Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firewalls Corrupted and Unknown Virus Exists After Downloading a File


  • This topic is locked This topic is locked
21 replies to this topic

#1 WandaT

WandaT

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 25 May 2013 - 02:50 PM

My husband downloaded what he thought was good software from an unknown website the other day and started to get virus alerts from our ZoneAlarm firewall.  We immediately did a Malwarebytes Malware quick and full scan but it didn't find anything which surprised me.  We decided to turn off the computer while we ate dinner and then look into it more with another malware/virus scan afterwards.  After the computer was restarted, we could no longer access the Internet if the ZoneAlarm firewall and antivirus was turned on.  The network troubleshooter kept pointing to a router/gateway problem but another computer had no problems accessing the internet wireless similar to the infected computer.  The infected computer also started getting security action center message that Windows Security Center service could not turn on.  To rule out the possibility that the Zonealarm firewall was corrupted, we uninstalled the firewall making sure it was cleanly gone and re-installed it.  We still had the internet access issue problem whether we were accessing it via the wireless or Ethernet connection.  A few seconds after we would stop the ZoneAlarm firewall the network connections would start having internet connection access.  We decided to get a new free firewall and antivirus software to we could continue to resolve the issue but have security protection.  We installed Comodo Internet Security and have no problems access the internet.

 

We updated Malwarebytes Anti-Malware and reran the full disk scan.  My husband checked it during the night and said it had found 2 viruses but I could not find the log file record to verify this when I checked in the morning.  We still cannot start the Windows Security Center service so something is still stopping it.  So I know there is a virus on the computer but I don't know what.

 

Below is the log from my DDS program run:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 1.6.0_45
Run by Wanda at 14:21:13 on 2013-05-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5943.1546 [GMT -5:00]
.
AV: ZoneAlarm Extreme Security Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Extreme Security Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Extreme Security Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\SugarSync\SugarSyncManager.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\HP\Button Manager\BM.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\My Dell\uaclauncher.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://verizon.yahoo.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
BHO: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - 
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - 
TB: Verizon Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - 
TB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [WinPatrol [FREE Edition]] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [gbrspcontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPBUTT~1.LNK - C:\Program Files (x86)\HP\Button Manager\BM.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://ra.fanniemae.com/InternalSite/WhlCompMgr.cab
DPF: {BAD4FE2C-503B-45CC-88CD-4B0574057D11} - hxxp://clients.futuremark.com/calico/systeminfodeploy/FMSI_v420.cab
DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} - hxxp://download.mcafee.com/molbin/shared/McMySec/en-us/1,0,0,2/mcmysec.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://rsvpn.raytheon.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9624504E-F0FC-447F-B3B9-E23AF0FF6045} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9624504E-F0FC-447F-B3B9-E23AF0FF6045}\45F6F6B6562786F6D656 : DHCPNameServer = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - 
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned>
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - 
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [ISW] <no file>
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\System32\rundll32.exe C:\Windows\System32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-2-22 55856]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-4-15 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-4-15 706560]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-4-15 48360]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2013-4-17 70344]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 Dokan;Dokan;C:\Windows\System32\drivers\dokan.sys [2011-1-10 120408]
R2 DokanMounter;DokanMounter;C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [2011-1-10 14848]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-4-19 2074760]
R2 GeekBuddyRSP;GeekBuddyRSP Service;C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2013-4-17 1851088]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2013-4-29 4246912]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-1-10 399416]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-2-22 689472]
R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2011-11-28 150928]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe [2012-11-21 104960]
R3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-4-15 158928]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-2-22 56344]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-2-22 271872]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-2-22 321064]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 0047471314372254mcinstcleanup;McAfee Application Installer Cleanup (0047471314372254);C:\Windows\TEMP\004747~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Windows\TEMP\004747~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2012-11-21 19968]
S3 DCamUSBNovatek;USB2.0 UVC Camera;C:\Windows\System32\drivers\nvtcam.sys [2010-7-14 2746624]
S3 DMService;Microsoft Forefront UAG Endpoint Component Manager;C:\Windows\DOWNLO~1\DMService.exe [2011-11-28 487312]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-2-22 158976]
S3 McAWFwk;McAfee Activation Service;c:\PROGRA~1\mcafee\msc\mcawfwk.exe --> c:\PROGRA~1\mcafee\msc\mcawfwk.exe [?]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-1-10 993848]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-25 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-25 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-05-24 21:17:06 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
2013-05-24 21:16:32 -------- d-----w- C:\Program Files\My Dell
2013-05-24 03:11:16 -------- d--h--w- C:\VTRoot
2013-05-24 03:03:23 -------- d-s---w- C:\ProgramData\Shared Space
2013-05-24 03:03:15 -------- d-----w- C:\Program Files\COMODO
2013-05-24 03:03:08 -------- d-----w- C:\ProgramData\COMODO
2013-05-24 03:03:02 -------- d-----w- C:\Program Files (x86)\Common Files\COMODO
2013-05-24 03:02:45 -------- d-----w- C:\Users\Wanda\AppData\Local\Comodo
2013-05-24 03:02:42 56072 ----a-w- C:\Windows\System32\certsentry.dll
2013-05-24 03:02:42 47368 ----a-w- C:\Windows\SysWow64\certsentry.dll
2013-05-24 03:02:34 -------- d-----w- C:\Program Files (x86)\Comodo
2013-05-24 03:02:28 -------- d-----w- C:\ProgramData\Comodo Downloader
2013-05-24 01:46:30 -------- d-----w- C:\Program Files (x86)\Check Point Software Technologies LTD
2013-05-23 23:22:44 -------- d-----w- C:\Program Files\CheckPoint
2013-05-23 23:20:00 -------- d-----w- C:\Program Files (x86)\CheckPoint
2013-05-21 18:44:51 -------- d-----w- C:\ProgramData\boost_interprocess
2013-05-18 15:19:39 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-05-18 14:51:28 -------- d-----w- C:\ProgramData\InstallMate
2013-05-18 14:45:29 -------- d-----w- C:\ProgramData\Licenses
2013-05-15 14:33:00 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 14:33:00 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 14:33:00 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-15 14:32:45 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-15 14:32:44 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-15 14:32:44 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-15 14:32:44 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-15 14:32:35 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-05-15 14:32:35 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-15 14:32:35 230400 ----a-w- C:\Windows\System32\wwansvc.dll
.
==================== Find3M  ====================
.
2013-05-23 16:11:17 328192 ----a-w- C:\Windows\System32\services.exe
2013-05-18 15:19:27 971680 ----a-w- C:\Windows\System32\deployJava1.dll
2013-05-18 15:19:27 1092512 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-05-15 01:38:17 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 01:38:17 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-23 20:04:12 437176 ----a-w- C:\Windows\System32\guard64.dll
2013-04-23 20:04:12 348048 ----a-w- C:\Windows\SysWow64\guard32.dll
2013-04-15 23:38:54 48360 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2013-04-15 23:38:52 706560 ----a-w- C:\Windows\System32\drivers\cmdguard.sys
2013-04-15 23:38:52 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2013-04-15 23:38:40 43216 ----a-w- C:\Windows\System32\cmdcsr.dll
2013-04-15 23:38:30 45776 ----a-w- C:\Windows\System32\cmdkbd64.dll
2013-04-15 23:38:30 343760 ----a-w- C:\Windows\System32\cmdvrt64.dll
2013-04-15 23:38:26 40656 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll
2013-04-15 23:38:26 276688 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-04-04 19:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-02 14:09:52 4550656 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2013-04-01 23:16:26 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-02-26 06:31:28 71680 ----a-w- C:\Windows\System32\frapsv64.dll
2013-02-26 06:31:26 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll
.
============= FINISH: 14:22:05.10 ===============
 

Thank you in advance for your help in resolving this problem.

 

Wanda

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:17 AM

Posted 25 May 2013 - 06:13 PM

Hi Wanda,

 

Welocme to the forum.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 



#3 WandaT

WandaT
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 26 May 2013 - 03:40 PM

Below is the FRST.txt log from the Farbar Recovery Tool scan:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-05-2013 04
Ran by Ben (administrator) on 26-05-2013 15:34:38
Running from C:\Users\Ben\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(Comodo Security Solutions Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(SugarSync, Inc.) C:\Program Files (x86)\SugarSync\SugarSyncManager.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Button Manager\BM.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
(Microsoft Corporation) C:\PROGRAM FILES (X86)\MICROSOFT OFFICE 2003\OFFICE11\OUTLOOK.EXE
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_202_ActiveX.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office 2003\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(SUPERAntiSpyware.com) C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
(Farbar) C:\Users\Ben\Desktop\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] ()
HKLM\...\Run: [ISW]  [x]
HKLM\...\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [3603152 2013-04-15] (COMODO)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true [11262304 2013-04-03] (SugarSync, Inc.)
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-08-26] (Google Inc.)
HKCU\...\Run: [Google Update] C:\Users\Ben\AppData\Local\Google\Update\GOOGLEUPDATE.EXE  /c [x]
HKCU\...\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot [423144 2013-04-26] (BillP Studios)
HKLM-x32\...\Run: [WinPatrol [FREE Edition]] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot [423144 2013-04-26] (BillP Studios)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [gbrspcontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave [1851088 2013-04-17] (Comodo Security Solutions, Inc.)
HKU\Wanda\...\Run: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true [11262304 2013-04-03] (SugarSync, Inc.)
HKU\Wanda\...\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot [423144 2013-04-26] (BillP Studios)
HKU\Wanda\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-08-26] (Google Inc.)
HKU\Wanda\...\Policies\system: [LogonHoursAction] 2
HKU\Wanda\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Zachary\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1635752 2013-05-03] (Valve Corporation)
HKU\Zachary\...\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup [44544 2009-07-13] (Microsoft Corporation)
HKU\Zachary\...\Run: [Verizon Media Manager] C:\Program Files (x86)\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe 0 [1523712 2012-05-09] ()
HKU\Zachary\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\Zachary\...\Run: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true [11262304 2013-04-03] (SugarSync, Inc.)
HKU\Zachary\...\Run: [Google Update] "C:\Users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-03-27] (Google Inc.)
HKU\Zachary\...\Policies\system: [LogonHoursAction] 2
HKU\Zachary\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Button Manager.lnk
ShortcutTarget: HP Button Manager.lnk -> C:\Program Files (x86)\HP\Button Manager\BM.exe (Hewlett-Packard)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions Inc.)
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Internet Explorer.lnk
ShortcutTarget: Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %Systemroot%\system32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %Systemroot%\SysWow64\webcheck.dll No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: (No Name) - {3d68e927-6002-6bb4-7940-c297f1177192} -  No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKCU - {270D234F-3423-4CC7-B9B2-B510EB2F2950} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {44475ACF-AC79-4352-B49B-5C569BA1927D} URL =
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKCU - {7CDACF45-922A-46D8-AD69-614F9154CD8A} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=05E10F73-000B-4D87-A4B5-7943689E658E&apn_sauid=35AC7148-45F0-447F-A78D-D4B3AD10C090&
SearchScopes: HKCU - {A59C167F-298F-30E1-8F0D-B7ED3F450647} URL = http://www.startnow.com/s/?q={searchTerms}&src=defsearch&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=DPGL15&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110603&user_guid=317C6F2DA8B24C1A8CB2245DB99A9C74&machine_id=fa06070256097679a7160ec23306013f&browser=IE&os=win&os_version=6.1-x64-SP1
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
SearchScopes: HKCU - {D0D0B485-B95B-4F21-BB5E-3B8888AA1B14} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120102,0,0,0,0
SearchScopes: HKCU - {EEEB321A-F50B-4198-9031-EA456F49633E} URL = http://delicious.com/search?p={searchTerms}
BHO: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -  No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll (Montera Technologeis LTD)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -  No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
Toolbar: HKLM-x32 - Verizon Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll (Montera Technologeis LTD)
Toolbar: HKCU - No Name - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} -  No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {51A86BB3-6602-4C85-92A5-130EE4864F13} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
PDF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
PDF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
PDF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
PDF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
PDF: HKLM-x32 {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://ra.fanniemae.com/InternalSite/WhlCompMgr.cab
PDF: HKLM-x32 {BAD4FE2C-503B-45CC-88CD-4B0574057D11} http://clients.futuremark.com/calico/systeminfodeploy/FMSI_v420.cab
PDF: HKLM-x32 {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} http://download.mcafee.com/molbin/shared/McMySec/en-us/1,0,0,2/mcmysec.cab
PDF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
PDF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://rsvpn.raytheon.com/dana-cached/sc/JuniperSetupClient.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: msdaipp - No CLSID Value -
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 mswsock.dll [65024] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 07 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR HomePage: hxxp://www.minecraft.net/
CHR RestoreOnStartup: "hxxp://www.minecraft.net/", "hxxp://www.youtube.com/", "hxxp://www.creeperhost.net/", ""
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java™ Platform SE 6 U45) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
CHR Plugin: (WPI Detector 1.4) - C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll (Microsoft Corp)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.110.21) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Docs) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-10-18] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70344 2013-04-17] (Comodo Security Solutions Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5784472 2013-04-25] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [158928 2013-04-15] (COMODO)
S3 DMService; C:\Windows\DOWNLO~1\DMService.exe [487312 2011-11-28] (Microsoft Corporation)
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] ()
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2074760 2013-04-19] ()
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-04-17] (Comodo Security Solutions, Inc.)
S2 MailService; C:\Program Files (x86)\IBM\RationalSDLC\ClearQuest\mailservice.exe [81408 2010-07-30] (IBM Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-08-01] ()
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-01-10] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-01-10] (Secunia)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [150928 2010-11-25] (Microsoft Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S2 0047471314372254mcinstcleanup; C:\Windows\TEMP\004747~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [x]
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [x]

==================== Drivers (Whitelisted) ====================

S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S1 CFRMD; C:\Windows\SysWow64\DRIVERS\CFRMD.sys [37976 2012-09-03] (Windows ® Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-04-15] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [706560 2013-04-15] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2013-04-15] (COMODO)
S3 DCamUSBNovatek; C:\Windows\System32\Drivers\nvtcam.sys [2746624 2010-07-14] (Hewlett-Packard)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows ® Win 7 DDK provider)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-04-25] (COMODO)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 icsak; \??\C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

Error(0) reading file: "C:\Windows\System32\ "
2013-05-26 15:34 - 2013-05-26 15:34 - 00000000 ____D C:\FRST
2013-05-26 15:33 - 2013-05-26 15:33 - 01915390 ____A (Farbar) C:\Users\Ben\Desktop\FRST64.exe
2013-05-25 22:38 - 2013-05-25 22:38 - 00041269 ____A C:\Users\Ben\Documents\CisReport_v6.1.276535.2808_20130525-223819.zip
2013-05-25 20:50 - 2013-05-25 22:24 - 00000000 ____D C:\Users\Ben\Documents\Medical Records
2013-05-25 14:22 - 2013-05-25 14:23 - 00025314 ____A C:\Users\Wanda\Desktop\dds.txt
2013-05-25 14:22 - 2013-05-25 14:23 - 00025288 ____A C:\Users\Wanda\Desktop\attach.txt
2013-05-25 14:15 - 2013-05-25 14:15 - 00688992 ____R (Swearware) C:\Users\Wanda\Desktop\dds.com
2013-05-24 16:16 - 2013-05-24 16:17 - 00000000 ____D C:\Program Files\My Dell
2013-05-23 23:04 - 2013-05-23 23:04 - 00041472 __ASH C:\Users\Wanda\Desktop\Thumbs.db
2013-05-23 23:04 - 2013-05-23 23:04 - 00000772 ____A C:\Users\Wanda\Desktop\Magic Briefcase.lnk
2013-05-23 22:11 - 2013-05-25 17:12 - 00260388 ____A C:\Windows\System32\Drivers\fvstore.dat
2013-05-23 22:11 - 2013-05-23 22:11 - 00000000 ___HD C:\VTRoot
2013-05-23 22:05 - 2013-05-23 22:05 - 00001861 ____A C:\Users\Public\Desktop\Virtual Comodo Dragon.lnk
2013-05-23 22:05 - 2013-05-23 22:05 - 00001838 ____A C:\Users\Public\Desktop\COMODO Internet Security.lnk
2013-05-23 22:05 - 2013-05-23 22:05 - 00000595 ____A C:\Users\Public\Desktop\Shared Space.lnk
2013-05-23 22:04 - 2013-05-26 15:34 - 01474832 ____A C:\Windows\System32\Drivers\sfi.dat
2013-05-23 22:03 - 2013-05-23 22:05 - 00000000 ___SD C:\ProgramData\Shared Space
2013-05-23 22:03 - 2013-05-23 22:05 - 00000000 ____D C:\ProgramData\COMODO
2013-05-23 22:03 - 2013-05-23 22:03 - 00002009 ____A C:\Users\Public\Desktop\AntiError.lnk
2013-05-23 22:03 - 2013-05-23 22:03 - 00002005 ____A C:\Users\Public\Desktop\GeekBuddy.lnk
2013-05-23 22:03 - 2013-05-23 22:03 - 00000000 ____D C:\Program Files\COMODO
2013-05-23 22:02 - 2013-05-24 11:37 - 00056072 ____A (COMODO CA Limited) C:\Windows\System32\certsentry.dll
2013-05-23 22:02 - 2013-05-24 11:37 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-05-23 22:02 - 2013-05-23 22:02 - 00047368 ____A (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-05-23 22:02 - 2013-05-23 22:02 - 00001078 ____A C:\Users\Public\Desktop\Comodo Dragon.lnk
2013-05-23 22:02 - 2013-05-23 22:02 - 00000000 ____D C:\Users\Wanda\AppData\Local\Comodo
2013-05-23 22:02 - 2013-05-23 22:02 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-05-23 20:46 - 2013-05-23 20:46 - 00000000 ____D C:\Program Files (x86)\Check Point Software Technologies LTD
2013-05-23 20:34 - 2013-05-23 20:34 - 02297032 ____A (Check Point Software Technologies LTD) C:\Users\Ben\Downloads\clean.exe
2013-05-23 18:22 - 2013-05-23 21:57 - 00000000 ____D C:\Program Files\CheckPoint
2013-05-23 18:22 - 2013-05-23 18:22 - 00000000 ____D C:\Users\Wanda\Documents\ForceField Shared Files
2013-05-23 18:20 - 2013-05-23 21:56 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2013-05-23 17:28 - 2013-05-23 20:46 - 00000377 ____A C:\user.js
2013-05-23 17:25 - 2013-05-23 17:25 - 00000446 ____A C:\Users\Wanda\Desktop\New Text Document.txt
2013-05-23 12:27 - 2013-05-23 12:27 - 00003584 ____A C:\Users\Ben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-23 12:27 - 2013-05-23 12:27 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Verizon
2013-05-23 10:58 - 2013-05-23 12:13 - 00000000 ___SD C:\Users\Ben\Documents\My Shapes
2013-05-23 10:56 - 2013-05-23 18:40 - 00000039 ____A C:\Windows\vbaddin.ini
2013-05-23 10:27 - 2013-05-23 10:28 - 186450320 ____A (Microsoft Corporation) C:\Users\Ben\Downloads\visio2010sp1-kb2460061-x64-fullfile-en-us.exe
2013-05-21 13:44 - 2013-05-26 15:15 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-05-21 13:44 - 2013-05-21 13:44 - 00001936 ____A C:\Users\Public\Desktop\Dell DataSafe Online.lnk
2013-05-18 12:53 - 2013-05-26 15:24 - 00002072 ____A C:\Windows\setupact.log
2013-05-18 12:53 - 2013-05-18 12:53 - 00000000 ____A C:\Windows\setuperr.log
2013-05-18 12:52 - 2013-05-23 21:57 - 00057878 ____A C:\Windows\PFRO.log
2013-05-18 10:19 - 2013-05-18 10:19 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-05-18 10:19 - 2013-05-18 10:19 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-05-18 10:19 - 2013-05-18 10:19 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-05-18 10:19 - 2013-05-18 10:19 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-05-18 09:51 - 2013-05-18 09:51 - 00000000 ____D C:\ProgramData\InstallMate
2013-05-18 09:45 - 2013-05-18 09:45 - 00001041 ____A C:\Users\Public\Desktop\SpywareBlaster.lnk
2013-05-18 09:45 - 2013-05-18 09:45 - 00000000 ____D C:\ProgramData\Licenses
2013-05-15 20:38 - 2013-04-05 01:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-15 20:38 - 2013-04-05 01:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-15 20:38 - 2013-04-05 01:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-15 20:38 - 2013-04-05 01:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 20:38 - 2013-04-05 01:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-15 20:38 - 2013-04-05 01:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-15 20:38 - 2013-04-05 01:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-15 20:38 - 2013-04-05 01:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-15 20:38 - 2013-04-05 01:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-15 20:38 - 2013-04-05 01:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 20:38 - 2013-04-05 01:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-15 20:38 - 2013-04-05 01:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-15 20:38 - 2013-04-05 01:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-15 20:38 - 2013-04-05 01:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-15 20:38 - 2013-04-05 00:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-15 20:38 - 2013-04-05 00:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-15 20:38 - 2013-04-05 00:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-15 20:38 - 2013-04-05 00:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-15 20:38 - 2013-04-05 00:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-15 20:38 - 2013-04-05 00:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-15 20:38 - 2013-04-05 00:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-15 20:38 - 2013-04-05 00:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-15 20:38 - 2013-04-05 00:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-15 20:38 - 2013-04-05 00:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-15 20:38 - 2013-04-05 00:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-15 20:38 - 2013-04-05 00:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-15 20:38 - 2013-04-05 00:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-15 20:38 - 2013-04-04 23:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-15 20:38 - 2013-04-04 23:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 20:38 - 2013-04-04 22:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-15 20:38 - 2013-04-04 22:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-15 09:33 - 2013-04-10 01:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 09:33 - 2013-04-10 01:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 09:33 - 2011-02-03 06:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 09:32 - 2013-04-09 22:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 09:32 - 2013-03-19 00:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 09:32 - 2013-03-19 00:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-15 09:32 - 2013-02-27 01:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 09:32 - 2013-02-27 00:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 09:32 - 2013-02-27 00:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 09:32 - 2013-02-27 00:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 09:32 - 2013-02-27 00:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 09:32 - 2013-02-26 23:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 09:32 - 2013-02-26 23:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 09:32 - 2013-02-26 23:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-11 16:42 - 2013-05-11 16:42 - 01912927 ____A C:\Users\Zachary\Downloads\Sonic the Hedgehog 1.0.zip
2013-05-11 14:14 - 2013-05-11 14:14 - 00000023 ____A C:\Users\Zachary\Desktop\HI.txt
2013-05-05 15:01 - 2013-05-05 15:01 - 00030488 ____A C:\Users\Zachary\Desktop\hs_err_pid5468.log
2013-05-04 11:51 - 2013-05-04 11:51 - 00000000 ____D C:\Users\Zachary\AppData\Roaming\Mozilla
2013-05-01 14:59 - 2013-05-01 14:59 - 00000614 ____A C:\Users\Ben\Desktop\start.java
2013-05-01 10:36 - 2013-05-01 10:36 - 00000000 ___SD C:\Users\Ben\Documents\My Data Sources

==================== One Month Modified Files and Folders =======

2013-05-26 15:34 - 2013-05-26 15:34 - 00000000 ____D C:\FRST
2013-05-26 15:34 - 2013-05-23 22:04 - 01474832 ____A C:\Windows\System32\Drivers\sfi.dat
2013-05-26 15:33 - 2013-05-26 15:33 - 01915390 ____A (Farbar) C:\Users\Ben\Desktop\FRST64.exe
2013-05-26 15:29 - 2012-08-26 13:51 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-26 15:28 - 2011-03-02 16:33 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-05-26 15:25 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-26 15:25 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-26 15:24 - 2013-05-18 12:53 - 00002072 ____A C:\Windows\setupact.log
2013-05-26 15:16 - 2012-08-26 13:51 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-26 15:15 - 2013-05-21 13:44 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-05-26 15:15 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-26 14:54 - 2009-07-14 00:10 - 01733643 ____A C:\Windows\WindowsUpdate.log
2013-05-26 14:38 - 2012-04-24 16:18 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1145637048-450267307-2219416244-1004UA.job
2013-05-26 14:38 - 2012-04-24 16:18 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1145637048-450267307-2219416244-1004Core.job
2013-05-26 14:11 - 2012-03-28 07:40 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-25 22:38 - 2013-05-25 22:38 - 00041269 ____A C:\Users\Ben\Documents\CisReport_v6.1.276535.2808_20130525-223819.zip
2013-05-25 22:24 - 2013-05-25 20:50 - 00000000 ____D C:\Users\Ben\Documents\Medical Records
2013-05-25 17:12 - 2013-05-23 22:11 - 00260388 ____A C:\Windows\System32\Drivers\fvstore.dat
2013-05-25 15:53 - 2012-04-14 15:06 - 00000000 ____D C:\Users\Ben\Documents\Training
2013-05-25 14:23 - 2013-05-25 14:22 - 00025314 ____A C:\Users\Wanda\Desktop\dds.txt
2013-05-25 14:23 - 2013-05-25 14:22 - 00025288 ____A C:\Users\Wanda\Desktop\attach.txt
2013-05-25 14:15 - 2013-05-25 14:15 - 00688992 ____R (Swearware) C:\Users\Wanda\Desktop\dds.com
2013-05-25 13:56 - 2011-06-20 02:16 - 00000000 ____D C:\users\Big Disk Backup
2013-05-24 18:01 - 2011-03-03 20:54 - 00000000 ____D C:\Users\Ben\AppData\Local\SoftGrid Client
2013-05-24 16:46 - 2011-06-20 06:17 - 00000000 ____D C:\Users\Big Disk Backup\Desktop Ezbackup
2013-05-24 16:17 - 2013-05-24 16:16 - 00000000 ____D C:\Program Files\My Dell
2013-05-24 16:17 - 2011-06-20 09:05 - 00000000 ____D C:\Program Files\Dell Support Center
2013-05-24 16:16 - 2011-02-25 10:00 - 00000000 ____D C:\ProgramData\PCDr
2013-05-24 11:37 - 2013-05-23 22:02 - 00056072 ____A (COMODO CA Limited) C:\Windows\System32\certsentry.dll
2013-05-24 11:37 - 2013-05-23 22:02 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-05-23 23:11 - 2012-07-10 10:45 - 00000000 ____D C:\Users\Wanda\Documents\Magic Briefcase
2013-05-23 23:04 - 2013-05-23 23:04 - 00041472 __ASH C:\Users\Wanda\Desktop\Thumbs.db
2013-05-23 23:04 - 2013-05-23 23:04 - 00000772 ____A C:\Users\Wanda\Desktop\Magic Briefcase.lnk
2013-05-23 23:04 - 2012-07-10 10:52 - 00000000 ____D C:\Users\Wanda\AppData\Local\SugarSync
2013-05-23 22:11 - 2013-05-23 22:11 - 00000000 ___HD C:\VTRoot
2013-05-23 22:05 - 2013-05-23 22:05 - 00001861 ____A C:\Users\Public\Desktop\Virtual Comodo Dragon.lnk
2013-05-23 22:05 - 2013-05-23 22:05 - 00001838 ____A C:\Users\Public\Desktop\COMODO Internet Security.lnk
2013-05-23 22:05 - 2013-05-23 22:05 - 00000595 ____A C:\Users\Public\Desktop\Shared Space.lnk
2013-05-23 22:05 - 2013-05-23 22:03 - 00000000 ___SD C:\ProgramData\Shared Space
2013-05-23 22:05 - 2013-05-23 22:03 - 00000000 ____D C:\ProgramData\COMODO
2013-05-23 22:03 - 2013-05-23 22:03 - 00002009 ____A C:\Users\Public\Desktop\AntiError.lnk
2013-05-23 22:03 - 2013-05-23 22:03 - 00002005 ____A C:\Users\Public\Desktop\GeekBuddy.lnk
2013-05-23 22:03 - 2013-05-23 22:03 - 00000000 ____D C:\Program Files\COMODO
2013-05-23 22:02 - 2013-05-23 22:02 - 00047368 ____A (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-05-23 22:02 - 2013-05-23 22:02 - 00001078 ____A C:\Users\Public\Desktop\Comodo Dragon.lnk
2013-05-23 22:02 - 2013-05-23 22:02 - 00000000 ____D C:\Users\Wanda\AppData\Local\Comodo
2013-05-23 22:02 - 2013-05-23 22:02 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-05-23 21:57 - 2013-05-23 18:22 - 00000000 ____D C:\Program Files\CheckPoint
2013-05-23 21:57 - 2013-05-18 12:52 - 00057878 ____A C:\Windows\PFRO.log
2013-05-23 21:56 - 2013-05-23 18:20 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2013-05-23 21:55 - 2011-11-01 11:08 - 00000000 ____D C:\ProgramData\CheckPoint
2013-05-23 20:49 - 2011-11-01 11:09 - 00000128 ____A C:\Windows\SysWOW64\pdfl.dat
2013-05-23 20:46 - 2013-05-23 20:46 - 00000000 ____D C:\Program Files (x86)\Check Point Software Technologies LTD
2013-05-23 20:46 - 2013-05-23 17:28 - 00000377 ____A C:\user.js
2013-05-23 20:34 - 2013-05-23 20:34 - 02297032 ____A (Check Point Software Technologies LTD) C:\Users\Ben\Downloads\clean.exe
2013-05-23 20:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF
2013-05-23 19:23 - 2009-07-14 00:08 - 00032610 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-23 18:42 - 2011-05-13 17:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-23 18:40 - 2013-05-23 10:56 - 00000039 ____A C:\Windows\vbaddin.ini
2013-05-23 18:22 - 2013-05-23 18:22 - 00000000 ____D C:\Users\Wanda\Documents\ForceField Shared Files
2013-05-23 17:25 - 2013-05-23 17:25 - 00000446 ____A C:\Users\Wanda\Desktop\New Text Document.txt
2013-05-23 16:31 - 2011-02-26 11:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-05-23 12:41 - 2011-02-26 10:12 - 00000000 __SHD C:\Users\Wanda\IECompatCache
2013-05-23 12:40 - 2011-03-02 17:08 - 00000000 ____D C:\Users\Wanda\AppData\Roaming\WinPatrol
2013-05-23 12:36 - 2012-05-19 08:30 - 00000000 ____D C:\Users\Ben\AppData\Local\LogMeIn Hamachi
2013-05-23 12:33 - 2011-02-24 21:00 - 00000000 ___HD C:\users\Ben
2013-05-23 12:33 - 2011-02-24 21:00 - 00000000 ____D C:\Users\Ben\AppData\Local\VirtualStore
2013-05-23 12:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-05-23 12:27 - 2013-05-23 12:27 - 00003584 ____A C:\Users\Ben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-23 12:27 - 2013-05-23 12:27 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Verizon
2013-05-23 12:13 - 2013-05-23 10:58 - 00000000 ___SD C:\Users\Ben\Documents\My Shapes
2013-05-23 12:13 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-05-23 12:13 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-05-23 11:11 - 2009-07-13 18:19 - 00328192 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2013-05-23 10:57 - 2011-05-13 17:35 - 00000000 ____D C:\Users\Ben\AppData\Roaming\GetRightToGo
2013-05-23 10:55 - 2011-02-26 11:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2003
2013-05-23 10:54 - 2011-02-26 11:36 - 00000510 ____A C:\Windows\ODBC.INI
2013-05-23 10:53 - 2011-02-24 18:57 - 00000000 ____D C:\Program Files\Microsoft Office
2013-05-23 10:28 - 2013-05-23 10:27 - 186450320 ____A (Microsoft Corporation) C:\Users\Ben\Downloads\visio2010sp1-kb2460061-x64-fullfile-en-us.exe
2013-05-23 08:58 - 2011-03-12 11:16 - 00000000 ____D C:\Users\Ben\Desktop\Owner's Manuals - User's Guides Misc Products
2013-05-21 13:44 - 2013-05-21 13:44 - 00001936 ____A C:\Users\Public\Desktop\Dell DataSafe Online.lnk
2013-05-18 15:20 - 2011-04-14 13:53 - 00227328 __ASH C:\Users\Ben\Desktop\Thumbs.db
2013-05-18 12:53 - 2013-05-18 12:53 - 00000000 ____A C:\Windows\setuperr.log
2013-05-18 11:32 - 2012-06-02 11:19 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Ventrilo
2013-05-18 11:32 - 2012-05-27 07:28 - 00000000 ____D C:\Program Files (x86)\Steam
2013-05-18 11:32 - 2011-02-22 14:02 - 00000000 ____D C:\Windows\Panther
2013-05-18 11:06 - 2012-01-14 09:42 - 00000000 ____D C:\ProgramData\Symantec
2013-05-18 11:06 - 2012-01-14 09:41 - 00000000 ____D C:\ProgramData\Norton
2013-05-18 10:31 - 2012-04-24 14:04 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-18 10:31 - 2011-03-02 15:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-18 10:29 - 2013-01-12 22:39 - 00000784 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-05-18 10:28 - 2013-01-12 22:39 - 00000000 ____D C:\Program Files\CCleaner
2013-05-18 10:19 - 2013-05-18 10:19 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-05-18 10:19 - 2013-05-18 10:19 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-05-18 10:19 - 2013-05-18 10:19 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-05-18 10:19 - 2013-05-18 10:19 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-05-18 10:19 - 2012-06-22 15:18 - 01092512 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-05-18 10:19 - 2011-03-03 15:14 - 00000000 ____D C:\Program Files\Java
2013-05-18 10:19 - 2011-02-22 12:40 - 00971680 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-05-18 10:13 - 2011-03-30 08:59 - 00000000 ____D C:\Users\Ben\AppData\Local\Google
2013-05-18 10:09 - 2013-01-12 22:40 - 00000000 ____D C:\Program Files (x86)\Java
2013-05-18 10:08 - 2012-04-24 16:18 - 00000000 ____D C:\Users\Zachary\AppData\Local\Google
2013-05-18 10:03 - 2012-05-19 10:35 - 00001028 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-05-18 09:57 - 2011-09-22 12:39 - 00000000 ____D C:\Users\Ben\Documents\MailStore Home
2013-05-18 09:53 - 2011-02-24 18:57 - 00889486 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-05-18 09:51 - 2013-05-18 09:51 - 00000000 ____D C:\ProgramData\InstallMate
2013-05-18 09:46 - 2011-03-02 16:36 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-05-18 09:45 - 2013-05-18 09:45 - 00001041 ____A C:\Users\Public\Desktop\SpywareBlaster.lnk
2013-05-18 09:45 - 2013-05-18 09:45 - 00000000 ____D C:\ProgramData\Licenses
2013-05-16 08:10 - 2009-07-13 23:45 - 05032920 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-15 20:49 - 2009-07-13 21:34 - 00000566 ____A C:\Windows\win.ini
2013-05-15 20:44 - 2011-02-25 09:34 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 20:42 - 2009-07-14 00:13 - 00886270 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-14 20:38 - 2012-03-28 07:40 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-14 20:38 - 2011-06-07 11:40 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-11 17:03 - 2012-04-16 13:51 - 00000000 ____D C:\Users\Zachary\AppData\Roaming\.minecraft
2013-05-11 16:45 - 2012-06-14 13:00 - 00000000 ____D C:\Users\Zachary\AppData\Roaming\Skype
2013-05-11 16:42 - 2013-05-11 16:42 - 01912927 ____A C:\Users\Zachary\Downloads\Sonic the Hedgehog 1.0.zip
2013-05-11 16:32 - 2013-03-09 18:14 - 00265155 ____A C:\Users\Zachary\Desktop\server.log
2013-05-11 14:15 - 2013-01-27 08:55 - 00000000 ____D C:\Users\Zachary\Ftb
2013-05-11 14:14 - 2013-05-11 14:14 - 00000023 ____A C:\Users\Zachary\Desktop\HI.txt
2013-05-11 14:09 - 2012-05-19 08:05 - 00000000 ____D C:\Users\Zachary\AppData\Local\LogMeIn Hamachi
2013-05-05 15:01 - 2013-05-05 15:01 - 00030488 ____A C:\Users\Zachary\Desktop\hs_err_pid5468.log
2013-05-04 11:52 - 2013-01-27 08:55 - 00000000 ____D C:\Users\Zachary\AppData\Roaming\ftblauncher
2013-05-04 11:52 - 2012-07-10 12:22 - 00000000 ____D C:\Users\Zachary\AppData\Local\SugarSync
2013-05-04 11:51 - 2013-05-04 11:51 - 00000000 ____D C:\Users\Zachary\AppData\Roaming\Mozilla
2013-05-04 11:51 - 2013-01-27 08:55 - 00510899 ____A () C:\Users\Zachary\Desktop\FTB_Launcher.exe
2013-05-04 11:35 - 2008-01-25 14:28 - 00000000 ____D C:\Users\Ben\Documents\Resumes
2013-05-04 11:33 - 2011-04-12 14:09 - 00000000 ____D C:\Users\Ben\Documents\Right Management
2013-05-01 14:59 - 2013-05-01 14:59 - 00000614 ____A C:\Users\Ben\Desktop\start.java
2013-05-01 10:36 - 2013-05-01 10:36 - 00000000 ___SD C:\Users\Ben\Documents\My Data Sources

ZeroAccess:
C:\Windows\Installer\{f20a2c25-4b6d-e0c7-cc39-0d6afc90676b}
C:\Windows\Installer\{f20a2c25-4b6d-e0c7-cc39-0d6afc90676b}\@
C:\Windows\Installer\{f20a2c25-4b6d-e0c7-cc39-0d6afc90676b}\L
C:\Windows\Installer\{f20a2c25-4b6d-e0c7-cc39-0d6afc90676b}\U

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Other Malware:
===========
C:\Users\Wanda\emet_conf.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2013-05-23 11:11] - 0328192 ____A (Microsoft Corporation) 2F46C1760C531EB2B181F9076E552E8A

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAcces. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

Last Boot: 2013-03-08 14:12

==================== End Of Log ============================

 

Attached also is the Addition.txt log you requested.

 

Thank you for your assistance.

 

WandaAttached File  Addition.txt   25.11KB   2 downloads



#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:17 AM

Posted 26 May 2013 - 05:13 PM

The system is infected with ZeroAccess.
 

  1. Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Note: If the tool warned you about the outdated version please download and run the updated version.
     
  2. Please  run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search File(s) button and post the log it makes (Search.txt) to your reply.
     
  3. Depending on your system please download GrantPerms64.zip and save it to your desktop.

    Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
    Copy and paste the following in the edit box:

    C:\Windows\System32\services.exe

    Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.

Attached Files



#5 WandaT

WandaT
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 27 May 2013 - 10:14 AM

Here is the fixlog from the Fixlist FRST64 run:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-05-2013 04
Ran by Ben at 2013-05-27 09:47:10 Run:1
Running from C:\Users\Ben\Desktop
Boot Mode: Normal
==============================================

Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000007\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000007\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
C:\Windows\Installer\{f20a2c25-4b6d-e0c7-cc39-0d6afc90676b} => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting junctions and unlocking files completed successfully.
Could not move C:\Windows\assembly\GAC_64\Desktop.ini. => Scheduled to move on reboot.
C:\Users\Wanda\emet_conf.exe => Moved successfully.

=========== Result of Scheduled Files to move ===========
C:\Windows\assembly\GAC_64\Desktop.ini => File moved successfully.

==== End of Fixlog ====

 

 

Here is the search log from the FRST64 search run:

 

Farbar Recovery Scan Tool (x64) Version: 26-05-2013 04
Ran by Ben at 2013-05-27 10:03:50
Running from C:\Users\Ben\Desktop
Boot Mode: Normal

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2013-05-23 11:11] - 0328192 ____A (Microsoft Corporation) 2F46C1760C531EB2B181F9076E552E8A

C:\Windows\erdnt\cache64\services.exe
[2012-07-07 11:12] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

 

Here is the permissions log from the GrantPerm64 run:

 

GrantPerms by Farbar
Ran by Ben (administrator) at 2013-05-27 10:10:09

===============================================
\\?\C:\Windows\System32\services.exe

   Owner: BUILTIN\Administrators

   DACL(NP)(AI):
   NT AUTHORITY\SYSTEM   FULL   ALLOW   (I)
   BUILTIN\Administrators   FULL   ALLOW   (I)
   BUILTIN\Users   READ/EXECUTE   ALLOW   (I)

 

================ End Of List ================

 

Thank you for your continued assistance.

 

Wanda



#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:17 AM

Posted 27 May 2013 - 10:59 AM

Well done. We are going to replace an file with a good copy.

 

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warned you about the outdated version please download and run the updated version.

Attached Files



#7 WandaT

WandaT
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 27 May 2013 - 11:15 AM

Here is the fixlog from the successful second fix FRST64 run:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-05-2013 04
Ran by Ben at 2013-05-27 11:11:44 Run:2
Running from C:\Users\Ben\Desktop
Boot Mode: Normal
==============================================

C:\Windows\System32\services.exe => Moved successfully.
C:\Windows\erdnt\cache64\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

 

Wanda



#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:17 AM

Posted 27 May 2013 - 11:22 AM

That is taken care of. Now we repair the firewall issue.

 

Please reboot the computer once before running the tool.

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Check all the boxes.

  • Press "Scan".

  • It will create a log (FSS.txt) in the same directory the tool is run.

  • Please copy and paste the log to your reply.

 



#9 WandaT

WandaT
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 27 May 2013 - 11:36 AM

Here is the log from the FSS run:

 

Farbar Service Scanner Version: 25-05-2013
Ran by Ben (administrator) on 27-05-2013 at 11:35:15
Running from "C:\Users\Ben\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****



#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:17 AM

Posted 27 May 2013 - 11:47 AM

We need to repair those service that are removed by the malware. After this the firewall should work again.

 

  1. Please download ServicesRepair and save it to your desktop.
    • Double-click ServicesRepair.exe.
    • If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed.
    • Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
  2. Restart the computer once.
     
  3. After restart wait a little while until the system is fully booted. The run Farbar Service Scanner, check all the options and post the log it makes.

 

 


Edited by Farbar, 28 May 2013 - 01:02 AM.


#11 WandaT

WandaT
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 27 May 2013 - 12:31 PM

Here is the ServiceRepair run log:


Edited by Farbar, 27 May 2013 - 12:34 PM.
Wrong log posted


#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:17 AM

Posted 27 May 2013 - 12:36 PM

Please tell me if you did the first step and it needed a reboot. We don't need the log.

 

Please run Farbar Service Scanner in this post #8 and post the FSS.txt log.



#13 WandaT

WandaT
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 27 May 2013 - 12:47 PM

Yes I did the first step to run the ServicesRepair tool and did the reboot.

 

Below is the FSS.txt log from the Farbar Service Scanner run:

 

Farbar Service Scanner Version: 25-05-2013
Ran by Ben (administrator) on 27-05-2013 at 12:44:25
Running from "C:\Users\Ben\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****



#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:17 AM

Posted 27 May 2013 - 12:52 PM

The service repair tool didn't work.

 

Please post a fresh FRST log. This time it makes only one log (FRST.txt) please post it to your reply.



#15 WandaT

WandaT
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 27 May 2013 - 07:09 PM

I am back from getting ready for our Memorial Day dinner.  Sorry the service tool didn't repair correctly.  I thought I did all the steps correctly.

 

Below is a fresh FRST log as requested.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-05-2013
Ran by Ben (administrator) on 27-05-2013 19:07:01
Running from C:\Users\Ben\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(Comodo Security Solutions Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(SugarSync, Inc.) C:\Program Files (x86)\SugarSync\SugarSyncManager.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Button Manager\BM.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_202_ActiveX.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(SUPERAntiSpyware.com) C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Farbar) C:\Users\Ben\Desktop\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] ()
HKLM\...\Run: [ISW]  [x]
HKLM\...\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [3603152 2013-04-15] (COMODO)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true [11262304 2013-04-03] (SugarSync, Inc.)
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-08-26] (Google Inc.)
HKCU\...\Run: [Google Update] C:\Users\Ben\AppData\Local\Google\Update\GOOGLEUPDATE.EXE  /c [x]
HKCU\...\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot [423144 2013-04-26] (BillP Studios)
HKLM-x32\...\Run: [WinPatrol [FREE Edition]] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot [423144 2013-04-26] (BillP Studios)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [gbrspcontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave [1851088 2013-04-17] (Comodo Security Solutions, Inc.)
HKU\Wanda\...\Run: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true [11262304 2013-04-03] (SugarSync, Inc.)
HKU\Wanda\...\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot [423144 2013-04-26] (BillP Studios)
HKU\Wanda\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-08-26] (Google Inc.)
HKU\Wanda\...\Policies\system: [LogonHoursAction] 2
HKU\Wanda\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Zachary\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1635752 2013-05-03] (Valve Corporation)
HKU\Zachary\...\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup [44544 2009-07-13] (Microsoft Corporation)
HKU\Zachary\...\Run: [Verizon Media Manager] C:\Program Files (x86)\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe 0 [1523712 2012-05-09] ()
HKU\Zachary\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\Zachary\...\Run: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true [11262304 2013-04-03] (SugarSync, Inc.)
HKU\Zachary\...\Run: [Google Update] "C:\Users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-03-27] (Google Inc.)
HKU\Zachary\...\Policies\system: [LogonHoursAction] 2
HKU\Zachary\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Button Manager.lnk
ShortcutTarget: HP Button Manager.lnk -> C:\Program Files (x86)\HP\Button Manager\BM.exe (Hewlett-Packard)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions Inc.)
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Internet Explorer.lnk
ShortcutTarget: Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %Systemroot%\system32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %Systemroot%\SysWow64\webcheck.dll No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: (No Name) - {3d68e927-6002-6bb4-7940-c297f1177192} -  No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKCU - {270D234F-3423-4CC7-B9B2-B510EB2F2950} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {44475ACF-AC79-4352-B49B-5C569BA1927D} URL =
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKCU - {7CDACF45-922A-46D8-AD69-614F9154CD8A} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=05E10F73-000B-4D87-A4B5-7943689E658E&apn_sauid=35AC7148-45F0-447F-A78D-D4B3AD10C090&
SearchScopes: HKCU - {A59C167F-298F-30E1-8F0D-B7ED3F450647} URL = http://www.startnow.com/s/?q={searchTerms}&src=defsearch&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=DPGL15&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110603&user_guid=317C6F2DA8B24C1A8CB2245DB99A9C74&machine_id=fa06070256097679a7160ec23306013f&browser=IE&os=win&os_version=6.1-x64-SP1
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
SearchScopes: HKCU - {D0D0B485-B95B-4F21-BB5E-3B8888AA1B14} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120102,0,0,0,0
SearchScopes: HKCU - {EEEB321A-F50B-4198-9031-EA456F49633E} URL = http://delicious.com/search?p={searchTerms}
BHO: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -  No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll (Montera Technologeis LTD)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -  No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
Toolbar: HKLM-x32 - Verizon Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll (Montera Technologeis LTD)
Toolbar: HKCU - No Name - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} -  No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {51A86BB3-6602-4C85-92A5-130EE4864F13} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
PDF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
PDF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
PDF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
PDF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
PDF: HKLM-x32 {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://ra.fanniemae.com/InternalSite/WhlCompMgr.cab
PDF: HKLM-x32 {BAD4FE2C-503B-45CC-88CD-4B0574057D11} http://clients.futuremark.com/calico/systeminfodeploy/FMSI_v420.cab
PDF: HKLM-x32 {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} http://download.mcafee.com/molbin/shared/McMySec/en-us/1,0,0,2/mcmysec.cab
PDF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
PDF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://rsvpn.raytheon.com/dana-cached/sc/JuniperSetupClient.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: msdaipp - No CLSID Value -
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR HomePage: hxxp://www.minecraft.net/
CHR RestoreOnStartup: "hxxp://www.minecraft.net/", "hxxp://www.youtube.com/", "hxxp://www.creeperhost.net/", ""
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java™ Platform SE 6 U45) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
CHR Plugin: (WPI Detector 1.4) - C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll (Microsoft Corp)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.110.21) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Docs) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-10-18] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70344 2013-04-17] (Comodo Security Solutions Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5784472 2013-04-25] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [158928 2013-04-15] (COMODO)
S3 DMService; C:\Windows\DOWNLO~1\DMService.exe [487312 2011-11-28] (Microsoft Corporation)
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] ()
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2074760 2013-04-19] ()
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-04-17] (Comodo Security Solutions, Inc.)
S2 MailService; C:\Program Files (x86)\IBM\RationalSDLC\ClearQuest\mailservice.exe [81408 2010-07-30] (IBM Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-08-01] ()
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-01-10] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-01-10] (Secunia)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [150928 2010-11-25] (Microsoft Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S2 0047471314372254mcinstcleanup; C:\Windows\TEMP\004747~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [x]
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [x]

==================== Drivers (Whitelisted) ====================

S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S1 CFRMD; C:\Windows\SysWow64\DRIVERS\CFRMD.sys [37976 2012-09-03] (Windows ® Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-04-15] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [706560 2013-04-15] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2013-04-15] (COMODO)
S3 DCamUSBNovatek; C:\Windows\System32\Drivers\nvtcam.sys [2746624 2010-07-14] (Hewlett-Packard)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows ® Win 7 DDK provider)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-04-25] (COMODO)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 icsak; \??\C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

Error(0) reading file: "C:\Windows\System32\ "
2013-05-27 18:57 - 2013-05-27 18:57 - 00193651 ____A C:\Users\Ben\Downloads\Steve Jobs Powerpoint.pptx
2013-05-27 12:44 - 2013-05-27 12:44 - 00004308 ____A C:\Users\Ben\Desktop\FSS2.txt
2013-05-27 12:06 - 2013-05-27 12:06 - 01915616 ____A (Farbar) C:\Users\Ben\Desktop\FRST64.exe
2013-05-27 11:56 - 2013-05-27 11:56 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-05-27 11:52 - 2013-05-27 11:52 - 04009167 ____A C:\Users\Ben\Desktop\ServicesRepair.exe
2013-05-27 11:35 - 2013-05-27 11:35 - 00004308 ____A C:\Users\Ben\Desktop\FSS1.txt
2013-05-27 11:34 - 2013-05-27 11:34 - 00354297 ____A (Farbar) C:\Users\Ben\Desktop\FSS.exe
2013-05-27 10:07 - 2013-05-27 10:10 - 00000410 ____A C:\Users\Ben\Desktop\Perms.txt
2013-05-27 10:07 - 2013-05-27 10:10 - 00000000 ____D C:\Users\Ben\Desktop\GrantPerms64
2013-05-27 10:06 - 2013-05-27 10:06 - 00628779 ____A C:\Users\Ben\Downloads\GrantPerms64.zip
2013-05-27 10:03 - 2013-05-27 10:06 - 00000793 ____A C:\Users\Ben\Desktop\Search.txt
2013-05-26 15:34 - 2013-05-27 09:59 - 00000000 ____D C:\FRST
2013-05-25 22:38 - 2013-05-25 22:38 - 00041269 ____A C:\Users\Ben\Documents\CisReport_v6.1.276535.2808_20130525-223819.zip
2013-05-25 20:50 - 2013-05-25 22:24 - 00000000 ____D C:\Users\Ben\Documents\Medical Records
2013-05-25 14:22 - 2013-05-25 14:23 - 00025314 ____A C:\Users\Wanda\Desktop\dds.txt
2013-05-25 14:22 - 2013-05-25 14:23 - 00025288 ____A C:\Users\Wanda\Desktop\attach.txt
2013-05-25 14:15 - 2013-05-25 14:15 - 00688992 ____R (Swearware) C:\Users\Wanda\Desktop\dds.com
2013-05-24 16:16 - 2013-05-24 16:17 - 00000000 ____D C:\Program Files\My Dell
2013-05-23 23:04 - 2013-05-23 23:04 - 00041472 __ASH C:\Users\Wanda\Desktop\Thumbs.db
2013-05-23 23:04 - 2013-05-23 23:04 - 00000772 ____A C:\Users\Wanda\Desktop\Magic Briefcase.lnk
2013-05-23 22:11 - 2013-05-25 17:12 - 00260388 ____A C:\Windows\System32\Drivers\fvstore.dat
2013-05-23 22:11 - 2013-05-23 22:11 - 00000000 ___HD C:\VTRoot
2013-05-23 22:05 - 2013-05-23 22:05 - 00001861 ____A C:\Users\Public\Desktop\Virtual Comodo Dragon.lnk
2013-05-23 22:05 - 2013-05-23 22:05 - 00001838 ____A C:\Users\Public\Desktop\COMODO Internet Security.lnk
2013-05-23 22:05 - 2013-05-23 22:05 - 00000595 ____A C:\Users\Public\Desktop\Shared Space.lnk
2013-05-23 22:04 - 2013-05-27 19:00 - 01474832 ____A C:\Windows\System32\Drivers\sfi.dat
2013-05-23 22:03 - 2013-05-23 22:05 - 00000000 ___SD C:\ProgramData\Shared Space
2013-05-23 22:03 - 2013-05-23 22:05 - 00000000 ____D C:\ProgramData\COMODO
2013-05-23 22:03 - 2013-05-23 22:03 - 00002009 ____A C:\Users\Public\Desktop\AntiError.lnk
2013-05-23 22:03 - 2013-05-23 22:03 - 00002005 ____A C:\Users\Public\Desktop\GeekBuddy.lnk
2013-05-23 22:03 - 2013-05-23 22:03 - 00000000 ____D C:\Program Files\COMODO
2013-05-23 22:02 - 2013-05-24 11:37 - 00056072 ____A (COMODO CA Limited) C:\Windows\System32\certsentry.dll
2013-05-23 22:02 - 2013-05-24 11:37 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-05-23 22:02 - 2013-05-23 22:02 - 00047368 ____A (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-05-23 22:02 - 2013-05-23 22:02 - 00001078 ____A C:\Users\Public\Desktop\Comodo Dragon.lnk
2013-05-23 22:02 - 2013-05-23 22:02 - 00000000 ____D C:\Users\Wanda\AppData\Local\Comodo
2013-05-23 22:02 - 2013-05-23 22:02 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-05-23 20:46 - 2013-05-23 20:46 - 00000000 ____D C:\Program Files (x86)\Check Point Software Technologies LTD
2013-05-23 20:34 - 2013-05-23 20:34 - 02297032 ____A (Check Point Software Technologies LTD) C:\Users\Ben\Downloads\clean.exe
2013-05-23 18:22 - 2013-05-23 21:57 - 00000000 ____D C:\Program Files\CheckPoint
2013-05-23 18:22 - 2013-05-23 18:22 - 00000000 ____D C:\Users\Wanda\Documents\ForceField Shared Files
2013-05-23 18:20 - 2013-05-23 21:56 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2013-05-23 17:28 - 2013-05-23 20:46 - 00000377 ____A C:\user.js
2013-05-23 17:25 - 2013-05-23 17:25 - 00000446 ____A C:\Users\Wanda\Desktop\New Text Document.txt
2013-05-23 12:27 - 2013-05-23 12:27 - 00003584 ____A C:\Users\Ben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-23 12:27 - 2013-05-23 12:27 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Verizon
2013-05-23 10:58 - 2013-05-23 12:13 - 00000000 ___SD C:\Users\Ben\Documents\My Shapes
2013-05-23 10:56 - 2013-05-23 18:40 - 00000039 ____A C:\Windows\vbaddin.ini
2013-05-23 10:27 - 2013-05-23 10:28 - 186450320 ____A (Microsoft Corporation) C:\Users\Ben\Downloads\visio2010sp1-kb2460061-x64-fullfile-en-us.exe
2013-05-21 13:44 - 2013-05-27 18:51 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-05-21 13:44 - 2013-05-21 13:44 - 00001936 ____A C:\Users\Public\Desktop\Dell DataSafe Online.lnk
2013-05-18 12:53 - 2013-05-27 18:50 - 00002744 ____A C:\Windows\setupact.log
2013-05-18 12:53 - 2013-05-18 12:53 - 00000000 ____A C:\Windows\setuperr.log
2013-05-18 12:52 - 2013-05-23 21:57 - 00057878 ____A C:\Windows\PFRO.log
2013-05-18 10:19 - 2013-05-18 10:19 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-05-18 10:19 - 2013-05-18 10:19 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-05-18 10:19 - 2013-05-18 10:19 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-05-18 10:19 - 2013-05-18 10:19 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-05-18 09:51 - 2013-05-18 09:51 - 00000000 ____D C:\ProgramData\InstallMate
2013-05-18 09:45 - 2013-05-18 09:45 - 00001041 ____A C:\Users\Public\Desktop\SpywareBlaster.lnk
2013-05-18 09:45 - 2013-05-18 09:45 - 00000000 ____D C:\ProgramData\Licenses
2013-05-15 20:38 - 2013-04-05 01:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-15 20:38 - 2013-04-05 01:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-15 20:38 - 2013-04-05 01:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-15 20:38 - 2013-04-05 01:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 20:38 - 2013-04-05 01:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-15 20:38 - 2013-04-05 01:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-15 20:38 - 2013-04-05 01:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-15 20:38 - 2013-04-05 01:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-15 20:38 - 2013-04-05 01:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-15 20:38 - 2013-04-05 01:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 20:38 - 2013-04-05 01:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-15 20:38 - 2013-04-05 01:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-15 20:38 - 2013-04-05 01:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-15 20:38 - 2013-04-05 01:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-15 20:38 - 2013-04-05 00:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-15 20:38 - 2013-04-05 00:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-15 20:38 - 2013-04-05 00:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-15 20:38 - 2013-04-05 00:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-15 20:38 - 2013-04-05 00:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-15 20:38 - 2013-04-05 00:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-15 20:38 - 2013-04-05 00:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-15 20:38 - 2013-04-05 00:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-15 20:38 - 2013-04-05 00:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-15 20:38 - 2013-04-05 00:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-15 20:38 - 2013-04-05 00:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-15 20:38 - 2013-04-05 00:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-15 20:38 - 2013-04-05 00:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-15 20:38 - 2013-04-04 23:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-15 20:38 - 2013-04-04 23:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 20:38 - 2013-04-04 22:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-15 20:38 - 2013-04-04 22:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-15 09:33 - 2013-04-10 01:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 09:33 - 2013-04-10 01:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 09:33 - 2011-02-03 06:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 09:32 - 2013-04-09 22:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 09:32 - 2013-03-19 00:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 09:32 - 2013-03-19 00:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-15 09:32 - 2013-02-27 01:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 09:32 - 2013-02-27 00:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 09:32 - 2013-02-27 00:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 09:32 - 2013-02-27 00:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 09:32 - 2013-02-27 00:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 09:32 - 2013-02-26 23:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 09:32 - 2013-02-26 23:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 09:32 - 2013-02-26 23:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-11 16:42 - 2013-05-11 16:42 - 01912927 ____A C:\Users\Zachary\Downloads\Sonic the Hedgehog 1.0.zip
2013-05-11 14:14 - 2013-05-11 14:14 - 00000023 ____A C:\Users\Zachary\Desktop\HI.txt
2013-05-05 15:01 - 2013-05-05 15:01 - 00030488 ____A C:\Users\Zachary\Desktop\hs_err_pid5468.log
2013-05-04 11:51 - 2013-05-04 11:51 - 00000000 ____D C:\Users\Zachary\AppData\Roaming\Mozilla
2013-05-01 14:59 - 2013-05-01 14:59 - 00000614 ____A C:\Users\Ben\Desktop\start.java
2013-05-01 10:36 - 2013-05-01 10:36 - 00000000 ___SD C:\Users\Ben\Documents\My Data Sources

==================== One Month Modified Files and Folders =======

2013-05-27 19:00 - 2013-05-23 22:04 - 01474832 ____A C:\Windows\System32\Drivers\sfi.dat
2013-05-27 19:00 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-27 19:00 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-27 18:57 - 2013-05-27 18:57 - 00193651 ____A C:\Users\Ben\Downloads\Steve Jobs Powerpoint.pptx
2013-05-27 18:51 - 2013-05-21 13:44 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-05-27 18:51 - 2012-08-26 13:51 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-27 18:51 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-27 18:50 - 2013-05-18 12:53 - 00002744 ____A C:\Windows\setupact.log
2013-05-27 17:46 - 2009-07-14 00:10 - 01768430 ____A C:\Windows\WindowsUpdate.log
2013-05-27 17:38 - 2012-04-24 16:18 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1145637048-450267307-2219416244-1004UA.job
2013-05-27 17:29 - 2012-08-26 13:51 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-27 17:11 - 2012-03-28 07:40 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-27 14:38 - 2012-04-24 16:18 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1145637048-450267307-2219416244-1004Core.job
2013-05-27 14:20 - 2012-04-14 15:06 - 00000000 ____D C:\Users\Ben\Documents\Training
2013-05-27 12:44 - 2013-05-27 12:44 - 00004308 ____A C:\Users\Ben\Desktop\FSS2.txt
2013-05-27 12:06 - 2013-05-27 12:06 - 01915616 ____A (Farbar) C:\Users\Ben\Desktop\FRST64.exe
2013-05-27 11:56 - 2013-05-27 11:56 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-05-27 11:52 - 2013-05-27 11:52 - 04009167 ____A C:\Users\Ben\Desktop\ServicesRepair.exe
2013-05-27 11:35 - 2013-05-27 11:35 - 00004308 ____A C:\Users\Ben\Desktop\FSS1.txt
2013-05-27 11:34 - 2013-05-27 11:34 - 00354297 ____A (Farbar) C:\Users\Ben\Desktop\FSS.exe
2013-05-27 10:10 - 2013-05-27 10:07 - 00000410 ____A C:\Users\Ben\Desktop\Perms.txt
2013-05-27 10:10 - 2013-05-27 10:07 - 00000000 ____D C:\Users\Ben\Desktop\GrantPerms64
2013-05-27 10:06 - 2013-05-27 10:06 - 00628779 ____A C:\Users\Ben\Downloads\GrantPerms64.zip
2013-05-27 10:06 - 2013-05-27 10:03 - 00000793 ____A C:\Users\Ben\Desktop\Search.txt
2013-05-27 09:59 - 2013-05-26 15:34 - 00000000 ____D C:\FRST
2013-05-27 09:53 - 2011-02-24 18:00 - 00000000 ____D C:\users\Wanda
2013-05-26 15:28 - 2011-03-02 16:33 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-05-25 22:38 - 2013-05-25 22:38 - 00041269 ____A C:\Users\Ben\Documents\CisReport_v6.1.276535.2808_20130525-223819.zip
2013-05-25 22:24 - 2013-05-25 20:50 - 00000000 ____D C:\Users\Ben\Documents\Medical Records
2013-05-25 17:12 - 2013-05-23 22:11 - 00260388 ____A C:\Windows\System32\Drivers\fvstore.dat
2013-05-25 14:23 - 2013-05-25 14:22 - 00025314 ____A C:\Users\Wanda\Desktop\dds.txt
2013-05-25 14:23 - 2013-05-25 14:22 - 00025288 ____A C:\Users\Wanda\Desktop\attach.txt
2013-05-25 14:15 - 2013-05-25 14:15 - 00688992 ____R (Swearware) C:\Users\Wanda\Desktop\dds.com
2013-05-25 13:56 - 2011-06-20 02:16 - 00000000 ____D C:\users\Big Disk Backup
2013-05-24 18:01 - 2011-03-03 20:54 - 00000000 ____D C:\Users\Ben\AppData\Local\SoftGrid Client
2013-05-24 16:46 - 2011-06-20 06:17 - 00000000 ____D C:\Users\Big Disk Backup\Desktop Ezbackup
2013-05-24 16:17 - 2013-05-24 16:16 - 00000000 ____D C:\Program Files\My Dell
2013-05-24 16:17 - 2011-06-20 09:05 - 00000000 ____D C:\Program Files\Dell Support Center
2013-05-24 16:16 - 2011-02-25 10:00 - 00000000 ____D C:\ProgramData\PCDr
2013-05-24 11:37 - 2013-05-23 22:02 - 00056072 ____A (COMODO CA Limited) C:\Windows\System32\certsentry.dll
2013-05-24 11:37 - 2013-05-23 22:02 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-05-23 23:11 - 2012-07-10 10:45 - 00000000 ____D C:\Users\Wanda\Documents\Magic Briefcase
2013-05-23 23:04 - 2013-05-23 23:04 - 00041472 __ASH C:\Users\Wanda\Desktop\Thumbs.db
2013-05-23 23:04 - 2013-05-23 23:04 - 00000772 ____A C:\Users\Wanda\Desktop\Magic Briefcase.lnk
2013-05-23 23:04 - 2012-07-10 10:52 - 00000000 ____D C:\Users\Wanda\AppData\Local\SugarSync
2013-05-23 22:11 - 2013-05-23 22:11 - 00000000 ___HD C:\VTRoot
2013-05-23 22:05 - 2013-05-23 22:05 - 00001861 ____A C:\Users\Public\Desktop\Virtual Comodo Dragon.lnk
2013-05-23 22:05 - 2013-05-23 22:05 - 00001838 ____A C:\Users\Public\Desktop\COMODO Internet Security.lnk
2013-05-23 22:05 - 2013-05-23 22:05 - 00000595 ____A C:\Users\Public\Desktop\Shared Space.lnk
2013-05-23 22:05 - 2013-05-23 22:03 - 00000000 ___SD C:\ProgramData\Shared Space
2013-05-23 22:05 - 2013-05-23 22:03 - 00000000 ____D C:\ProgramData\COMODO
2013-05-23 22:03 - 2013-05-23 22:03 - 00002009 ____A C:\Users\Public\Desktop\AntiError.lnk
2013-05-23 22:03 - 2013-05-23 22:03 - 00002005 ____A C:\Users\Public\Desktop\GeekBuddy.lnk
2013-05-23 22:03 - 2013-05-23 22:03 - 00000000 ____D C:\Program Files\COMODO
2013-05-23 22:02 - 2013-05-23 22:02 - 00047368 ____A (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-05-23 22:02 - 2013-05-23 22:02 - 00001078 ____A C:\Users\Public\Desktop\Comodo Dragon.lnk
2013-05-23 22:02 - 2013-05-23 22:02 - 00000000 ____D C:\Users\Wanda\AppData\Local\Comodo
2013-05-23 22:02 - 2013-05-23 22:02 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-05-23 21:57 - 2013-05-23 18:22 - 00000000 ____D C:\Program Files\CheckPoint
2013-05-23 21:57 - 2013-05-18 12:52 - 00057878 ____A C:\Windows\PFRO.log
2013-05-23 21:56 - 2013-05-23 18:20 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2013-05-23 21:55 - 2011-11-01 11:08 - 00000000 ____D C:\ProgramData\CheckPoint
2013-05-23 20:49 - 2011-11-01 11:09 - 00000128 ____A C:\Windows\SysWOW64\pdfl.dat
2013-05-23 20:46 - 2013-05-23 20:46 - 00000000 ____D C:\Program Files (x86)\Check Point Software Technologies LTD
2013-05-23 20:46 - 2013-05-23 17:28 - 00000377 ____A C:\user.js
2013-05-23 20:34 - 2013-05-23 20:34 - 02297032 ____A (Check Point Software Technologies LTD) C:\Users\Ben\Downloads\clean.exe
2013-05-23 20:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF
2013-05-23 19:23 - 2009-07-14 00:08 - 00032610 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-23 18:42 - 2011-05-13 17:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-23 18:40 - 2013-05-23 10:56 - 00000039 ____A C:\Windows\vbaddin.ini
2013-05-23 18:22 - 2013-05-23 18:22 - 00000000 ____D C:\Users\Wanda\Documents\ForceField Shared Files
2013-05-23 17:25 - 2013-05-23 17:25 - 00000446 ____A C:\Users\Wanda\Desktop\New Text Document.txt
2013-05-23 16:31 - 2011-02-26 11:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-05-23 12:41 - 2011-02-26 10:12 - 00000000 __SHD C:\Users\Wanda\IECompatCache
2013-05-23 12:40 - 2011-03-02 17:08 - 00000000 ____D C:\Users\Wanda\AppData\Roaming\WinPatrol
2013-05-23 12:36 - 2012-05-19 08:30 - 00000000 ____D C:\Users\Ben\AppData\Local\LogMeIn Hamachi
2013-05-23 12:33 - 2011-02-24 21:00 - 00000000 ___HD C:\users\Ben
2013-05-23 12:33 - 2011-02-24 21:00 - 00000000 ____D C:\Users\Ben\AppData\Local\VirtualStore
2013-05-23 12:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-05-23 12:27 - 2013-05-23 12:27 - 00003584 ____A C:\Users\Ben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-23 12:27 - 2013-05-23 12:27 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Verizon
2013-05-23 12:13 - 2013-05-23 10:58 - 00000000 ___SD C:\Users\Ben\Documents\My Shapes
2013-05-23 12:13 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-05-23 12:13 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-05-23 10:57 - 2011-05-13 17:35 - 00000000 ____D C:\Users\Ben\AppData\Roaming\GetRightToGo
2013-05-23 10:55 - 2011-02-26 11:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2003
2013-05-23 10:54 - 2011-02-26 11:36 - 00000510 ____A C:\Windows\ODBC.INI
2013-05-23 10:53 - 2011-02-24 18:57 - 00000000 ____D C:\Program Files\Microsoft Office
2013-05-23 10:28 - 2013-05-23 10:27 - 186450320 ____A (Microsoft Corporation) C:\Users\Ben\Downloads\visio2010sp1-kb2460061-x64-fullfile-en-us.exe
2013-05-23 08:58 - 2011-03-12 11:16 - 00000000 ____D C:\Users\Ben\Desktop\Owner's Manuals - User's Guides Misc Products
2013-05-21 13:44 - 2013-05-21 13:44 - 00001936 ____A C:\Users\Public\Desktop\Dell DataSafe Online.lnk
2013-05-18 15:20 - 2011-04-14 13:53 - 00227328 __ASH C:\Users\Ben\Desktop\Thumbs.db
2013-05-18 12:53 - 2013-05-18 12:53 - 00000000 ____A C:\Windows\setuperr.log
2013-05-18 11:32 - 2012-06-02 11:19 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Ventrilo
2013-05-18 11:32 - 2012-05-27 07:28 - 00000000 ____D C:\Program Files (x86)\Steam
2013-05-18 11:32 - 2011-02-22 14:02 - 00000000 ____D C:\Windows\Panther
2013-05-18 11:06 - 2012-01-14 09:42 - 00000000 ____D C:\ProgramData\Symantec
2013-05-18 11:06 - 2012-01-14 09:41 - 00000000 ____D C:\ProgramData\Norton
2013-05-18 10:31 - 2012-04-24 14:04 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-18 10:31 - 2011-03-02 15:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-18 10:29 - 2013-01-12 22:39 - 00000784 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-05-18 10:28 - 2013-01-12 22:39 - 00000000 ____D C:\Program Files\CCleaner
2013-05-18 10:19 - 2013-05-18 10:19 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-05-18 10:19 - 2013-05-18 10:19 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-05-18 10:19 - 2013-05-18 10:19 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-05-18 10:19 - 2013-05-18 10:19 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-05-18 10:19 - 2012-06-22 15:18 - 01092512 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-05-18 10:19 - 2011-03-03 15:14 - 00000000 ____D C:\Program Files\Java
2013-05-18 10:19 - 2011-02-22 12:40 - 00971680 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-05-18 10:13 - 2011-03-30 08:59 - 00000000 ____D C:\Users\Ben\AppData\Local\Google
2013-05-18 10:09 - 2013-01-12 22:40 - 00000000 ____D C:\Program Files (x86)\Java
2013-05-18 10:08 - 2012-04-24 16:18 - 00000000 ____D C:\Users\Zachary\AppData\Local\Google
2013-05-18 10:03 - 2012-05-19 10:35 - 00001028 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-05-18 09:57 - 2011-09-22 12:39 - 00000000 ____D C:\Users\Ben\Documents\MailStore Home
2013-05-18 09:53 - 2011-02-24 18:57 - 00889486 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-05-18 09:51 - 2013-05-18 09:51 - 00000000 ____D C:\ProgramData\InstallMate
2013-05-18 09:46 - 2011-03-02 16:36 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-05-18 09:45 - 2013-05-18 09:45 - 00001041 ____A C:\Users\Public\Desktop\SpywareBlaster.lnk
2013-05-18 09:45 - 2013-05-18 09:45 - 00000000 ____D C:\ProgramData\Licenses
2013-05-16 08:10 - 2009-07-13 23:45 - 05032920 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-15 20:49 - 2009-07-13 21:34 - 00000566 ____A C:\Windows\win.ini
2013-05-15 20:44 - 2011-02-25 09:34 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 20:42 - 2009-07-14 00:13 - 00886270 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-14 20:38 - 2012-03-28 07:40 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-14 20:38 - 2011-06-07 11:40 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-11 17:03 - 2012-04-16 13:51 - 00000000 ____D C:\Users\Zachary\AppData\Roaming\.minecraft
2013-05-11 16:45 - 2012-06-14 13:00 - 00000000 ____D C:\Users\Zachary\AppData\Roaming\Skype
2013-05-11 16:42 - 2013-05-11 16:42 - 01912927 ____A C:\Users\Zachary\Downloads\Sonic the Hedgehog 1.0.zip
2013-05-11 16:32 - 2013-03-09 18:14 - 00265155 ____A C:\Users\Zachary\Desktop\server.log
2013-05-11 14:15 - 2013-01-27 08:55 - 00000000 ____D C:\Users\Zachary\Ftb
2013-05-11 14:14 - 2013-05-11 14:14 - 00000023 ____A C:\Users\Zachary\Desktop\HI.txt
2013-05-11 14:09 - 2012-05-19 08:05 - 00000000 ____D C:\Users\Zachary\AppData\Local\LogMeIn Hamachi
2013-05-05 15:01 - 2013-05-05 15:01 - 00030488 ____A C:\Users\Zachary\Desktop\hs_err_pid5468.log
2013-05-04 11:52 - 2013-01-27 08:55 - 00000000 ____D C:\Users\Zachary\AppData\Roaming\ftblauncher
2013-05-04 11:52 - 2012-07-10 12:22 - 00000000 ____D C:\Users\Zachary\AppData\Local\SugarSync
2013-05-04 11:51 - 2013-05-04 11:51 - 00000000 ____D C:\Users\Zachary\AppData\Roaming\Mozilla
2013-05-04 11:51 - 2013-01-27 08:55 - 00510899 ____A () C:\Users\Zachary\Desktop\FTB_Launcher.exe
2013-05-04 11:35 - 2008-01-25 14:28 - 00000000 ____D C:\Users\Ben\Documents\Resumes
2013-05-04 11:33 - 2011-04-12 14:09 - 00000000 ____D C:\Users\Ben\Documents\Right Management
2013-05-01 14:59 - 2013-05-01 14:59 - 00000614 ____A C:\Users\Ben\Desktop\start.java
2013-05-01 10:36 - 2013-05-01 10:36 - 00000000 ___SD C:\Users\Ben\Documents\My Data Sources

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-03-08 14:12

==================== End Of Log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users