014-04-12 10:10 - 2014-04-11 15:15 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Application Data\Adobe
2014-04-12 10:10 - 2014-04-11 15:13 - 00000000 ___SD () C:\Documents and Settings\Administrator.D5YG9NF1
2014-04-12 10:09 - 2014-04-10 19:29 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO I.evt
2014-04-12 09:59 - 2014-04-10 20:05 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
2014-04-12 09:59 - 2014-04-10 20:05 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
2014-04-12 09:55 - 2014-04-11 15:35 - 00000012 _____ () C:\WINDOWS\CUAppUsage.Dat
2014-04-12 08:32 - 2014-04-12 08:32 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Application Data\SUPERAntiSpyware.com
2014-04-11 19:38 - 2014-04-11 19:38 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Application Data\AVAST Software
2014-04-11 19:35 - 2013-12-10 20:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2014-04-11 18:23 - 2014-04-11 18:23 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Application Data\Malwarebytes
2014-04-11 18:09 - 2014-04-11 17:03 - 00001238 __RSH () C:\WINDOWS\system32\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf
2014-04-11 18:09 - 2014-04-11 17:03 - 00000720 _____ () C:\WINDOWS\system32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
2014-04-11 17:07 - 2014-04-11 17:07 - 00000000 ____D () C:\cis
2014-04-11 16:28 - 2004-08-10 12:51 - 00000676 _____ () C:\WINDOWS\win.ini
2014-04-11 16:28 - 2004-08-10 12:51 - 00000254 _____ () C:\WINDOWS\SYSTEM.INI
2014-04-11 15:27 - 2014-04-11 15:27 - 00090112 _____ () C:\WINDOWS\Minidump\Mini041114-01.dmp
2014-04-11 15:27 - 2008-03-17 20:07 - 00000000 ____D () C:\WINDOWS\Minidump
2014-04-11 15:18 - 2014-04-11 15:18 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Local Settings\Application Data\Adobe
2014-04-11 15:14 - 2014-04-11 15:14 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\PrivacIE
2014-04-10 20:11 - 2009-07-19 11:50 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-04-08 17:29 - 2012-09-08 20:57 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Skype
2014-04-03 09:51 - 2014-04-12 17:50 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-03 09:50 - 2014-04-12 17:50 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-23 14:11 - 2013-09-14 16:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\rionix
2014-03-22 21:54 - 2014-03-22 21:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-22 12:06 - 2008-02-23 11:57 - 00002469 _____ () C:\Documents and Settings\Owner\Desktop\Microsoft PowerPoint.lnk
2014-03-19 17:06 - 2014-03-19 17:06 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Skype
2014-03-19 17:06 - 2012-09-08 20:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-03-19 17:06 - 2004-08-10 12:57 - 00632734 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-19 17:05 - 2014-03-19 17:05 - 00000000 ___RD () C:\Program Files\Skype
2014-03-19 17:05 - 2014-03-19 17:05 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-19 17:05 - 2014-03-19 17:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-03-19 17:02 - 2012-09-08 20:57 - 00002265 _____ () C:\Documents and Settings\All Users\Desktop\Skype (hellothomas2011).lnk

Some content of TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Owner\Local Settings\Temp\TsuFAA866BE.dll

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================


  • 0

#9
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi, how is the computer running? Also, did the Comodo uninstall go ok?

Also, there has been a new version of Farbar's Recovery Scan Tool updated and released yesterday. Let's get a fresh look with the new version. :thumbsup:



Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post

Answer regarding the Comodo uninstall

Fresh FRST Log

Fresh Additions.txt Log

  • 0

#10
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts

Hi!  As far as I can tell the Comodo uninstall went well!  I had removed what I could thru safemode, but I'm guessing there was still a bunch of things left behind, so I'm hoping the Comodo tool took care of that.  The computer seems to be running better:)))  Now if I can just get my Panasonic Blu Ray player working again, but that's another story.  I also thank you very much for all of your help.  I had to come here once before with some virus/malware issues and it is REALLY great to be able to get help like this.  If I was a little younger, I think I would be interested in learning how to do all this stuff, but right now I'm just thankful there are people like you willing to help out.  Again, THANK YOU very much for all of your help!  Here's the other information you asked for. 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-04-2014 01
Ran by Owner (administrator) on D5YG9NF1 on 17-04-2014 17:40:54
Running from C:\Documents and Settings\Owner\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(ScanSoft, Inc) C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
(Microsoft Corporation) C:\WINDOWS\vVX3000.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
() C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Logitech Inc.) C:\Program Files\Logitech\Vid HD\Vid.exe
() C:\Program Files\SpywareGuard\sgmain.exe
() C:\Program Files\SpywareGuard\sgbhp.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SingleClick Systems) C:\Program Files\Dell Network Assistant\hnm_svc.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Microsoft Corporation) C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Pinnacle Systems) C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16132608 2007-07-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2007-07-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Omnipage] => C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [49152 2002-06-03] (ScanSoft, Inc)
HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [VX3000] => C:\WINDOWS\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [PinnacleDriverCheck] => C:\WINDOWS\system32\PSDrvCheck.exe [406016 2004-03-11] ()
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-12] (AVAST Software)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [15711008 2013-11-11] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMCTray.dll [209184 2013-11-11] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2602784 2013-11-11] ()
HKLM\...\Run: [Nvtmru] => C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [Monitor] => C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2013-11-27] (LeapFrog Enterprises, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-927226146-1572789124-4019323850-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-31] (SUPERAntiSpyware)
HKU\S-1-5-21-927226146-1572789124-4019323850-1003\...\Run: [Google Update] => C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-06-05] (Google Inc.)
HKU\S-1-5-21-927226146-1572789124-4019323850-1003\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Vid HD\Vid.exe [6129496 2011-01-12] (Logitech Inc.)
HKU\S-1-5-21-927226146-1572789124-4019323850-1003\...\MountPoints2: {6a3f8d99-59ab-11dd-8a1d-cb22b4539c44} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-927226146-1572789124-4019323850-1003\...\MountPoints2: {ae025438-1f79-11dd-89a9-fa0d89eeaafb} - O:\LaunchU3.exe -a
HKU\S-1-5-21-927226146-1572789124-4019323850-1003\...\MountPoints2: {cd0e6d32-1eaa-11dd-89a7-cda8a13906f8} - O:\LaunchU3.exe -a
Lsa: [Notification Packages] scecli scecli
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk
ShortcutTarget: SpywareGuard.lnk -> C:\Program Files\SpywareGuard\sgmain.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...?channel=us-smb
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co...?channel=us-smb
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yah...}&fr=chr-comodo
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [86016 2004-02-24] (Qualcomm Inc.)
ShellExecuteHooks: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll [126976 2003-08-03] ()
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\[email protected]
FF Homepage: hxxp://us.yahoo.com?fr=fp-comodo
FF DefaultSearchEngine: Yahoo
FF Keyword.URL: hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p=
FF SelectedSearchEngine: Yahoo
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-01-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======
CHR HomePage: hxxp://us.yahoo.com?fr=fpc-comodo
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.116\gcswf32.dll No File
CHR Plugin: (Java™ Platform SE 6 U13) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Chrome NaCl) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.116\gears.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Move Streaming Media Player) - C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071705000014.dll No File
CHR Plugin: (Google Update) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Wallet) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-15] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-31] (AVAST Software)
S4 GFIBckHAtt; N:\Program Files\GFI Backup 2009 - Home Edition\GFIHInst.exe [440616 2009-09-15] (GFI Software Ltd.)
S4 GFIBckHSched; N:\Program Files\GFI Backup 2009 - Home Edition\GFIHSched.exe [1412392 2009-09-15] (GFI Software Ltd.)
R2 hnmsvc; C:\Program Files\Dell Network Assistant\hnm_svc.exe [112176 2007-05-25] (SingleClick Systems)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2009-03-09] (Sun Microsystems, Inc.)
R2 MSSQL$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [9158656 2008-12-18] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [73728 2005-05-03] (Microsoft Corporation)
R2 PinnacleSys.MediaServer; C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe [49152 2006-01-19] (Pinnacle Systems)
S3 SQLAgent$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE [323584 2005-05-03] (Microsoft Corporation)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S2 oenzbwuo; C:\WINDOWS\system32\hhvlawo.dll [X]
S4 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [X]

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 ASAPIW2K; C:\WINDOWS\System32\drivers\ASAPIW2k.sys [11264 2005-02-23] (VOB Computersysteme GmbH)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-04-12] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-31] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2013-11-02] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-31] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-01-31] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-31] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-01-31] ()
S3 BCM42RLY; C:\WINDOWS\System32\BCM42RLY.SYS [17992 2005-02-01] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 DigiartyVirtualCDBus; C:\WINDOWS\System32\drivers\DigiartyVirtualCDBus.sys [163616 2013-05-08] (Digiarty Software, Inc.)
S3 HP8107Fltr; C:\WINDOWS\System32\DRIVERS\HP8107.sys [12672 2010-02-05] (Windows ® Win 7 DDK provider)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-05-16] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-05-16] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-05-16] (HP)
R3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171008 2005-07-13] (Pinnacle Systems GmbH)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [128672 2013-06-16] (NVIDIA Corporation)
R2 Packet; C:\WINDOWS\System32\DRIVERS\packet.sys [12672 2006-12-18] (SingleClick Systems)
R1 PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH)
S3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [245248 2005-11-24] (Ralink Technology, Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys [X]
S2 PCASp50; System32\Drivers\PCASp50.sys [X]
S3 rt2870; system32\DRIVERS\rt2870.sys [X]
S3 RTL8187B; system32\DRIVERS\RTL8187B.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-13] (Microsoft Corporation)
S3 SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys [X]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

NETSVC: qwbgaaml -> No Registry Path.
NETSVC: oenzbwuo -> C:\WINDOWS\system32\hhvlawo.dll ==> No File.

==================== One Month Created Files and Folders ========

2014-04-17 17:40 - 2014-04-17 17:41 - 00019793 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt
2014-04-17 17:40 - 2014-04-17 17:40 - 01146880 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2014-04-16 17:10 - 2014-04-16 17:10 - 00036381 _____ () C:\Documents and Settings\Owner\Desktop\FRST(2nd time).txt
2014-04-16 17:02 - 2014-04-16 17:02 - 00000552 _____ () C:\Documents and Settings\Owner\Desktop\Shortcut to Fixlog.txt.lnk
2014-04-16 16:47 - 2014-04-16 16:47 - 00001369 _____ () C:\Documents and Settings\Owner\Desktop\JRT.txt
2014-04-16 16:38 - 2014-04-16 16:38 - 00002000 _____ () C:\Documents and Settings\Owner\Desktop\AdwCleaner[S0].txt
2014-04-16 16:37 - 2014-04-16 16:37 - 01016261 _____ (Thisisu) C:\Documents and Settings\Owner\Desktop\JRT.exe
2014-04-16 16:06 - 2014-04-16 16:11 - 00000000 ____D () C:\AdwCleaner
2014-04-16 16:05 - 2014-04-16 16:05 - 01426178 _____ () C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
2014-04-16 16:02 - 2014-04-16 16:02 - 00002171 _____ () C:\Documents and Settings\Owner\Desktop\fixlist.txt
2014-04-16 16:01 - 2014-04-16 16:01 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Uninstaller Tool(Comodo Forums)
2014-04-14 18:50 - 2014-04-17 17:40 - 00000000 ____D () C:\FRST
2014-04-12 17:50 - 2014-04-12 17:50 - 00000686 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-12 17:50 - 2014-04-12 17:50 - 00000000 ____D () C:\Program Files\Malwarebytes
2014-04-12 17:50 - 2014-04-12 17:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-12 17:50 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-12 17:50 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-12 17:46 - 2014-04-12 17:50 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-04-12 10:21 - 2014-02-25 20:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-04-12 10:21 - 2014-02-25 20:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-04-12 08:32 - 2014-04-12 08:32 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Application Data\SUPERAntiSpyware.com
2014-04-11 19:38 - 2014-04-11 19:38 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Application Data\AVAST Software
2014-04-11 18:23 - 2014-04-11 18:23 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Application Data\Malwarebytes
2014-04-11 17:07 - 2014-04-11 17:07 - 00000000 ____D () C:\cis
2014-04-11 17:03 - 2014-04-11 18:09 - 00001238 __RSH () C:\WINDOWS\system32\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf
2014-04-11 17:03 - 2014-04-11 18:09 - 00000720 _____ () C:\WINDOWS\system32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
2014-04-11 15:35 - 2014-04-12 09:55 - 00000012 _____ () C:\WINDOWS\CUAppUsage.Dat
2014-04-11 15:27 - 2014-04-11 15:27 - 00090112 _____ () C:\WINDOWS\Minidump\Mini041114-01.dmp
2014-04-11 15:18 - 2014-04-11 15:18 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Local Settings\Application Data\Adobe
2014-04-11 15:15 - 2014-04-12 10:10 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Application Data\Adobe
2014-04-11 15:14 - 2014-04-11 15:14 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\PrivacIE
2014-04-11 15:13 - 2014-04-12 10:10 - 00000000 ___SD () C:\Documents and Settings\Administrator.D5YG9NF1
2014-04-11 15:13 - 2014-01-31 23:02 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Application Data\Macromedia
2014-04-11 15:13 - 2013-03-13 22:00 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\IETldCache
2014-04-11 15:13 - 2008-02-19 00:49 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\My Documents\My Google Gadgets
2014-04-11 15:13 - 2008-02-19 00:48 - 00029528 _____ () C:\Documents and Settings\Administrator.D5YG9NF1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-04-11 15:13 - 2008-02-19 00:42 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Local Settings\Application Data\SingleClick Systems
2014-04-11 15:13 - 2008-02-19 00:39 - 00267662 _____ () C:\Documents and Settings\Administrator.D5YG9NF1\BD=1
2014-04-10 20:14 - 2014-04-12 10:58 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-10 20:09 - 2014-04-12 10:55 - 00025150 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-10 20:05 - 2014-04-17 17:25 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
2014-04-10 20:05 - 2014-04-13 09:26 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
2014-04-10 20:05 - 2014-04-12 09:59 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
2014-04-10 20:05 - 2014-04-12 09:59 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
2014-04-10 19:29 - 2014-04-12 10:09 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO I.evt
2014-04-10 17:44 - 2014-04-12 10:58 - 00027912 _____ () C:\WINDOWS\KB2922229.log
2014-03-23 12:26 - 2014-04-17 17:20 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-23 12:26 - 2014-04-13 08:52 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-22 21:54 - 2014-03-22 21:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-22 21:53 - 2014-04-12 10:55 - 00015095 _____ () C:\WINDOWS\KB2934207.log
2014-03-19 17:06 - 2014-03-19 17:06 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Skype
2014-03-19 17:05 - 2014-03-19 17:05 - 00000000 ___RD () C:\Program Files\Skype
2014-03-19 17:05 - 2014-03-19 17:05 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-19 17:05 - 2014-03-19 17:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype

==================== One Month Modified Files and Folders =======

2014-04-17 17:41 - 2014-04-17 17:40 - 00019793 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt
2014-04-17 17:40 - 2014-04-17 17:40 - 01146880 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2014-04-17 17:40 - 2014-04-14 18:50 - 00000000 ____D () C:\FRST
2014-04-17 17:40 - 2013-01-20 10:37 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Free Download Manager
2014-04-17 17:39 - 2013-11-20 18:23 - 00005146 _____ () C:\WINDOWS\system32\nvAppTimestamps
2014-04-17 17:28 - 2013-05-16 15:03 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-927226146-1572789124-4019323850-1003UA.job
2014-04-17 17:26 - 2013-05-04 11:01 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-04-17 17:25 - 2014-04-10 20:05 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
2014-04-17 17:23 - 2013-05-05 19:56 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-17 17:22 - 2004-08-10 13:02 - 01355543 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-17 17:22 - 2004-08-10 12:59 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-17 17:21 - 2004-08-10 12:59 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-04-17 17:20 - 2014-03-23 12:26 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-17 17:20 - 2013-05-05 19:56 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-17 17:20 - 2004-08-10 13:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-17 14:13 - 2004-08-10 13:08 - 00032476 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-17 14:13 - 2004-08-10 13:08 - 00000278 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-04-17 14:12 - 2012-09-08 20:57 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Skype
2014-04-17 13:50 - 2013-12-25 19:59 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-16 17:10 - 2014-04-16 17:10 - 00036381 _____ () C:\Documents and Settings\Owner\Desktop\FRST(2nd time).txt
2014-04-16 17:02 - 2014-04-16 17:02 - 00000552 _____ () C:\Documents and Settings\Owner\Desktop\Shortcut to Fixlog.txt.lnk
2014-04-16 16:47 - 2014-04-16 16:47 - 00001369 _____ () C:\Documents and Settings\Owner\Desktop\JRT.txt
2014-04-16 16:43 - 2009-01-16 18:25 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-16 16:38 - 2014-04-16 16:38 - 00002000 _____ () C:\Documents and Settings\Owner\Desktop\AdwCleaner[S0].txt
2014-04-16 16:37 - 2014-04-16 16:37 - 01016261 _____ (Thisisu) C:\Documents and Settings\Owner\Desktop\JRT.exe
2014-04-16 16:11 - 2014-04-16 16:06 - 00000000 ____D () C:\AdwCleaner
2014-04-16 16:11 - 2013-11-20 18:16 - 00000178 ___SH () C:\Documents and Settings\UpdatusUser\ntuser.ini
2014-04-16 16:05 - 2014-04-16 16:05 - 01426178 _____ () C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
2014-04-16 16:02 - 2014-04-16 16:02 - 00002171 _____ () C:\Documents and Settings\Owner\Desktop\fixlist.txt
2014-04-16 16:01 - 2014-04-16 16:01 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Uninstaller Tool(Comodo Forums)
2014-04-16 15:50 - 2004-08-10 12:51 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-13 09:26 - 2014-04-10 20:05 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
2014-04-13 08:53 - 2013-08-01 16:35 - 00000000 ____D () C:\Program Files\SpywareBlaster2013
2014-04-13 08:52 - 2014-03-23 12:26 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-04-12 17:50 - 2014-04-12 17:50 - 00000686 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-12 17:50 - 2014-04-12 17:50 - 00000000 ____D () C:\Program Files\Malwarebytes
2014-04-12 17:50 - 2014-04-12 17:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-12 17:50 - 2014-04-12 17:46 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-04-12 17:50 - 2009-01-17 10:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-04-12 16:28 - 2011-06-05 09:40 - 00002284 _____ () C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
2014-04-12 10:58 - 2014-04-10 20:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-12 10:58 - 2014-04-10 17:44 - 00027912 _____ () C:\WINDOWS\KB2922229.log
2014-04-12 10:58 - 2013-10-12 16:46 - 00170874 _____ () C:\WINDOWS\setupapi.log
2014-04-12 10:58 - 2013-07-23 18:58 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-12 10:58 - 2004-08-10 12:57 - 02850063 _____ () C:\WINDOWS\FaxSetup.log
2014-04-12 10:58 - 2004-08-10 12:57 - 01371796 _____ () C:\WINDOWS\ocgen.log
2014-04-12 10:58 - 2004-08-10 12:57 - 01091368 _____ () C:\WINDOWS\tsoc.log
2014-04-12 10:58 - 2004-08-10 12:57 - 00798346 _____ () C:\WINDOWS\comsetup.log
2014-04-12 10:58 - 2004-08-10 12:57 - 00483391 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-12 10:58 - 2004-08-10 12:57 - 00451157 _____ () C:\WINDOWS\iis6.log
2014-04-12 10:58 - 2004-08-10 12:57 - 00141987 _____ () C:\WINDOWS\msgsocm.log
2014-04-12 10:58 - 2004-08-10 12:57 - 00131119 _____ () C:\WINDOWS\ocmsn.log
2014-04-12 10:58 - 2004-08-10 12:57 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-04-12 10:55 - 2014-04-10 20:09 - 00025150 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-12 10:55 - 2014-03-22 21:53 - 00015095 _____ () C:\WINDOWS\KB2934207.log
2014-04-12 10:55 - 2009-05-23 16:25 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-12 10:55 - 2008-02-19 00:33 - 00514601 _____ () C:\WINDOWS\updspapi.log
2014-04-12 10:55 - 2004-08-10 12:57 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-04-12 10:52 - 2009-01-19 10:06 - 00000554 _____ () C:\hpfr5550.xml
2014-04-12 10:52 - 2008-08-18 17:29 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\MEL
2014-04-12 10:52 - 2008-02-23 11:57 - 00002483 _____ () C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
2014-04-12 10:35 - 2013-05-04 11:01 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2014-04-12 10:28 - 2013-05-16 15:03 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-927226146-1572789124-4019323850-1003Core.job
2014-04-12 10:27 - 2011-07-29 17:23 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-04-12 10:18 - 2013-05-04 11:01 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-04-12 10:14 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-04-12 10:14 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-04-12 10:14 - 2004-08-10 13:08 - 00000000 ____D () C:\Documents and Settings\Owner
2014-04-12 10:14 - 2004-08-10 13:02 - 00000000 ____D () C:\WINDOWS\Registration
2014-04-12 10:10 - 2014-04-11 15:15 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Application Data\Adobe
2014-04-12 10:10 - 2014-04-11 15:13 - 00000000 ___SD () C:\Documents and Settings\Administrator.D5YG9NF1
2014-04-12 10:09 - 2014-04-10 19:29 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO I.evt
2014-04-12 09:59 - 2014-04-10 20:05 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
2014-04-12 09:59 - 2014-04-10 20:05 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
2014-04-12 09:55 - 2014-04-11 15:35 - 00000012 _____ () C:\WINDOWS\CUAppUsage.Dat
2014-04-12 08:32 - 2014-04-12 08:32 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Application Data\SUPERAntiSpyware.com
2014-04-11 19:38 - 2014-04-11 19:38 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Application Data\AVAST Software
2014-04-11 19:35 - 2013-12-10 20:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2014-04-11 18:23 - 2014-04-11 18:23 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Application Data\Malwarebytes
2014-04-11 18:09 - 2014-04-11 17:03 - 00001238 __RSH () C:\WINDOWS\system32\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf
2014-04-11 18:09 - 2014-04-11 17:03 - 00000720 _____ () C:\WINDOWS\system32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
2014-04-11 17:07 - 2014-04-11 17:07 - 00000000 ____D () C:\cis
2014-04-11 16:28 - 2004-08-10 12:51 - 00000676 _____ () C:\WINDOWS\win.ini
2014-04-11 16:28 - 2004-08-10 12:51 - 00000254 _____ () C:\WINDOWS\SYSTEM.INI
2014-04-11 15:27 - 2014-04-11 15:27 - 00090112 _____ () C:\WINDOWS\Minidump\Mini041114-01.dmp
2014-04-11 15:27 - 2008-03-17 20:07 - 00000000 ____D () C:\WINDOWS\Minidump
2014-04-11 15:18 - 2014-04-11 15:18 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\Local Settings\Application Data\Adobe
2014-04-11 15:14 - 2014-04-11 15:14 - 00000000 ____D () C:\Documents and Settings\Administrator.D5YG9NF1\PrivacIE
2014-04-10 20:11 - 2009-07-19 11:50 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-04-03 09:51 - 2014-04-12 17:50 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-03 09:50 - 2014-04-12 17:50 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-23 14:11 - 2013-09-14 16:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\rionix
2014-03-22 21:54 - 2014-03-22 21:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-22 12:06 - 2008-02-23 11:57 - 00002469 _____ () C:\Documents and Settings\Owner\Desktop\Microsoft PowerPoint.lnk
2014-03-19 17:06 - 2014-03-19 17:06 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Skype
2014-03-19 17:06 - 2012-09-08 20:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-03-19 17:06 - 2004-08-10 12:57 - 00632734 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-19 17:05 - 2014-03-19 17:05 - 00000000 ___RD () C:\Program Files\Skype
2014-03-19 17:05 - 2014-03-19 17:05 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-19 17:05 - 2014-03-19 17:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-03-19 17:02 - 2012-09-08 20:57 - 00002265 _____ () C:\Documents and Settings\All Users\Desktop\Skype (hellothomas2011).lnk

Some content of TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Owner\Local Settings\Temp\TsuFAA866BE.dll

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-04-2014 01
Ran by Owner at 2014-04-17 17:41:29
Running from C:\Documents and Settings\Owner\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

4 Elements (HKLM\...\4 Elements_is1) (Version:  - Playrix Entertainment)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader 7.0.8 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A70800000002}) (Version: 7.0.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Aiseesoft Total Media Converter 6.2.18 (HKLM\...\{42087B24-ECD8-41d2-8053-E6EB99E5083F}_is1) (Version:  - )
Alexander the Great - The Secrets of Power (HKLM\...\Alexander the Great - The Secrets of Power_is1) (Version:  - Playrix Entertainment)
Alice in Wonderland (HKLM\...\Alice in Wonderland) (Version: 1.00 - Boonty)
Alice's Magical Mahjong (HKLM\...\Alice's Magical Mahjong_is1) (Version: 1.0 - Playrix Entertainment)
Almeza MultiSet Professional 7.8.8 (HKLM\...\Almeza MultiSet Professional_is1) (Version:  - Almeza Company)
Annie's Millions (HKLM\...\Annie's Millions_is1) (Version: 1.0 - Playrix Entertainment)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoBase 3 (HKLM\...\{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}) (Version:  - )
ArcSoft PhotoStudio 5 (HKLM\...\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}) (Version:  - )
Autumn's Treasures the Jade Coin (HKLM\...\Autumn's Treasures the Jade Coin_is1) (Version: 1.0 - Playrix Entertainment)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2013 - Avast Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brickshooter Egypt (HKLM\...\Brickshooter Egypt_is1) (Version:  - Playrix Entertainment)
BufferChm (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Cake Mania 5 Lights Camera Action 1.00 (HKLM\...\Cake Mania 5 Lights Camera Action 1.00) (Version:  - )
Call of Atlantis (HKLM\...\Call of Atlantis_is1) (Version:  - Playrix Entertainment)
CameraHelperMsi (Version: 13.31.1038.0 - Logitech) Hidden
Canon CanoScan Toolbox 4.1 (HKLM\...\{BCE46757-7674-4416-BEDB-68205A60409E}) (Version:  - )
CanoScan LiDE20,30 Manual (HKLM\...\{B360A8E5-C171-4AAE-9777-65B3CDB0072C}) (Version:  - )
Chainz 2 (HKLM\...\Chainz 2_is1) (Version:  - )
CinemaNow Player (HKLM\...\com.bby.cinemanowplayer) (Version: 3.1.4 - Rovi Corporation)
CinemaNow Player (Version: 3.1.4 - Rovi Corporation) Hidden
Coffee Rush (HKLM\...\Coffee Rush_is1) (Version:  - )
Collectorz.com Book Collector (HKLM\...\Collectorz.com Book Collector) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
coverXP (remove only) (HKLM\...\coverXP) (Version:  - )
Crayon Physics Deluxe - release 53 (HKLM\...\Crayon Physics Deluxe_is1) (Version:  - Kloonigames)
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Data Lifeguard Tools (HKLM\...\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}) (Version:  - )
Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
Dell Network Assistant (HKLM\...\{0240BDFB-2995-4A3F-8C96-18D41282B716}) (Version: 3.0.0.0 - Dell Inc.)
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Digital Copy (HKLM\...\Digital Copy) (Version:  - )
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.18 - BVRP Software, Inc)
Diner Dash (HKLM\...\Diner Dash_is1) (Version:  - )
DiscAPI (Studio 10) (Version: 2.10.0081 - Pinnacle Systems) Hidden
EaseUS Data Recovery Wizard 5.8.5 (HKLM\...\EaseUS Data Recovery Wizard 5.8.5_is1) (Version:  - EaseUS)
Elementals - The Magic Key (HKLM\...\Elementals - The Magic Key_is1) (Version:  - Playrix Entertainment)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
Eudora (HKLM\...\{06BCBFBA-9604-4250-A3B9-E8B9FC33127C}) (Version: 6.1.2 - )
Fairy Island (HKLM\...\Fairy Island_is1) (Version:  - Playrix Entertainment)
Free Download Manager 3.9.2 (HKLM\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
GFI Backup 2009 - Home Edition (HKLM\...\GFI Backup 2009 - Home Edition) (Version: 3.0 - GFI Software Ltd.)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
HandBrake 0.9.8 (HKLM\...\HandBrake) (Version: 0.9.8 - )
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
Hotfix 2055 for SQL Server 2000 ENU (KB960082) (HKLM\...\KB960082(ENU)) (Version: 1 - Microsoft Corporation)
hp deskjet 5550 series (HKLM\...\hp deskjet 5550 series_Driver) (Version:  - )
hp deskjet 5550 series (Remove only) (HKLM\...\hp deskjet 5550 series) (Version:  - )
HP Imaging Device Functions 7.0 (HKLM\...\HP Imaging Device Functions) (Version: 7.0 - HP)
HP Photosmart and Deskjet 7.0 Software (HKLM\...\{D1AE6D4D-C37A-487d-83D8-C333125B2459}) (Version: 7.1 - HP)
hp print screen utility (HKLM\...\hp print screen utility) (Version:  - )
hph_software_req (Version: 70.0.260.000 - Hewlett-Packard) Hidden
iCare Data Recovery Free 5.0 (HKLM\...\iCare Data Recovery Free_is1) (Version:  - iCare Software)
Image Resizer Powertoy for Windows XP (HKLM\...\{1CB92574-96F2-467B-B793-5CEB35C40C29}) (Version: 1.00.0001 - Microsoft Corporation)
Inca Ball (HKLM\...\Inca Ball_is1) (Version:  - Playrix Entertainment)
Inpaint 3.0 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version:  - teorex)
Intel® PRO Network Connections 12.1.12.0 (HKLM\...\{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}) (Version:  - Intel)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java™ 6 Update 13 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.130 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
K-Lite Codec Pack 6.4.0 (Basic) (HKLM\...\KLiteCodecPack_is1) (Version: 6.4.0 - )
LeapFrog Connect (HKLM\...\UPCShell) (Version: 5.2.4.18506 - LeapFrog)
LeapFrog Connect (Version: 5.2.4.18506 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (Version: 5.2.1.18456 - LeapFrog) Hidden
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Logos 4 Prerequisites (HKLM\...\{C2824B54-B9E6-4CB3-BD6E-A94B74423E22}) (Version: 4.62.02680 - Logos Bible Software)
Logos Bible Software 4 (HKLM\...\{2C7C5B3C-1D1C-404E-850B-6F83E65D8B51}) (Version: 4.62.02681 - Logos Bible Software)
LWS Facebook (Version: 13.31.1038.0 - Logitech) Hidden
LWS Gallery (Version: 13.31.1038.0 - Logitech) Hidden
LWS Help_main (Version: 13.31.1044.0 - Logitech) Hidden
LWS Launcher (Version: 13.31.1038.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.31.1038.0 - Logitech) Hidden
LWS Twitter (Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.31.1038.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.31.1038.0 - Logitech) Hidden
MahJong Suite 2012 v9.0 (HKLM\...\MahJong Suite_is1) (Version:  - TreeCardGames)
Mahjongg Ancient Mayas (HKLM\...\Mahjongg Ancient Mayas_is1) (Version:  - )
Mahjongg Dimensions Deluxe 1.00 (HKLM\...\Mahjongg Dimensions Deluxe 1.00) (Version:  - )
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Master Of Defense 1.67e (HKLM\...\Master Of Defense_is1) (Version:  - Voodoo Dimention)
MaxBlast 4 (HKLM\...\{639858DD-4966-40F3-A706-7C838BCF3A2B}) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office XP Media Content (HKLM\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
Microsoft Office XP Standard for Students and Teachers (HKLM\...\{913D0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server Desktop Engine (PINNACLESYS) (HKLM\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.2039 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}) (Version: 1.0.17.2 - )
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
Nero 6 Ultra Edition (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
NVIDIA Control Panel 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.7.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.7.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA nView 140.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.84 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (Version: 6.14.10.13550 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Update 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 9.3.21 - NVIDIA Corporation) Hidden
OmniPage SE (HKLM\...\{6249C22D-E6A8-407B-BA8B-40298848ED94}) (Version: 11.00.0001 - ScanSoft, Inc.)
PandoraRecovery (Remove Only) (HKLM\...\PandoraRecovery) (Version:  - )
Paramount Download Manager (HKCU\...\2104578600.www.paramountmovies.com) (Version:  - www.paramountmovies.com)
PC Inspector File Recovery (HKLM\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
Pinnacle Instant DVD Recorder (HKLM\...\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}) (Version: 1.70.127 - )
Pinnacle MediaServer (HKLM\...\{460CE8B9-6EC2-458A-90D4-691631ECE9D9}) (Version: 1.10.166 - )
PowerDVD (HKLM\...\{281ECE39-F043-492B-8337-F2E546B5604A}) (Version: 7.0 - Dell)
proDAD Heroglyph 2.5 (HKLM\...\proDAD-Heroglyph-2.5) (Version:  - )
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
RAPID (Studio 10) (Version: 1.00.0022 - Pinnacle Systems) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Recuva (HKLM\...\Recuva) (Version: 1.46 - Piriform)
Royal Envoy (HKLM\...\Royal Envoy_is1) (Version:  - Playrix Entertainment)
Royal Envoy 2 Collectors Edition (HKLM\...\{B5701215-30BF-456B-811F-42A4F2FA0D93}) (Version: 1.2.0 - LeeGT-Games)
Samsung ML-1865W Series (HKLM\...\Samsung ML-1865W Series) (Version:  - Samsung Electronics Co., Ltd.)
SearchAssist (HKLM\...\SearchAssist) (Version:  - )
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.2.7 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.2.7 - SmartSound Software Inc) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Sony Pictures Download Manager (HKCU\...\803962794.ultraviolet.sonypictures.com) (Version:  - ultraviolet.sonypictures.com)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.5.2 - Safer Networking Limited)
SpywareGuard v2.2 (HKLM\...\SpywareGuard_is1) (Version: 2.2 - Javacool Software LLC)
Studio 10 (HKLM\...\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}) (Version: 10.6 - Pinnacle Systems)
Studio 10 Bonus DVD (HKLM\...\{6A012D9C-2E2E-405A-B87C-E909F5297C3F}) (Version: 10.0.000 - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1144 - SUPERAntiSpyware.com)
The Rise of Atlantis (HKLM\...\The Rise of Atlantis_is1) (Version:  - Playrix Entertainment)
Toolbox (Version: 70.0.170.000 - Hewlett-Packard) Hidden
UnderCoverXP 1.23 (HKLM\...\UnderCoverXP_is1) (Version:  - Wicked & Wild Inc.)
upapp (HKLM\...\{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}) (Version: 0.20.0000 - Hewlett-Packard)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB971930) (HKLM\...\KB971930-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Backup Utility (HKLM\...\{76EFFC7C-17A6-479D-9E47-8E658C1695AE}) (Version: 5.1 - Microsoft Corporation)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinX DVD Copy Pro 3.0.0 (HKLM\...\WinX DVD Copy Pro_is1) (Version:  - Digiarty Software,Inc.)
WinX DVD Ripper Platinum 6.3.1 (HKLM\...\WinX DVD Ripper Platinum_is1) (Version:  - Digiarty Software, Inc.)
Zam Beezee (HKLM\...\Zam Beezee) (Version:  - )

==================== Restore Points  =========================

28-01-2014 18:01:16 Software Distribution Service 3.0
01-02-2014 00:15:25 System Checkpoint
01-02-2014 03:34:15 avast! antivirus system restore point
02-02-2014 20:27:59 System Checkpoint
09-02-2014 15:44:11 System Checkpoint
11-02-2014 00:04:48 System Checkpoint
15-02-2014 00:03:09 Software Distribution Service 3.0
16-02-2014 15:37:04 System Checkpoint
23-02-2014 17:39:52 System Checkpoint
02-03-2014 15:07:59 System Checkpoint
11-03-2014 21:39:53 Software Distribution Service 3.0
15-03-2014 13:25:28 System Checkpoint
16-03-2014 23:21:27 System Checkpoint
18-03-2014 00:01:26 Software Distribution Service 3.0
19-03-2014 23:02:13 System Checkpoint
22-03-2014 17:56:51 System Checkpoint
23-03-2014 02:53:07 Software Distribution Service 3.0
23-03-2014 17:40:22 avast! antivirus system restore point
10-04-2014 23:33:40 System Checkpoint
11-04-2014 01:09:34 Software Distribution Service 3.0
12-04-2014 13:31:16 Removed COMODO Internet Security
12-04-2014 15:09:25 Restore Operation
12-04-2014 15:27:24 Removed Apple Mobile Device Support
12-04-2014 15:30:04 Removed COMODO Internet Security
12-04-2014 15:53:23 Software Distribution Service 3.0
16-04-2014 21:31:15 System Checkpoint

==================== Hosts content: ==========================

2004-08-10 12:51 - 2009-05-23 09:07 - 00306048 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123simsen.com
127.0.0.1 123simsen.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-927226146-1572789124-4019323850-1003Core.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-927226146-1572789124-4019323850-1003UA.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2014-04-17 17:22 - 2014-04-17 14:28 - 02215424 _____ () C:\Program Files\AVAST Software\Avast\defs\14041703\algo.dll
2003-08-03 00:20 - 2003-08-03 00:20 - 00126976 ____R () C:\Program Files\SpywareGuard\spywareguard.dll
2012-03-03 09:25 - 2010-06-10 03:00 - 00026624 _____ () C:\WINDOWS\system32\ssp8ml3.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 02145304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 07956504 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00342552 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00029208 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00128536 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2013-11-02 09:08 - 2013-11-02 09:08 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-11-11 14:07 - 2011-11-11 14:07 - 00265240 _____ () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2011-11-11 14:09 - 2011-11-11 14:09 - 00336408 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2011-08-12 12:19 - 2011-08-12 12:19 - 00680984 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
2009-04-09 18:04 - 2009-04-09 18:04 - 02141008 _____ () C:\Program Files\Logitech\Vid HD\QtCore4.dll
2009-03-03 17:17 - 2009-03-03 17:17 - 07704400 _____ () C:\Program Files\Logitech\Vid HD\QtGui4.dll
2009-04-22 16:53 - 2009-04-22 16:53 - 00969040 _____ () C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
2009-03-03 17:17 - 2009-03-03 17:17 - 00475472 _____ () C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
2009-03-03 17:17 - 2009-03-03 17:17 - 00363856 _____ () C:\Program Files\Logitech\Vid HD\QtXml4.dll
2009-03-03 17:17 - 2009-03-03 17:17 - 00200016 _____ () C:\Program Files\Logitech\Vid HD\QtSql4.dll
2011-01-12 20:55 - 2011-01-12 20:55 - 00027472 _____ () C:\Program Files\Logitech\Vid HD\SDL.dll
2009-03-03 17:17 - 2009-03-03 17:17 - 11311952 _____ () C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
2009-03-03 17:17 - 2009-03-03 17:17 - 00291664 _____ () C:\Program Files\Logitech\Vid HD\phonon4.dll
2004-08-10 12:51 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2011-01-12 20:57 - 2011-01-12 20:57 - 00751616 _____ () C:\Program Files\Logitech\Vid HD\vpxmd.dll
2009-03-03 17:18 - 2009-03-03 17:18 - 00029008 _____ () C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
2009-03-03 17:18 - 2009-03-03 17:18 - 00035152 _____ () C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
2009-03-03 17:18 - 2009-03-03 17:18 - 00138064 _____ () C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
2004-08-10 12:50 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2003-08-29 20:05 - 2003-08-29 20:05 - 00360448 _____ () C:\Program Files\SpywareGuard\sgmain.exe
2003-08-29 12:14 - 2003-08-29 12:14 - 00233472 _____ () C:\Program Files\SpywareGuard\sgbhp.exe
2004-08-10 12:51 - 2013-01-02 01:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2013-07-11 09:14 - 2013-07-11 09:14 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e1bef242\mscorlib.dll
2013-07-11 09:13 - 2013-07-11 09:13 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_fc348eec\system.dll
2013-07-11 09:14 - 2013-07-11 09:14 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_e6899d60\system.xml.dll
2013-01-20 10:36 - 2013-01-11 04:17 - 00105984 _____ () C:\Program Files\Free Download Manager\fdmumsp.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Warner Bros.lnk => C:\WINDOWS\pss\Warner Bros.lnkStartup
MSCONFIG\startupreg: Ad-Watch => C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
MSCONFIG\startupreg: AmazonGSDownloaderTray => C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
MSCONFIG\startupreg: dcmsvc => C:\Program Files\dcmsvc\dcmsvc.exe
MSCONFIG\startupreg: DellAutomatedPCTuneUp => "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: dscactivate => "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
MSCONFIG\startupreg: GFI Backup 2009 - Home Edition => "N:\PROGRA~1\GFIBAC~1\GFIAgent.exe"
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: LifeCam => "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: RoxioDragToDisc => "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
MSCONFIG\startupreg: Samsung PanelMgr => C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre6\bin\jusched.exe"
MSCONFIG\startupreg: VX3000 => C:\WINDOWS\vVX3000.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2014 04:03:45 PM) (Source: WinMgmt) (User: )
Description: Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET.MOF while recovering repository file.

Error: (04/16/2014 04:03:45 PM) (Source: WinMgmt) (User: )
Description: Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\MOF\SERVICEMODEL.MOF while recovering repository file.

Error: (04/16/2014 04:03:44 PM) (Source: WinMgmt) (User: )
Description: Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\SERVICEMODEL.MOF while recovering repository file.

Error: (04/16/2014 04:03:44 PM) (Source: WinMgmt) (User: )
Description: Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET.MOF while recovering repository file.

Error: (04/16/2014 04:03:44 PM) (Source: WinMgmt) (User: )
Description: Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CLR.MOF while recovering repository file.

Error: (04/16/2014 04:03:43 PM) (Source: WinMgmt) (User: )
Description: Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\ASPNET.MOF while recovering repository file.

Error: (04/13/2014 09:58:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7860

Error: (04/13/2014 09:58:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7860

Error: (04/13/2014 09:58:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/13/2014 09:58:28 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5906

System errors:
=============
Error: (04/17/2014 05:22:04 PM) (Source: Service Control Manager) (User: )
Description: The Server Microsoft service terminated with the following error:
%%126

Error: (04/17/2014 05:22:04 PM) (Source: Service Control Manager) (User: )
Description: The PCASp50 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (04/17/2014 01:49:22 PM) (Source: Service Control Manager) (User: )
Description: The Server Microsoft service terminated with the following error:
%%126

Error: (04/17/2014 01:49:22 PM) (Source: Service Control Manager) (User: )
Description: The PCASp50 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (04/16/2014 04:14:51 PM) (Source: Service Control Manager) (User: )
Description: The Server Microsoft service terminated with the following error:
%%126

Error: (04/16/2014 04:14:51 PM) (Source: Service Control Manager) (User: )
Description: The PCASp50 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (04/16/2014 04:11:28 PM) (Source: Service Control Manager) (User: )
Description: The SAS Core Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (04/16/2014 04:11:14 PM) (Source: Service Control Manager) (User: )
Description: The MSSQL$PINNACLESYS service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/16/2014 04:11:14 PM) (Source: Service Control Manager) (User: )
Description: The Pinnacle Systems Media Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/16/2014 04:11:14 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (04/16/2014 04:03:45 PM) (Source: WinMgmt)(User: )
Description: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET.MOF

Error: (04/16/2014 04:03:45 PM) (Source: WinMgmt)(User: )
Description: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\MOF\SERVICEMODEL.MOF

Error: (04/16/2014 04:03:44 PM) (Source: WinMgmt)(User: )
Description: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\SERVICEMODEL.MOF

Error: (04/16/2014 04:03:44 PM) (Source: WinMgmt)(User: )
Description: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET.MOF

Error: (04/16/2014 04:03:44 PM) (Source: WinMgmt)(User: )
Description: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CLR.MOF

Error: (04/16/2014 04:03:43 PM) (Source: WinMgmt)(User: )
Description: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\ASPNET.MOF

Error: (04/13/2014 09:58:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7860

Error: (04/13/2014 09:58:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7860

Error: (04/13/2014 09:58:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/13/2014 09:58:28 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5906

==================== Memory info ===========================

Percentage of memory in use: 27%
Total physical RAM: 2814.1 MB
Available physical RAM: 2043.27 MB
Total Pagefile: 4701.11 MB
Available Pagefile: 3439.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1941.03 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.96 GB) (Free:25.44 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive j: (DRV7_VOL5) (Fixed) (Total:76.5 GB) (Free:70.33 GB) NTFS
Drive k: (DRV7_VOL4) (Fixed) (Total:74.37 GB) (Free:48.34 GB) NTFS
Drive l: (DRV7_VOL3) (Fixed) (Total:73.85 GB) (Free:10.56 GB) NTFS
Drive m: (DRV7_VOL2(SCHOOL STUFF)) (Fixed) (Total:74.43 GB) (Free:71.6 GB) NTFS
Drive n: (DRV7_VOL1) (Fixed) (Total:73.46 GB) (Free:60.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 373 GB) (Disk ID: 3B614427)
Partition 1: (Not Active) - (Size=73 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=299 GB) - (Type=OF Extended)

==================== End Of Log ============================


  • 0

Advertisements


#11
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts

Sorry for the 2nd post...I tried running an internet speedtest at speedtest.net and found my dl speed at 9.61 mbps where it has been consistently running over 30mbps every time I tested since last June.  I also noted that the Local Area Connection icon in the lower right corner indicates a speed of 10.0 Mbps where it used to indicate 100.0 Mbps previously.  Could some settings have been changed with what we've been doing?  Internet provider and everything are all the same.  Thanks!


  • 0

#12
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Hi! As far as I can tell the Comodo uninstall went well! I had removed what I could thru safemode, but I'm guessing there was still a bunch of things left behind, so I'm hoping the Comodo tool took care of that. The computer seems to be running better:))) Now if I can just get my Panasonic Blu Ray player working again, but that's another story. I also thank you very much for all of your help. I had to come here once before with some virus/malware issues and it is REALLY great to be able to get help like this. If I was a little younger, I think I would be interested in learning how to do all this stuff, but right now I'm just thankful there are people like you willing to help out. Again, THANK YOU very much for all of your help! Here's the other information you asked for.


I'm glad to hear it's running better, but we still have a few things left to go. :) There are some Comodo remnants showing in the log I'm going to remove as well as some malware related registry keys.

Regarding your player, once we are finished here, I'll direct you to our Hardware forum and perhaps they can help with that problem. :)

You are quite welcome for our help, it's what we're here for. :thumbsup:


Let's get to work. :)


Step 1: FRST Fix
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
HKU\S-1-5-21-927226146-1572789124-4019323850-1003\...\MountPoints2: {6a3f8d99-59ab-11dd-8a1d-cb22b4539c44} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
NETSVC: oenzbwuo -> C:\WINDOWS\system32\hhvlawo.dll ==> No File.
NETSVC: qwbgaaml -> No Registry Path.
S2 oenzbwuo; C:\WINDOWS\system32\hhvlawo.dll [X]
SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yah...}&fr=chr-comodo
FF Homepage: hxxp://us.yahoo.com?fr=fp-comodo
FF Keyword.URL: hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p=
2014-04-10 20:05 - 2014-04-16 16:54 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
2014-04-10 20:05 - 2014-04-13 09:26 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
2014-04-10 20:05 - 2014-04-12 09:59 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
2014-04-10 20:05 - 2014-04-12 09:59 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
2014-04-10 19:29 - 2014-04-12 10:09 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO I.evt
2014-04-16 16:54 - 2014-04-10 20:05 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
2014-04-13 09:26 - 2014-04-10 20:05 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
2014-04-12 10:09 - 2014-04-10 19:29 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO I.evt
2014-04-12 09:59 - 2014-04-10 20:05 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
2014-04-12 09:59 - 2014-04-10 20:05 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
Task: C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.



Step 2: Temporary File Cleaner


Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
Things I need to see in your next post:

FRST Fix Log

  • 0

#13
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts

Hi!  Any idea on the internet speed at 10.0Mbps?  I just checked our other desktop; it's at 100Mbps and dl speed was 46 Mbps at speedtest.net.  Both are on the same Charter internet.  Thanks for the offer regarding the blu-ray, but I finally found a website that helped me to get the wired connection working again.  Here's the log you requested:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-04-2014 01
Ran by Owner at 2014-04-17 21:31:24 Run:2
Running from C:\Documents and Settings\Owner\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKU\S-1-5-21-927226146-1572789124-4019323850-1003\...\MountPoints2: {6a3f8d99-59ab-11dd-8a1d-cb22b4539c44} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
NETSVC: oenzbwuo -> C:\WINDOWS\system32\hhvlawo.dll ==> No File.
NETSVC: qwbgaaml -> No Registry Path.
S2 oenzbwuo; C:\WINDOWS\system32\hhvlawo.dll [X]
SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yah...}&fr=chr-comodo
FF Homepage: hxxp://us.yahoo.com?fr=fp-comodo
FF Keyword.URL: hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p=
2014-04-10 20:05 - 2014-04-16 16:54 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
2014-04-10 20:05 - 2014-04-13 09:26 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
2014-04-10 20:05 - 2014-04-12 09:59 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
2014-04-10 20:05 - 2014-04-12 09:59 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
2014-04-10 19:29 - 2014-04-12 10:09 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO I.evt
2014-04-16 16:54 - 2014-04-10 20:05 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
2014-04-13 09:26 - 2014-04-10 20:05 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
2014-04-12 10:09 - 2014-04-10 19:29 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO I.evt
2014-04-12 09:59 - 2014-04-10 20:05 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
2014-04-12 09:59 - 2014-04-10 20:05 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
Task: C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
End

*****************

HKU\S-1-5-21-927226146-1572789124-4019323850-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a3f8d99-59ab-11dd-8a1d-cb22b4539c44} => Key deleted successfully.
HKCR\CLSID\{6a3f8d99-59ab-11dd-8a1d-cb22b4539c44} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs oenzbwuo => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs qwbgaaml => Value deleted successfully.
oenzbwuo => Service deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A} => Key deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job => Moved successfully.
C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job => Moved successfully.
C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job => Moved successfully.
C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job => Moved successfully.
C:\WINDOWS\system32\config\COMODO I.evt => Moved successfully.
"C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job" => File/Directory not found.
"C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job" => File/Directory not found.
"C:\WINDOWS\system32\config\COMODO I.evt" => File/Directory not found.
"C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job" => File/Directory not found.
"C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job" => File/Directory not found.
C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job not found.
C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job not found.
C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job not found.
C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job not found.

==== End of Fixlog ====


  • 0

#14
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Hi! Any idea on the internet speed at 10.0Mbps? I just checked our other desktop; it's at 100Mbps and dl speed was 46 Mbps at speedtest.net. Both are on the same Charter internet. Thanks for the offer regarding the blu-ray, but I finally found a website that helped me to get the wired connection working again. Here's the log you requested:


Hello :) The internet speed problem is a bit outside of my area of expertise. But I have a program that will check and make sure the internet services are running correctly. Once we are finished cleaning your machine, we'll check those to make sure. If it shows everything is running correctly, then I'll provide you a link to our Network Forum, and they should be able to help. :)

Glad to hear the blu-ray is working correctly again. :thumbsup:


Let's run a sweep for remnants and check for out of date programs on your machine.



Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop



Step 2: ESET Online Virus Scan

Please note: You can use Internet Explorer or Firefox for this step.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#15
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=81b58ecda4c4fa46845c8bd612933192
# engine=17940
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-04-18 02:19:11
# local_time=2014-04-18 09:19:11 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=774 16777213 85 72 0 13707235 0 0
# scanned=213686
# found=16
# cleaned=0
# scan_time=5285
sh=8F42C75AAB6F7D11FEBA11066C0A2A570E75E5B8 ft=1 fh=22aaa4d026aef377 vn="a variant of Win32/Keygen.CY potentially unsafe application" ac=I fn="C:\DAD-2008\UTILITIES\Keygen(nero).exe"
sh=18CD52EFEBEE4154EDDC02C17F9E10F25E168F28 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.CY potentially unsafe application" ac=I fn="C:\DAD-2008\UTILITIES\Nero6x_KEYGEN72004.rar"
sh=EE29BEEFF5BB00ECC55D7765A5E0541F4A8372A4 ft=1 fh=b2461f838c0f41d0 vn="Win32/AdInstaller potentially unwanted application" ac=I fn="C:\Downloads\Software\MyFunCards.exe"
sh=96835F93BAC8D4E6C5BEABD4FB6B3359C8E359B9 ft=1 fh=3994eb30b43d92de vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Downloads\Software\rcsetup146.exe"
sh=DF26E9CDAC25B0A5785F7F47BA4332CCD37C818C ft=1 fh=e44d403d8ef76817 vn="a variant of Win32/Keygen.DU potentially unsafe application" ac=I fn="C:\games\Fear.for.Sale.Mystery.of.McInroy.Manor.CE.RPK\Keygen\Fear for Sale The Mystery of McInroy Manor CE Keymaker.exe"
sh=BD3A580427D2A6B79EAEC7F5C859C68A12601CCC ft=1 fh=1da7f49f6d28f0dd vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Program Files\Aquitania\uninstall.exe"
sh=1DBB22D99A70ACB250E4F8A5CBF31B443509AB79 ft=1 fh=979f9213f4b583ba vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Program Files\World Voyage\uninstall.exe"
sh=890368473ECBC404DCD42FF0C6C38397102F59C0 ft=1 fh=4c7db45bf4256cb3 vn="Win32/PrcView potentially unsafe application" ac=I fn="C:\SDFix\apps\Process.exe"
sh=54CA4FC00789953CBAD68C0A257B5C19BB0CD520 ft=1 fh=a88cdf36babe7d2d vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="J:\2013 GAME (INSTALLED)\Cradle Of Rome\uninstall.exe"
sh=4391E0A9B21504CDFD5C8CFA1DD3CE8C22CE2D75 ft=1 fh=e93cda55c9be38ed vn="a variant of Win32/Keygen.DU potentially unsafe application" ac=I fn="K:\DAD 2010\2010 game installers part 2\SherlockHolmesBaskervillesCE\SherlockHolmesBaskervillesCE\Sherlock Holmes TheHound of the Baskervilles Collectors Edition Keymaker.exe"
sh=C8FEB6CA73766AA996C37940FA8E65043D0E9DAB ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.DU potentially unsafe application" ac=I fn="K:\DAD 2010\2010 game installers part 2\used\SherlockHolmesBaskervillesCE.rar"
sh=6661EDA8383915E3713D78F0189D1A15EB5D80C7 ft=1 fh=cd240aea2e807323 vn="Win32/PrcView potentially unsafe application" ac=I fn="K:\DAD-2008\DAD2009\UTILITIES2009\SDFix.exe"
sh=9258C35BBC910A45C412F3A7BE45866DF46066D9 ft=1 fh=a47891df16ce9933 vn="a variant of Win32/Keygen.BG potentially unsafe application" ac=I fn="K:\DAD-2008\gamedownloads2008\GAMES\KeyGenfor reflexivegames.exe"
sh=8F42C75AAB6F7D11FEBA11066C0A2A570E75E5B8 ft=1 fh=22aaa4d026aef377 vn="a variant of Win32/Keygen.CY potentially unsafe application" ac=I fn="K:\DAD-2008\UTILITIES\Keygen(nero).exe"
sh=18CD52EFEBEE4154EDDC02C17F9E10F25E168F28 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.CY potentially unsafe application" ac=I fn="K:\DAD-2008\UTILITIES\Nero6x_KEYGEN72004.rar"
sh=AD5DA771B5DFC98F69DD2DAB8E6C03421615D8D3 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.AF potentially unsafe application" ac=I fn="L:\2009 DVD STUFF\dvdstuff\321Studios 5in1KG.zip"
 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/18/2014
Scan Time: 7:36:21 AM
Logfile: malware bytes 4-18-14.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.18.03
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 320178
Time Elapsed: 26 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

I tried the two links for security check and neither of them worked.  Bleepingcomputer.com said "

Unfortunately the page that you requested does not exist."

Spywareinfo.org said "

The webpage cannot be found"
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP