Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Browser Hijacked [Solved]


  • This topic is locked This topic is locked

#31
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi :)

Looks like it went through the second time around. How is the machine running?
  • 0

Advertisements


#32
trucker

trucker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 227 posts

had to edit this, links to pages are a bit slow to open, side popout is still showing up , but not redirecting the page that is open to the search that it used to . so there is progress. browsers open faster than they have been. Thats a good thing. from what you see is there any reason my DVD player wont see disks? it spins and has power but wont read anything.


Edited by trucker, 01 February 2015 - 10:28 AM.

  • 0

#33
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Let's get a fresh scan with FRST to see. As for the DVD player, let's see if the log will show any errors in that area. :thumbsup:

Start Farbar's Recovery Scan tool, check the Addition.txt box, and then press Scan. Please post both logs upon completion and we'll take a look. :)

Things I need to see in your next post

Please post each log as a separate reply in this thread.

FRST.txt Log

Addition.txt Log

  • 0

#34
trucker

trucker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 227 posts

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-01-2015
Ran by Lonnie at 2015-02-01 13:46:17
Running from C:\Users\Lonnie\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
aioscnnr (Version: 7.6.13.10 - Your Company Name) Hidden
Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassins Creed Revelations  1.0 (HKLM\...\Assassins Creed Revelations_is1) (Version: 1.0 - Ubisoft)
BoneLab (HKLM\...\{D16CBD59-07B3-4F98-A404-01B6D87A90F2}) (Version: 1.4.0.2 - Next Dimension Imaging)
C4USelfUpdater (Version: 1.00.0000 - Your Company Name) Hidden
center (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
CleanUp! (HKLM\...\CleanUp!) (Version:  - )
Comodo Dragon (HKLM\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo)
COMODO Internet Security Premium (HKLM\...\{18F14F4B-D8A9-4309-817E-3BC0B7664E53}) (Version: 8.0.0.4344 - COMODO Security Solutions Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
essentials (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Firestorm-Beta (remove only) (HKLM\...\Firestorm-Beta) (Version: 4.5.1.38838 - The Phoenix Firestorm Project, Inc.)
Firestorm-Release (remove only) (HKLM\...\Firestorm-Release) (Version: 4.6.9.42969 - The Phoenix Firestorm Project, Inc.)
GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version:  - )
GeekBuddy (HKLM\...\{79B9250E-3714-4877-A2B0-D6C1E93E471A}) (Version: 4.18.121 - Comodo Security Solutions Inc)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
G'MIC for GIMP version 1.5.8.2 (HKLM\...\G'MIC for GIMP_is1) (Version: 1.5.8.2 - )
Google Books Downloader version 2.3 (HKLM\...\{216729B6-014A-F413-814F-F17F74FBA113}_is1) (Version: 2.3 - GBOOKSDOWNLOADER.COM)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
grillaprice (HKLM\...\grillaprice) (Version:  - )
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kodak AIO Printer (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.8.5.2 - Eastman Kodak Company)
LEGO Batman 3 - Beyond Gotham (HKLM\...\LEGO Batman 3 - Beyond Gotham_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
magicJack (HKU\S-1-5-21-4227807349-2635072203-767282089-1001\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Morrowind (HKLM\...\{C325F588-D6B1-4A7F-B6A2-914C75DDA348}) (Version:  - )
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 25.0.1 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
NVIDIA 3D Vision Controller Driver 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.82 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.12 - NVIDIA Corporation)
ocr (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
OpenOffice 4.1.0 (HKLM\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Pegasus Mail (HKLM\...\Pegasus Mail) (Version:  - David Harris)
Pegasus Mail HTML Renderer 2.4.9.2 (HKLM\...\{A9F5E1E1-1281-4862-90B4-6CF8E6AF83CE}_is1) (Version:  - Micha's Midnight Manufacture)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerISO (HKLM\...\PowerISO) (Version: 5.8 - Power Software Ltd)
PreReq (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
PrivDog (HKLM\...\PrivDog) (Version: 1.8.0.15 - privdog.com)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.0.12094_27 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.0.12094_27 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 1.6.75 - NVIDIA Corporation) Hidden
Sweet Home 3D version 4.3 (HKLM\...\Sweet Home 3D_is1) (Version:  - eTeks)
System Requirements Lab (HKLM\...\{AC369A7C-2E0D-4925-BFB1-AB50BF825CCC}) (Version: 6.0.8.0 - Husdawg, LLC)
TESV Skyrim LE version 1.9.32.0 (HKLM\...\TESV Skyrim LE_is1) (Version: 1.9.32.0 - Lyxer_Loader)
Unity Web Player (HKU\S-1-5-21-4227807349-2635072203-767282089-1001\...\UnityWebPlayer) (Version: 4.6.0f2 - Unity Technologies ApS)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.5.0.0 - Azureus Software, Inc.)
Windows Phone app for desktop (HKLM\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4227807349-2635072203-767282089-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Lonnie\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)

==================== Restore Points  =========================

26-01-2015 21:18:34 Installed Empire Earth II
29-01-2015 08:02:49 Device Driver Package Install: COMODO Network Service
29-01-2015 09:37:21 Removed GeekBuddy.
29-01-2015 10:41:33 Checkpoint by HitmanPro
29-01-2015 10:43:23 Checkpoint by HitmanPro
29-01-2015 22:40:24 Restore Point Created by FRST
30-01-2015 05:49:19 Installing COMODO Internet Security Premium
30-01-2015 05:50:46 Device Driver Package Install: COMODO Network Service
30-01-2015 20:45:38 Removed Empire Earth II
31-01-2015 06:47:28 Restore Point Created by FRST
01-02-2015 07:12:52 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2015-01-29 22:40 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0612857A-4D96-4A80-80A6-144442BF83C9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-01-04] (Apple Inc.)
Task: {08E826DF-7983-4D33-AC73-520F8D7D04B0} - \PastaQuotes No Task File <==== ATTENTION
Task: {1127E81B-ADF1-4EE9-B675-33A29DAF81AC} - System32\Tasks\{41A3FD47-AC06-4610-8451-A76D5A0D7F2F} => pcalua.exe -a C:\Users\Lonnie\Downloads\FirmwareFlashLauncher.exe -d C:\Users\Lonnie\Desktop
Task: {1C0D753B-E868-40BF-BCDD-5C0E1B51C8FF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {3D705851-57CD-4512-8100-49D69CD5B55D} - System32\Tasks\{B3C33E76-D92C-4C87-8BA0-F6F6C0B1A367} => pcalua.exe -a "C:\Users\Lonnie\Downloads\erunt (2)\ERUNT.EXE" -d "C:\Users\Lonnie\Downloads\erunt (2)"
Task: {8ACFA7E6-9369-4009-BDAB-490273617C25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-28] (Google Inc.)
Task: {A017A1F5-B136-454F-88AB-D5C404F3C54B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-28] (Google Inc.)
Task: {B09F53FC-4A33-4BD4-B889-EAA07699C650} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {B6573E58-A8CE-4337-9DF1-1A5EDDCD86B8} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {BC797AF4-FBA2-4CBE-8435-561FACA9ABBF} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {D20A8D01-F90F-4C11-8279-55328EDCA369} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-09] (COMODO)
Task: {E705D62B-0188-4E1F-8F81-CA96B6192A7E} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {F1E1FAEF-DC7C-4586-AB96-95A7AE31048C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-23 09:01 - 2014-07-02 14:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-09-25 07:04 - 2014-09-25 07:04 - 00976080 _____ () C:\Program Files\Comodo\GeekBuddy\QtNetwork4.dll
2014-09-25 07:04 - 2014-09-25 07:04 - 02254544 _____ () C:\Program Files\Comodo\GeekBuddy\QtCore4.dll
2014-09-25 07:04 - 2014-09-25 07:04 - 08024784 _____ () C:\Program Files\Comodo\GeekBuddy\QtGui4.dll
2014-09-25 07:04 - 2014-09-25 07:04 - 00032976 _____ () C:\Program Files\Comodo\GeekBuddy\imageformats\qgif4.dll
2014-09-25 07:04 - 2014-09-25 07:04 - 01299664 _____ () C:\Program Files\Comodo\GeekBuddy\QtScript4.dll
2014-07-04 12:00 - 2014-07-04 12:00 - 00084344 _____ () C:\Users\Lonnie\AppData\Roaming\mjusbsp\octvqem_apiw.DLL
2013-04-15 17:39 - 2013-04-15 17:39 - 00070352 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Lonnie\Desktop\mbam-setup-2.0.4.1028.exe:$CmdZnID
AlternateDataStreams: C:\Users\Lonnie\Desktop\SecurityCheck.exe:$CmdZnID
AlternateDataStreams: C:\Users\Lonnie\Downloads\esetsmartinstaller_enu.exe:$CmdZnID
AlternateDataStreams: C:\Users\Lonnie\Downloads\hunter-engagement-470x705.jpg:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-4227807349-2635072203-767282089-500 - Administrator - Disabled)
Guest (S-1-5-21-4227807349-2635072203-767282089-501 - Limited - Disabled)
Lonnie (S-1-5-21-4227807349-2635072203-767282089-1001 - Administrator - Enabled) => C:\Users\Lonnie

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2015 07:12:35 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {66354274-4a95-422a-8d76-bff4208742b0}

Error: (01/31/2015 07:38:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_StiSvc, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000374
Fault offset: 0x000c3873
Faulting process id: 0x944
Faulting application start time: 0xsvchost.exe_StiSvc0
Faulting application path: svchost.exe_StiSvc1
Faulting module path: svchost.exe_StiSvc2
Report Id: svchost.exe_StiSvc3

Error: (01/30/2015 08:45:21 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {bff8e0e3-6b70-4119-8543-4c38cf8578c9}

Error: (01/30/2015 09:34:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gimp-2.8.exe, version: 2.8.14.0, time stamp: 0x00000000
Faulting module name: libpixman-1-0.dll, version: 0.0.0.0, time stamp: 0x0072a5f0
Exception code: 0xc0000005
Fault offset: 0x00084b3b
Faulting process id: 0xa4c
Faulting application start time: 0xgimp-2.8.exe0
Faulting application path: gimp-2.8.exe1
Faulting module path: gimp-2.8.exe2
Report Id: gimp-2.8.exe3

Error: (01/30/2015 06:27:15 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisStatusChangeCisStatusChange//./root/cis

Error: (01/30/2015 06:27:15 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisNotificationCisNotification//./root/cis

Error: (01/30/2015 06:27:15 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM FwAlertFwAlert//./root/cis

Error: (01/30/2015 06:27:15 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM DfAlertDfAlert//./root/cis

Error: (01/30/2015 06:27:15 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM AvAlertAvAlert//./root/cis

Error: (01/30/2015 06:27:15 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisAlertCisAlert//./root/cis


System errors:
=============
Error: (02/01/2015 07:06:04 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (02/01/2015 07:05:31 AM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (02/01/2015 07:05:31 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (02/01/2015 07:05:31 AM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (02/01/2015 07:05:31 AM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (02/01/2015 07:05:31 AM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (02/01/2015 07:05:31 AM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (02/01/2015 07:05:31 AM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (02/01/2015 07:02:16 AM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (02/01/2015 07:02:16 AM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.


Microsoft Office Sessions:
=========================
Error: (02/01/2015 07:12:35 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {66354274-4a95-422a-8d76-bff4208742b0}

Error: (01/31/2015 07:38:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_StiSvc6.1.7600.163854a5bc100ntdll.dll6.1.7601.18247521ea91cc0000374000c387394401d03d52c9e3171cC:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll0c2e6a2a-a946-11e4-9237-001a4d4ff044

Error: (01/30/2015 08:45:21 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {bff8e0e3-6b70-4119-8543-4c38cf8578c9}

Error: (01/30/2015 09:34:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: gimp-2.8.exe2.8.14.000000000libpixman-1-0.dll0.0.0.00072a5f0c000000500084b3ba4c01d03c994b5dc736C:\Program Files\GIMP 2\bin\gimp-2.8.exeC:\Program Files\GIMP 2\bin\libpixman-1-0.dll10c2a5db-a88d-11e4-bd92-001a4d4ff044

Error: (01/30/2015 06:27:15 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisStatusChangeCisStatusChange//./root/cis

Error: (01/30/2015 06:27:15 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisNotificationCisNotification//./root/cis

Error: (01/30/2015 06:27:15 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM FwAlertFwAlert//./root/cis

Error: (01/30/2015 06:27:15 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM DfAlertDfAlert//./root/cis

Error: (01/30/2015 06:27:15 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM AvAlertAvAlert//./root/cis

Error: (01/30/2015 06:27:15 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisAlertCisAlert//./root/cis


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 29%
Total physical RAM: 3582.49 MB
Available physical RAM: 2512.94 MB
Total Pagefile: 7163.27 MB
Available Pagefile: 5674.53 MB
Total Virtual: 2047.88 MB
Available Virtual: 1912.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:233.02 GB) (Free:70.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:116.53 GB) (Free:86.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 36363636)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=116.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=116.2 GB) - (Type=05)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

==================== End Of Log ============================


  • 0

#35
trucker

trucker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 227 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-01-2015
Ran by Lonnie (administrator) on LONNIE-PC on 01-02-2015 13:44:52
Running from C:\Users\Lonnie\Desktop
Loaded Profiles: Lonnie (Available profiles: Lonnie)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\Dragon\dragon_updater.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit.exe
(magicJack L.P.) C:\Users\Lonnie\AppData\Roaming\mjusbsp\magicJack.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-05] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [337432 2013-10-23] (Power Software Ltd)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2273056 2013-11-29] (NVIDIA Corporation)
HKLM\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM\...\Run: [EKStatusMonitor] => C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2015-01-04] (Apple Inc.)
HKLM\...\Run: [ComodoFSChrome] => "C:\Program Files\AdTrustMedia\PrivDog\FinalizeSetup.exe" /c
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1243352 2014-12-09] (COMODO)
HKLM\...\Run: [tvncontrol] => C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-01-30] (Comodo Security Solutions, Inc.)
HKU\S-1-5-21-4227807349-2635072203-767282089-1001\...\Run: [GoogleChromeAutoLaunch_A4AAD752A94AD0D07B3FA88181A919F9] => C:\Program Files\Comodo\Dragon\dragon.exe [725696 2014-12-28] (Comodo)
HKU\S-1-5-21-4227807349-2635072203-767282089-1001\...\Run: [cdloader] => C:\Users\Lonnie\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-4227807349-2635072203-767282089-1001\...\Run: [GoogleChromeAutoLaunch_5090660AF80758FEEBA1A8C0C9DF7D80] => C:\Program Files\Google\Chrome\Application\chrome.exe [843592 2015-01-26] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-11-21] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe [2234064 2014-05-06] (Eastman Kodak Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4227807349-2635072203-767282089-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com?fr=fp-comodo
HKU\S-1-5-21-4227807349-2635072203-767282089-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-4227807349-2635072203-767282089-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4227807349-2635072203-767282089-1001 -> DefaultScope {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yah...}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-4227807349-2635072203-767282089-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yah...}&fr=chr-comodo
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{8270EF4F-3060-4E70-871D-BC3BABF46597}: [NameServer] 156.154.70.22,156.154.71.22

FireFox:
========
FF ProfilePath: C:\Users\Lonnie\AppData\Roaming\Mozilla\Firefox\Profiles\0937xwmn.default
FF Homepage: about:home
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4227807349-2635072203-767282089-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lonnie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\.xml

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/ig
CHR StartupUrls: Default -> "https://www.google.com/", "hxxp://isearch.omiga?type=hppppppppppppppppppppppppppppp", "hxxp://isearch.omiga?type=hppppppppppppppppppppppppppppppppp"
CHR DefaultSearchKeyword: Default ->
CHR DefaultSearchURL: Default -> http://isearch.omiga...q={searchTerms}
CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com...q={searchTerms}
CHR Profile: C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bejeweled) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2014-12-28]
CHR Extension: (Ancient History Encyclopedia) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahggffalhoajbhlaogbplamaaghnncle [2014-12-28]
CHR Extension: (Angry Birds) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-26]
CHR Extension: (Facebook) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-12-28]
CHR Extension: (AdBlock Plus) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjmhchkipehceidlknhjhbgaipcnafm [2014-12-29]
CHR Extension: (Calculator) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\decmldkknaaemlafplkkdmmmelbdnlja [2014-12-28]
CHR Extension: (A Space Shooter for FREE) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbeobdmeddlnkokfiaijkfabecpmifa [2014-12-28]
CHR Extension: (Mickey Sketch Theme) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmaadlipkibabccamkbjjaklifnohhp [2014-12-28]
CHR Extension: (Typing Lessons) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\heehkcnmhmdicclbnofindfmokhfnjag [2014-12-28]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-12-28]
CHR Extension: (sixty second shooter) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\idnlbhjpainpnikdjnmcmiaombhhchkg [2014-12-28]
CHR Extension: (Jamstash) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccdpflnecheidefpofmlblgebobbloc [2014-12-28]
CHR Extension: (WordPress.com) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd [2014-12-28]
CHR Extension: (Coloring Pages) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhphoobahjckipglphjghghlgodanfj [2014-12-28]
CHR Extension: (Fieldrunners) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpikhjbfbffdblahfidklcohlaeabak [2014-12-28]
CHR Extension: (Chain Rxn) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkdlfmoglbdpomddljgapccmlognoaf [2014-12-28]
CHR Extension: (Search Helper: Preview, Note, Tag, Hide etc) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\naddbmiihfcdfaeencbcmbpioghcjlje [2015-01-30]
CHR Extension: (Google Wallet) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-19]
CHR Extension: (Sidekick by HubSpot) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2015-01-15]
CHR Extension: (Weather Underground) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2014-12-28]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70864 2015-01-30] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5868440 2014-12-09] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664216 2014-12-09] (COMODO)
R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2370240 2014-12-28] (Comodo Security Solutions, Inc.)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-10-29] (Teruten) [File not signed]
R2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-01-30] (Comodo Security Solutions, Inc.)
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2014-05-06] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-12-11] (Eastman Kodak Company)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14657824 2013-11-29] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2014-06-26] (Windows ® Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [17088 2014-12-09] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [617536 2014-12-09] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [41248 2014-12-09] (COMODO)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-10-29] () [File not signed]
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [91200 2014-12-09] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-10-30] (NVIDIA Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114376 2013-10-23] (Power Software Ltd)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 18:56 - 2015-01-31 18:58 - 00003378 _____ () C:\Windows\system32\Drivers\fvstore.dat
2015-01-31 18:55 - 2015-01-31 18:55 - 00852573 _____ () C:\Users\Lonnie\Desktop\SecurityCheck.exe
2015-01-31 07:48 - 2015-01-31 07:48 - 02347384 _____ (ESET) C:\Users\Lonnie\Downloads\esetsmartinstaller_enu.exe
2015-01-31 07:48 - 2015-01-31 07:48 - 00000000 ____D () C:\Program Files\ESET
2015-01-31 07:46 - 2015-01-31 07:46 - 00074951 _____ () C:\Users\Lonnie\Desktop\MBAM.txt
2015-01-31 06:51 - 2015-02-01 12:50 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-31 06:50 - 2015-01-31 07:13 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-31 06:50 - 2015-01-31 07:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-31 06:50 - 2015-01-31 07:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-31 06:50 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-31 06:50 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-31 06:50 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-31 06:49 - 2015-01-31 06:49 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Lonnie\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-30 09:40 - 2015-01-30 09:40 - 00020317 _____ () C:\Users\Lonnie\AppData\Local\recently-used.xbel
2015-01-30 07:38 - 2015-01-30 07:38 - 00000000 ____D () C:\Program Files\Common Files\COMODO
2015-01-30 06:20 - 2015-01-30 06:20 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-30 05:51 - 2015-02-01 13:40 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2015-01-30 05:51 - 2015-01-30 05:51 - 00001888 _____ () C:\Users\Public\Desktop\COMODO Internet Security.lnk
2015-01-30 05:50 - 2015-01-30 05:50 - 00000000 ____D () C:\ProgramData\Shared Space
2015-01-30 05:48 - 2015-01-30 07:38 - 00002013 _____ () C:\Users\Public\Desktop\GeekBuddy.lnk
2015-01-30 05:48 - 2015-01-30 05:48 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2015-01-30 05:45 - 2015-01-30 05:46 - 226075384 _____ (COMODO) C:\Users\Lonnie\Downloads\cispremium_installer_6100_08.exe
2015-01-29 23:13 - 2015-01-30 20:48 - 00021285 _____ () C:\Users\Lonnie\Desktop\Addition.txt
2015-01-29 23:12 - 2015-02-01 13:45 - 00016783 _____ () C:\Users\Lonnie\Desktop\FRST.txt
2015-01-29 23:00 - 2015-01-29 23:03 - 00000000 ____D () C:\AdwCleaner
2015-01-29 22:59 - 2015-01-29 22:59 - 02194432 _____ () C:\Users\Lonnie\Desktop\AdwCleaner.exe
2015-01-29 22:56 - 2015-01-29 22:56 - 00003785 _____ () C:\Users\Lonnie\Desktop\JRT.txt
2015-01-29 22:54 - 2015-01-29 22:54 - 01707939 _____ (Thisisu) C:\Users\Lonnie\Desktop\JRT.exe
2015-01-29 22:54 - 2015-01-29 22:54 - 00000000 ____D () C:\Windows\ERUNT
2015-01-29 22:46 - 2015-01-31 06:47 - 00000000 ____D () C:\Users\Lonnie\Desktop\FRST-OlderVersion
2015-01-29 10:44 - 2015-01-29 10:44 - 00045516 _____ () C:\Windows\system32\.crusader
2015-01-29 10:28 - 2015-01-29 22:48 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-29 10:28 - 2015-01-29 10:44 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-29 10:27 - 2015-01-29 10:28 - 10285456 _____ (SurfRight B.V.) C:\Users\Lonnie\Downloads\HitmanPro.exe
2015-01-29 10:06 - 2015-01-29 10:06 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Lonnie\Downloads\SpyHunter-Installer.exe
2015-01-29 09:20 - 2015-01-29 09:20 - 00000000 ____D () C:\themes
2015-01-29 09:20 - 2015-01-29 09:20 - 00000000 ____D () C:\cis
2015-01-29 09:20 - 2013-11-21 07:49 - 04814552 _____ (COMODO) C:\cmdinstall.exe
2015-01-29 09:20 - 2013-09-24 05:53 - 03360984 _____ (Terra Informatica Software, Inc.) C:\cmdhtml.dll
2015-01-29 09:20 - 2013-09-24 05:53 - 00281816 _____ (Igor Pavlov) C:\7za.dll
2015-01-29 08:21 - 2015-01-29 09:21 - 00000674 _____ () C:\Windows\system32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
2015-01-29 08:21 - 2015-01-29 09:20 - 00001123 __RSH () C:\Windows\system32\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf
2015-01-29 08:06 - 2015-01-29 08:06 - 00353699 _____ () C:\Users\Lonnie\Documents\CisReport_x86_v8.0.0.4344_20150129-080558.zip
2015-01-28 10:34 - 2015-01-28 10:36 - 00000045 _____ () C:\Users\Lonnie\Documents\Indiana TID number.txt
2015-01-26 21:23 - 2015-01-26 21:23 - 00000000 ____D () C:\Users\Lonnie\Documents\Empire Earth II
2015-01-26 21:14 - 2015-01-26 21:15 - 00000000 ____D () C:\Program Files\GameSpy Arcade
2015-01-26 21:14 - 2015-01-26 21:14 - 00000000 ____D () C:\Users\Lonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2015-01-26 21:14 - 2015-01-26 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2015-01-26 09:23 - 2015-01-26 09:23 - 01120768 _____ (Farbar) C:\Users\Lonnie\Downloads\FRST (1).exe
2015-01-26 08:35 - 2015-01-26 08:36 - 04176437 _____ () C:\Users\Lonnie\Downloads\tdsskiller.zip
2015-01-26 08:30 - 2015-01-26 09:28 - 00038221 _____ () C:\Users\Lonnie\Downloads\Addition.txt
2015-01-26 08:28 - 2015-02-01 13:45 - 00000000 ____D () C:\FRST
2015-01-26 08:28 - 2015-01-26 09:28 - 00039281 _____ () C:\Users\Lonnie\Downloads\FRST.txt
2015-01-26 08:27 - 2015-01-31 06:47 - 01122304 _____ (Farbar) C:\Users\Lonnie\Desktop\FRST.exe
2015-01-24 21:55 - 2015-01-24 21:55 - 00056322 _____ () C:\Users\Lonnie\Desktop\Extras.Txt
2015-01-24 21:53 - 2015-01-24 21:53 - 00106122 _____ () C:\Users\Lonnie\Desktop\OTL.Txt
2015-01-24 21:38 - 2015-01-24 21:38 - 00602112 _____ (OldTimer Tools) C:\Users\Lonnie\Desktop\OTL (1).exe
2015-01-24 21:37 - 2015-01-24 21:37 - 00602112 _____ (OldTimer Tools) C:\Users\Lonnie\Downloads\OTL.exe
2015-01-24 07:43 - 2015-01-24 07:43 - 00000000 ____D () C:\Users\Lonnie\AppData\Roaming\dvdcss
2015-01-23 11:40 - 2015-01-24 07:30 - 00000000 ____D () C:\Users\Lonnie\Desktop\Body work
2015-01-23 09:20 - 2015-01-23 09:24 - 00000010 _____ () C:\Users\Lonnie\Documents\New Text Document (2).txt
2015-01-23 09:15 - 2015-01-23 09:15 - 00347816 _____ (Microsoft Corporation) C:\Users\Lonnie\Downloads\MicrosoftFixit.HomeGroup.Run.exe
2015-01-22 20:23 - 2015-01-25 00:23 - 18126512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-01-13 14:18 - 2015-01-13 14:18 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-13 14:18 - 2015-01-13 14:18 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 14:18 - 2015-01-13 14:18 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 14:18 - 2015-01-13 14:18 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 14:18 - 2015-01-13 14:18 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 14:18 - 2015-01-13 14:18 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 11:31 - 2015-01-13 11:31 - 00000000 ____D () C:\Users\Lonnie\Documents\01-13-2015
2015-01-11 06:19 - 2015-01-11 06:19 - 00000000 ____D () C:\Users\Lonnie\AppData\Roaming\Apple Computer
2015-01-06 08:42 - 2015-01-06 08:42 - 00000000 ____D () C:\Users\Lonnie\Documents\01-06-2015
2015-01-05 09:40 - 2015-01-05 09:47 - 00000000 ____D () C:\Users\Lonnie\Documents\01-05-2015
2015-01-04 08:16 - 2015-01-11 09:16 - 00000000 ____D () C:\Program Files\QuickTime
2015-01-04 08:13 - 2015-01-04 08:13 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-01-04 08:13 - 2015-01-04 08:13 - 00000000 ____D () C:\Users\Lonnie\AppData\Local\Apple
2015-01-04 08:13 - 2015-01-04 08:13 - 00000000 ____D () C:\ProgramData\Apple
2015-01-04 08:13 - 2015-01-04 08:13 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-04 08:13 - 2015-01-04 08:13 - 00000000 ____D () C:\Program Files\Apple Software Update
2015-01-04 08:12 - 2015-01-04 08:12 - 39401336 _____ (Apple Inc.) C:\Users\Lonnie\Downloads\QuickTimeInstaller.exe
2015-01-02 12:40 - 2015-01-02 12:42 - 00000000 ____D () C:\Users\Lonnie\Documents\in tax
2015-01-02 12:38 - 2015-01-02 12:40 - 00000000 ____D () C:\Users\Lonnie\Documents\brighthouse

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 13:23 - 2013-11-21 08:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-01 13:22 - 2014-12-28 09:17 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-01 13:01 - 2013-11-20 12:05 - 01109887 _____ () C:\Windows\WindowsUpdate.log
2015-02-01 09:22 - 2014-12-28 09:17 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-01 09:14 - 2014-06-04 09:55 - 00001200 _____ () C:\Users\Lonnie\Desktop\magicJack.lnk
2015-02-01 07:08 - 2009-07-13 23:34 - 00022592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-01 07:08 - 2009-07-13 23:34 - 00022592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-01 07:02 - 2014-06-04 09:55 - 00000981 _____ () C:\Users\Lonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2015-02-01 07:02 - 2014-05-28 21:36 - 00000000 ____D () C:\Users\Lonnie\AppData\Roaming\mjusbsp
2015-02-01 07:01 - 2013-11-23 09:01 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-01 07:01 - 2013-11-20 09:30 - 00000000 ____D () C:\ProgramData\Kodak
2015-02-01 07:01 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-01 07:01 - 2009-07-13 23:39 - 00067351 _____ () C:\Windows\setupact.log
2015-01-31 19:00 - 2013-11-21 10:31 - 00434224 _____ () C:\Windows\PFRO.log
2015-01-31 07:38 - 2014-08-26 10:04 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-31 06:50 - 2013-12-01 09:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-30 09:40 - 2013-11-20 09:54 - 00000000 ____D () C:\Users\Lonnie\AppData\Local\gtk-2.0
2015-01-30 09:40 - 2013-11-20 09:43 - 00000000 ____D () C:\Users\Lonnie\.gimp-2.8
2015-01-30 09:24 - 2014-09-13 19:09 - 00000000 ____D () C:\Users\Lonnie\AppData\Roaming\vlc
2015-01-30 07:38 - 2013-11-20 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-01-30 05:51 - 2013-11-20 10:59 - 00000000 ____D () C:\ProgramData\COMODO
2015-01-30 05:49 - 2013-11-20 10:58 - 00000000 ____D () C:\Program Files\Comodo
2015-01-30 04:25 - 2014-12-28 09:18 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-29 10:54 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-29 09:35 - 2013-09-27 05:28 - 00000000 ___HD () C:\VTRoot
2015-01-29 09:08 - 2013-11-21 23:05 - 00000000 ____D () C:\Users\Lonnie\AppData\Roaming\Azureus
2015-01-26 21:19 - 2013-11-21 09:50 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-25 00:23 - 2013-11-21 08:59 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-25 00:23 - 2013-11-21 08:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-23 09:25 - 2009-07-13 21:37 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-19 07:41 - 2013-11-20 09:54 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-19 07:28 - 2013-11-20 09:54 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-16 11:16 - 2014-12-03 09:12 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-01-11 09:16 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-01-11 09:16 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\registration
2015-01-11 06:19 - 2013-11-20 09:25 - 00000000 ____D () C:\Users\Lonnie
2015-01-02 12:45 - 2014-12-26 07:59 - 00000000 ____D () C:\Users\Lonnie\Documents\Trinity Calender

==================== Files in the root of some directories =======

2014-01-19 10:14 - 2014-01-19 10:14 - 0000000 _____ () C:\Users\Lonnie\AppData\Roaming\SharedSettings.ccs
2014-01-19 10:15 - 2014-01-19 10:15 - 0067992 _____ () C:\Users\Lonnie\AppData\Local\jkffplbl
2014-01-19 10:16 - 2014-01-19 10:16 - 0012326 _____ () C:\Users\Lonnie\AppData\Local\pavttpqp
2015-01-30 09:40 - 2015-01-30 09:40 - 0020317 _____ () C:\Users\Lonnie\AppData\Local\recently-used.xbel

Some content of TEMP:
====================
C:\Users\Lonnie\AppData\Local\Temp\HitmanPro.exe
C:\Users\Lonnie\AppData\Local\Temp\Quarantine.exe
C:\Users\Lonnie\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 00:47

==================== End Of Log ============================


  • 0

#36
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Is Chrome the only browser you're experiencing this in?
  • 0

#37
trucker

trucker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 227 posts

No I get the pop out with firefox also


  • 0

#38
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Ok, there's a couple of things we're going to do. One thing is FF is set to get proxy settings from a network. Is this a modification you have made? If not, I'll remove that setting with the next fix.

I know we attempted earlier to remove the grillaprice program and it didn't work. Did it give you some kind of error when attempting removal?
I'm going to put it in the fix. It won't remove it, but it may remove whatever is preventing you from uninstalling it. After the fix has
run, try uninstalling it again.

Please let me know about the proxy settings in FF, and we'll proceed from there.
  • 0

#39
trucker

trucker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 227 posts

FF yes i did that after I ran Hitman. Nothing would connect to the web. Grillaprice directs me to there website to uninstall at that point it says Comodo will not allow the EXE file to download and aborts it.


  • 0

#40
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

FF yes i did that after I ran Hitman. Nothing would connect to the web. Grillaprice directs me to there website to uninstall at that point it says Comodo will not allow the EXE file to download and aborts it.


Ok, thank you. It seems that Grillaprice malware has been changed now so that it can't be uninstalled from the Control Panel. I'm going to consult with a colleague about removing it. I have an idea, but want to run it by him before execution.


In the mean time, let's reset Chrome back to it's default settings since it continues to have issues.


Please follow the instructions at this link to reset malware related items in Chrome. Please follow the instructions in Step 2

https://support.goog...765944?hl=en-GB

After this, please let me know if the popups halt in Chrome.
  • 0

Advertisements


#41
trucker

trucker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 227 posts

I reset Chrome i still get the side pop on some pages, these also have a pop on the left side to link back to facebook or twitter. 


  • 0

#42
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Ok, let's run a fix with FRST that will eliminate some grillaprice registry items. Then I want to get a fresh FRST scan, because I'm not seeing anything that would cause the popups to continue in the log.

Regarding the DVD player, I'm going to refer you to the Hardware Forum once we solve the popup problems. It looks like the last log showed a controller error and that may be causing issue.


Step 1: Backup the Registry
  • Please download Registry Backup from here.
  • Double click to run the installer; even though there is no 'foistware' installed with this program, as good practice, you should read all the instructions on every screen of the install.
  • If you let it, the install put a shortcut to the program on your desktop; either click on this or goto START > All Programs > Tweaking.com > Registry Backup > Tweaking.com - Registry Backup to start the program. Click Yes in reply to the User Account Control if it asks.
  • Please leave the backup storage setting at the default (if anything happens, I can tell you how to get there and restore the registry as this location is the same on every system).
  • Click on Backup Now to start the backup process; a progress window will open and show you the status of the backup. When complete, the program will state Successful and you can close the program.
Step 2: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
Task: {08E826DF-7983-4D33-AC73-520F8D7D04B0} - \PastaQuotes No Task File <==== ATTENTION
Reg: Reg Delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\grillaprice" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\grillaprice" /F
Emptytemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Fresh FRST Scan
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce one log this time. Please post it in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Fresh FRST.txt Log

  • 0

#43
trucker

trucker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 227 posts

I started running the fixlog and the PC went to a blue screen and shut down.

 

Problem signature:
  Problem Event Name: BlueScreen
  OS Version: 6.1.7601.2.1.0.768.3
  Locale ID: 1033
 
Additional information about the problem:
  BCCode: a
  BCP1: 00000074
  BCP2: 00000002
  BCP3: 00000001
  BCP4: 83085F02
  OS Version: 6_1_7601
  Service Pack: 1_0
  Product: 768_1
 
Files that help describe the problem:
  C:\Windows\Minidump\020315-185641-01.dmp
  C:\Users\Lonnie\AppData\Local\Temp\WER-206685-0.sysdata.xml
 
Read our privacy statement online:
 
If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt

  • 0

#44
trucker

trucker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 227 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-01-2015
Ran by Lonnie (administrator) on LONNIE-PC on 03-02-2015 09:10:09
Running from C:\Users\Lonnie\Desktop
Loaded Profiles: Lonnie (Available profiles: Lonnie)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\Dragon\dragon_updater.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\CisTray.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe
(magicJack L.P.) C:\Users\Lonnie\AppData\Roaming\mjusbsp\magicJack.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cis.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-05] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2273056 2013-11-29] (NVIDIA Corporation)
HKLM\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM\...\Run: [EKStatusMonitor] => C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2015-01-04] (Apple Inc.)
HKLM\...\Run: [ComodoFSChrome] => "C:\Program Files\AdTrustMedia\PrivDog\FinalizeSetup.exe" /c
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1243352 2014-12-09] (COMODO)
HKLM\...\Run: [tvncontrol] => C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-01-30] (Comodo Security Solutions, Inc.)
HKU\S-1-5-21-4227807349-2635072203-767282089-1001\...\Run: [GoogleChromeAutoLaunch_A4AAD752A94AD0D07B3FA88181A919F9] => C:\Program Files\Comodo\Dragon\dragon.exe [725696 2014-12-28] (Comodo)
HKU\S-1-5-21-4227807349-2635072203-767282089-1001\...\Run: [cdloader] => C:\Users\Lonnie\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-4227807349-2635072203-767282089-1001\...\Run: [GoogleChromeAutoLaunch_5090660AF80758FEEBA1A8C0C9DF7D80] => C:\Program Files\Google\Chrome\Application\chrome.exe [843592 2015-01-26] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-11-21] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe [2234064 2014-05-06] (Eastman Kodak Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
BootExecute: autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-4227807349-2635072203-767282089-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com?fr=fp-comodo
HKU\S-1-5-21-4227807349-2635072203-767282089-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-4227807349-2635072203-767282089-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4227807349-2635072203-767282089-1001 -> DefaultScope {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yah...}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-4227807349-2635072203-767282089-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yah...}&fr=chr-comodo
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{8270EF4F-3060-4E70-871D-BC3BABF46597}: [NameServer] 156.154.70.22,156.154.71.22
 
FireFox:
========
FF ProfilePath: C:\Users\Lonnie\AppData\Roaming\Mozilla\Firefox\Profiles\0937xwmn.default
FF Homepage: about:home
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4227807349-2635072203-767282089-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lonnie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\.xml
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/ig
CHR StartupUrls: Default -> "https://www.google.com/", "hxxp://isearch.omiga?type=hppppppppppppppppppppppppppppp", "hxxp://isearch.omiga?type=hppppppppppppppppppppppppppppppppp"
CHR DefaultSearchKeyword: Default -> 
CHR DefaultSearchURL: Default -> http://isearch.omiga...q={searchTerms}
CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com...q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\40.0.2214.94\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\40.0.2214.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\40.0.2214.94\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U51) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll No File
CHR Profile: C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bejeweled) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2014-12-28]
CHR Extension: (Ancient History Encyclopedia) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahggffalhoajbhlaogbplamaaghnncle [2014-12-28]
CHR Extension: (Angry Birds) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-26]
CHR Extension: (Facebook) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-12-28]
CHR Extension: (AdBlock Plus) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjmhchkipehceidlknhjhbgaipcnafm [2014-12-29]
CHR Extension: (Calculator) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\decmldkknaaemlafplkkdmmmelbdnlja [2014-12-28]
CHR Extension: (A Space Shooter for FREE) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbeobdmeddlnkokfiaijkfabecpmifa [2014-12-28]
CHR Extension: (Typing Lessons) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\heehkcnmhmdicclbnofindfmokhfnjag [2014-12-28]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-12-28]
CHR Extension: (sixty second shooter) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\idnlbhjpainpnikdjnmcmiaombhhchkg [2014-12-28]
CHR Extension: (Jamstash) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccdpflnecheidefpofmlblgebobbloc [2014-12-28]
CHR Extension: (WordPress.com) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd [2014-12-28]
CHR Extension: (Coloring Pages) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhphoobahjckipglphjghghlgodanfj [2014-12-28]
CHR Extension: (Fieldrunners) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpikhjbfbffdblahfidklcohlaeabak [2014-12-28]
CHR Extension: (Chain Rxn) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkdlfmoglbdpomddljgapccmlognoaf [2014-12-28]
CHR Extension: (Search Helper: Preview, Note, Tag, Hide etc) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\naddbmiihfcdfaeencbcmbpioghcjlje [2015-01-30]
CHR Extension: (Google Wallet) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-19]
CHR Extension: (Sidekick by HubSpot) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2015-01-15]
CHR Extension: (Weather Underground) - C:\Users\Lonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2014-12-28]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70864 2015-01-30] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5868440 2014-12-09] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664216 2014-12-09] (COMODO)
R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2370240 2014-12-28] (Comodo Security Solutions, Inc.)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-10-29] (Teruten) [File not signed]
R2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-01-30] (Comodo Security Solutions, Inc.)
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2014-05-06] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-12-11] (Eastman Kodak Company)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14657824 2013-11-29] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2014-06-26] (Windows ® Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [17088 2014-12-09] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [617536 2014-12-09] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [41248 2014-12-09] (COMODO)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-10-29] () [File not signed]
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [91200 2014-12-09] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-10-30] (NVIDIA Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-03 09:02 - 2015-02-03 09:03 - 00159072 _____ () C:\Windows\Minidump\020315-185641-01.dmp
2015-02-03 09:02 - 2015-02-03 09:02 - 00000000 ____D () C:\Windows\Minidump
2015-02-03 09:01 - 2015-02-03 09:01 - 290540326 _____ () C:\Windows\MEMORY.DMP
2015-02-03 08:57 - 2015-02-03 08:57 - 00000344 _____ () C:\Users\Lonnie\Desktop\fixlist.txt
2015-02-03 08:54 - 2015-02-03 08:54 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LONNIE-PC-Windows-7-Home-Premium-(32-bit).dat
2015-02-03 08:52 - 2015-02-03 08:52 - 00002181 _____ () C:\Users\Lonnie\Desktop\Tweaking.com - Registry Backup.lnk
2015-02-03 08:52 - 2015-02-03 08:52 - 00000000 ____D () C:\Users\Lonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-02-03 08:52 - 2015-02-03 08:52 - 00000000 ____D () C:\RegBackup
2015-02-03 08:52 - 2015-02-03 08:52 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-02-03 08:51 - 2015-02-03 08:51 - 04803888 _____ () C:\Users\Lonnie\Downloads\tweaking.com_registry_backup_setup.exe
2015-02-02 06:49 - 2015-02-02 06:49 - 00005250 _____ () C:\Users\Lonnie\AppData\Local\recently-used.xbel
2015-02-01 18:40 - 2015-02-01 18:45 - 242776064 _____ () C:\Users\Lonnie\Downloads\unicorn-6.2.1.91.iso
2015-01-31 18:56 - 2015-01-31 18:58 - 00003378 _____ () C:\Windows\system32\Drivers\fvstore.dat
2015-01-31 18:55 - 2015-01-31 18:55 - 00852573 _____ () C:\Users\Lonnie\Desktop\SecurityCheck.exe
2015-01-31 07:48 - 2015-01-31 07:48 - 02347384 _____ (ESET) C:\Users\Lonnie\Downloads\esetsmartinstaller_enu.exe
2015-01-31 07:48 - 2015-01-31 07:48 - 00000000 ____D () C:\Program Files\ESET
2015-01-31 07:46 - 2015-01-31 07:46 - 00074951 _____ () C:\Users\Lonnie\Desktop\MBAM.txt
2015-01-31 06:51 - 2015-02-03 09:03 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-31 06:50 - 2015-01-31 07:13 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-31 06:50 - 2015-01-31 07:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-31 06:50 - 2015-01-31 07:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-31 06:50 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-31 06:50 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-31 06:50 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-31 06:49 - 2015-01-31 06:49 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Lonnie\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-30 07:38 - 2015-01-30 07:38 - 00000000 ____D () C:\Program Files\Common Files\COMODO
2015-01-30 06:20 - 2015-01-30 06:20 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-30 05:51 - 2015-02-03 08:52 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2015-01-30 05:51 - 2015-01-30 05:51 - 00001888 _____ () C:\Users\Public\Desktop\COMODO Internet Security.lnk
2015-01-30 05:50 - 2015-01-30 05:50 - 00000000 ____D () C:\ProgramData\Shared Space
2015-01-30 05:48 - 2015-01-30 07:38 - 00002013 _____ () C:\Users\Public\Desktop\GeekBuddy.lnk
2015-01-30 05:48 - 2015-01-30 05:48 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2015-01-30 05:45 - 2015-01-30 05:46 - 226075384 _____ (COMODO) C:\Users\Lonnie\Downloads\cispremium_installer_6100_08.exe
2015-01-29 23:13 - 2015-02-01 13:47 - 00022928 _____ () C:\Users\Lonnie\Desktop\Addition.txt
2015-01-29 23:12 - 2015-02-03 09:10 - 00018376 _____ () C:\Users\Lonnie\Desktop\FRST.txt
2015-01-29 23:00 - 2015-01-29 23:03 - 00000000 ____D () C:\AdwCleaner
2015-01-29 22:59 - 2015-01-29 22:59 - 02194432 _____ () C:\Users\Lonnie\Desktop\AdwCleaner.exe
2015-01-29 22:56 - 2015-01-29 22:56 - 00003785 _____ () C:\Users\Lonnie\Desktop\JRT.txt
2015-01-29 22:54 - 2015-01-29 22:54 - 01707939 _____ (Thisisu) C:\Users\Lonnie\Desktop\JRT.exe
2015-01-29 22:54 - 2015-01-29 22:54 - 00000000 ____D () C:\Windows\ERUNT
2015-01-29 22:46 - 2015-01-31 06:47 - 00000000 ____D () C:\Users\Lonnie\Desktop\FRST-OlderVersion
2015-01-29 10:44 - 2015-01-29 10:44 - 00045516 _____ () C:\Windows\system32\.crusader
2015-01-29 10:28 - 2015-01-29 22:48 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-29 10:28 - 2015-01-29 10:44 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-29 10:27 - 2015-01-29 10:28 - 10285456 _____ (SurfRight B.V.) C:\Users\Lonnie\Downloads\HitmanPro.exe
2015-01-29 10:06 - 2015-01-29 10:06 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Lonnie\Downloads\SpyHunter-Installer.exe
2015-01-29 09:20 - 2015-01-29 09:20 - 00000000 ____D () C:\themes
2015-01-29 09:20 - 2015-01-29 09:20 - 00000000 ____D () C:\cis
2015-01-29 09:20 - 2013-11-21 07:49 - 04814552 _____ (COMODO) C:\cmdinstall.exe
2015-01-29 09:20 - 2013-09-24 05:53 - 03360984 _____ (Terra Informatica Software, Inc.) C:\cmdhtml.dll
2015-01-29 09:20 - 2013-09-24 05:53 - 00281816 _____ (Igor Pavlov) C:\7za.dll
2015-01-29 08:21 - 2015-01-29 09:21 - 00000674 _____ () C:\Windows\system32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
2015-01-29 08:21 - 2015-01-29 09:20 - 00001123 __RSH () C:\Windows\system32\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf
2015-01-29 08:06 - 2015-01-29 08:06 - 00353699 _____ () C:\Users\Lonnie\Documents\CisReport_x86_v8.0.0.4344_20150129-080558.zip
2015-01-28 10:34 - 2015-01-28 10:36 - 00000045 _____ () C:\Users\Lonnie\Documents\Indiana TID number.txt
2015-01-26 21:23 - 2015-01-26 21:23 - 00000000 ____D () C:\Users\Lonnie\Documents\Empire Earth II
2015-01-26 21:14 - 2015-01-26 21:15 - 00000000 ____D () C:\Program Files\GameSpy Arcade
2015-01-26 21:14 - 2015-01-26 21:14 - 00000000 ____D () C:\Users\Lonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2015-01-26 21:14 - 2015-01-26 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2015-01-26 09:23 - 2015-01-26 09:23 - 01120768 _____ (Farbar) C:\Users\Lonnie\Downloads\FRST (1).exe
2015-01-26 08:35 - 2015-01-26 08:36 - 04176437 _____ () C:\Users\Lonnie\Downloads\tdsskiller.zip
2015-01-26 08:30 - 2015-01-26 09:28 - 00038221 _____ () C:\Users\Lonnie\Downloads\Addition.txt
2015-01-26 08:28 - 2015-02-03 09:10 - 00000000 ____D () C:\FRST
2015-01-26 08:28 - 2015-01-26 09:28 - 00039281 _____ () C:\Users\Lonnie\Downloads\FRST.txt
2015-01-26 08:27 - 2015-01-31 06:47 - 01122304 _____ (Farbar) C:\Users\Lonnie\Desktop\FRST.exe
2015-01-24 21:55 - 2015-01-24 21:55 - 00056322 _____ () C:\Users\Lonnie\Desktop\Extras.Txt
2015-01-24 21:53 - 2015-01-24 21:53 - 00106122 _____ () C:\Users\Lonnie\Desktop\OTL.Txt
2015-01-24 21:38 - 2015-01-24 21:38 - 00602112 _____ (OldTimer Tools) C:\Users\Lonnie\Desktop\OTL (1).exe
2015-01-24 21:37 - 2015-01-24 21:37 - 00602112 _____ (OldTimer Tools) C:\Users\Lonnie\Downloads\OTL.exe
2015-01-24 07:43 - 2015-01-24 07:43 - 00000000 ____D () C:\Users\Lonnie\AppData\Roaming\dvdcss
2015-01-23 11:40 - 2015-01-24 07:30 - 00000000 ____D () C:\Users\Lonnie\Desktop\Body work
2015-01-23 09:20 - 2015-01-23 09:24 - 00000010 _____ () C:\Users\Lonnie\Documents\New Text Document (2).txt
2015-01-23 09:15 - 2015-01-23 09:15 - 00347816 _____ (Microsoft Corporation) C:\Users\Lonnie\Downloads\MicrosoftFixit.HomeGroup.Run.exe
2015-01-22 20:23 - 2015-01-25 00:23 - 18126512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-01-13 14:18 - 2015-01-13 14:18 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-13 14:18 - 2015-01-13 14:18 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 14:18 - 2015-01-13 14:18 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 14:18 - 2015-01-13 14:18 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 14:18 - 2015-01-13 14:18 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 14:18 - 2015-01-13 14:18 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 11:31 - 2015-01-13 11:31 - 00000000 ____D () C:\Users\Lonnie\Documents\01-13-2015
2015-01-11 06:19 - 2015-01-11 06:19 - 00000000 ____D () C:\Users\Lonnie\AppData\Roaming\Apple Computer
2015-01-06 08:42 - 2015-01-06 08:42 - 00000000 ____D () C:\Users\Lonnie\Documents\01-06-2015
2015-01-05 09:40 - 2015-01-05 09:47 - 00000000 ____D () C:\Users\Lonnie\Documents\01-05-2015
2015-01-04 08:16 - 2015-01-11 09:16 - 00000000 ____D () C:\Program Files\QuickTime
2015-01-04 08:13 - 2015-01-04 08:13 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-01-04 08:13 - 2015-01-04 08:13 - 00000000 ____D () C:\Users\Lonnie\AppData\Local\Apple
2015-01-04 08:13 - 2015-01-04 08:13 - 00000000 ____D () C:\ProgramData\Apple
2015-01-04 08:13 - 2015-01-04 08:13 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-04 08:13 - 2015-01-04 08:13 - 00000000 ____D () C:\Program Files\Apple Software Update
2015-01-04 08:12 - 2015-01-04 08:12 - 39401336 _____ (Apple Inc.) C:\Users\Lonnie\Downloads\QuickTimeInstaller.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-03 09:04 - 2014-06-04 09:55 - 00000995 _____ () C:\Users\Lonnie\Desktop\magicJack.lnk
2015-02-03 09:04 - 2014-06-04 09:55 - 00000981 _____ () C:\Users\Lonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2015-02-03 09:04 - 2014-05-28 21:36 - 00000000 ____D () C:\Users\Lonnie\AppData\Roaming\mjusbsp
2015-02-03 09:03 - 2014-12-28 09:17 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 09:03 - 2013-11-20 09:30 - 00000000 ____D () C:\ProgramData\Kodak
2015-02-03 09:03 - 2013-11-20 09:25 - 00000000 ____D () C:\Users\Lonnie
2015-02-03 09:03 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 09:03 - 2009-07-13 23:39 - 00067855 _____ () C:\Windows\setupact.log
2015-02-03 09:02 - 2013-11-23 09:01 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-03 09:01 - 2013-11-21 10:31 - 00434930 _____ () C:\Windows\PFRO.log
2015-02-03 08:50 - 2009-07-13 23:34 - 00022592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-03 08:50 - 2009-07-13 23:34 - 00022592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 08:47 - 2013-11-20 12:05 - 01240023 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 08:23 - 2013-11-21 08:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-03 08:22 - 2014-12-28 09:17 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 06:49 - 2013-11-20 09:43 - 00000000 ____D () C:\Users\Lonnie\.gimp-2.8
2015-02-01 19:59 - 2013-11-23 09:26 - 00000000 ____D () C:\Users\Lonnie\AppData\Local\Firestorm
2015-01-31 07:38 - 2014-08-26 10:04 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-31 06:50 - 2013-12-01 09:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-30 09:40 - 2013-11-20 09:54 - 00000000 ____D () C:\Users\Lonnie\AppData\Local\gtk-2.0
2015-01-30 09:24 - 2014-09-13 19:09 - 00000000 ____D () C:\Users\Lonnie\AppData\Roaming\vlc
2015-01-30 07:38 - 2013-11-20 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-01-30 05:51 - 2013-11-20 10:59 - 00000000 ____D () C:\ProgramData\COMODO
2015-01-30 05:49 - 2013-11-20 10:58 - 00000000 ____D () C:\Program Files\Comodo
2015-01-30 04:25 - 2014-12-28 09:18 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-29 10:54 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-29 09:35 - 2013-09-27 05:28 - 00000000 ___HD () C:\VTRoot
2015-01-29 09:08 - 2013-11-21 23:05 - 00000000 ____D () C:\Users\Lonnie\AppData\Roaming\Azureus
2015-01-26 21:19 - 2013-11-21 09:50 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-25 00:23 - 2013-11-21 08:59 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-25 00:23 - 2013-11-21 08:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-23 09:25 - 2009-07-13 21:37 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-19 07:41 - 2013-11-20 09:54 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-19 07:28 - 2013-11-20 09:54 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-16 11:16 - 2014-12-03 09:12 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-01-11 09:16 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-01-11 09:16 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\registration
 
==================== Files in the root of some directories =======
 
2014-01-19 10:14 - 2014-01-19 10:14 - 0000000 _____ () C:\Users\Lonnie\AppData\Roaming\SharedSettings.ccs
2014-01-19 10:15 - 2014-01-19 10:15 - 0067992 _____ () C:\Users\Lonnie\AppData\Local\jkffplbl
2014-01-19 10:16 - 2014-01-19 10:16 - 0012326 _____ () C:\Users\Lonnie\AppData\Local\pavttpqp
2015-02-02 06:49 - 2015-02-02 06:49 - 0005250 _____ () C:\Users\Lonnie\AppData\Local\recently-used.xbel
 
Some content of TEMP:
====================
C:\Users\Lonnie\AppData\Local\Temp\HitmanPro.exe
C:\Users\Lonnie\AppData\Local\Temp\Quarantine.exe
C:\Users\Lonnie\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-03 00:24
 
==================== End Of Log ============================

  • 0

#45
trucker

trucker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 227 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 31-01-2015
Ran by Lonnie at 2015-02-03 08:57:49 Run:4
Running from C:\Users\Lonnie\Desktop
Loaded Profiles: Lonnie (Available profiles: Lonnie)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Task: {08E826DF-7983-4D33-AC73-520F8D7D04B0} - \PastaQuotes No Task File <==== ATTENTION
Reg: Reg Delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\grillaprice" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\grillaprice" /F
Emptytemp:
End
*****************

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP