Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

connection to Brenz.pl being blocked by emsisoft warning


  • This topic is locked This topic is locked
10 replies to this topic

#1 Jerhyn

Jerhyn

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas Nv
  • Local time:12:53 PM

Posted 24 January 2014 - 07:35 PM

I recently installed emsisoft from bc .

And today I started seeing connection to brenz.pl being blocked. I am glad it is being blocked, but I now need to find out how it is being run , from what program.

I ran dds scan and frst scan.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.51.2
Run by Gerald at 16:15:30 on 2014-01-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8190.5131 [GMT -8:00]
.
AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: avast! Internet Security *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: avast! Internet Security *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
FW: avast! Internet Security *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
C:\Windows\SysWOW64\XSrvSetup.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedadssvc.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2start.exe
C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
C:\Program Files\COMODO\GeekBuddy\unit.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.msn.com
uDefault_Page_URL = hxxp://www.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
BHO: PrivDog Extension: {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Kensington TrackballWorks] "C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [PrivDogService] "C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedadssvc.exe"
mRun: [Kensington TrackballWorks Helper] C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
mRun: [tvncontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files\COMODO\GeekBuddy\launcher.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1 205.171.2.226 192.168.1.1
TCP: Interfaces\{206BC1C3-4011-4F18-932F-40C32DC857D4} : DHCPNameServer = 192.168.0.1 205.171.2.226 192.168.1.1
TCP: Interfaces\{B966465A-FB7E-428F-B882-5046F0678883} : DHCPNameServer = 192.168.0.1 205.171.2.226 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll
x64-BHO: PrivDog Extension: {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
x64-Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-Run: [Classic Start Menu] "C:\Program Files\Classic Shell\ClassicStartMenu.exe" -startup
x64-IE: {2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Gerald\AppData\Roaming\Mozilla\Firefox\Profiles\t6gpjc7v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=user_activity&mid=840155
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2011-4-14 235312]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-1-23 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-1-23 207904]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2014-1-23 26176]
R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2014-1-23 45208]
R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2014-1-23 17384]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-4-14 21544]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2014-1-23 28184]
R1 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2014-1-23 440672]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-1-23 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-1-23 421704]
R1 CFRMD;CFRMD;C:\Windows\System32\drivers\CFRMD.sys [2013-5-6 37976]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-9-24 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-11-14 709144]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-9-24 48872]
R1 HMD;COMODO livePCsupport Hardware Monitor Driver;C:\Windows\System32\drivers\hmd.sys [2013-10-6 14888]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2014-1-23 4161512]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-12-15 122880]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-1-23 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-1-23 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-1-23 113704]
R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2014-1-20 70352]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2014-1-8 2098880]
R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2011-4-14 68136]
R2 GeekBuddyRSP;GeekBuddyRSP Server;C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2014-1-20 2327248]
R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2011-4-14 72280]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-16 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-16 701512]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-12-19 1153368]
R2 SDLService;SDLService;C:\Program Files (x86)\Realtek\Smart Dual Lan\SDLService.exe [2011-4-14 88064]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-13 378984]
R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2014-1-23 70960]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-1-23 80184]
R3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2014-1-23 57024]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-16 25928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-11-18 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-11-20 181248]
R3 rtkio;rtkio;C:\Program Files (x86)\Realtek\Smart Dual Lan\rtkio.sys [2011-4-14 17392]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-14 349800]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 tbwkern;Kensington TrackballWorks driver;C:\Windows\System32\drivers\tbwkern.sys [2011-6-13 32848]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-4-14 38456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-9-24 164056]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-4-14 30528]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-16 111616]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-1 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2014-01-24 22:21:22    --------    d-----w-    C:\Program Files (x86)\Common Files\COMODO
2014-01-23 22:59:00    --------    d-----w-    C:\Users\Gerald\AppData\Roaming\Comodo
2014-01-23 22:24:21    --------    d-----w-    C:\Program Files (x86)\Emsisoft Anti-Malware
2014-01-23 22:03:43    --------    d-----w-    C:\AdwCleaner
2014-01-23 20:04:16    --------    d-----w-    C:\ProgramData\SUPERSetup
2014-01-23 19:29:46    --------    d-----w-    C:\Windows\SysWow64\Adobe
2014-01-23 19:27:28    28184    ----a-w-    C:\Windows\System32\drivers\aswKbd.sys
2014-01-23 19:27:24    440672    ----a-w-    C:\Windows\System32\drivers\aswNdisFlt.sys
2014-01-23 18:43:50    --------    d-----w-    C:\Users\Gerald\AppData\Roaming\AVAST Software
2014-01-23 18:42:50    80184    ----a-w-    C:\Windows\System32\drivers\aswStm.sys
2014-01-23 18:42:49    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-01-23 18:42:49    207904    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-01-23 18:42:48    78648    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-01-23 18:42:48    1038072    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2014-01-23 18:42:47    92544    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-01-23 18:42:38    43152    ----a-w-    C:\Windows\avastSS.scr
2014-01-23 18:42:22    --------    d-----w-    C:\Program Files\AVAST Software
2014-01-22 02:42:08    10315576    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{916753FB-F91A-4077-A2C8-EBE5352C3965}\mpengine.dll
2014-01-21 00:53:56    --------    d-----w-    C:\Program Files\HitmanPro
2014-01-21 00:52:23    --------    d-----w-    C:\ProgramData\HitmanPro
2014-01-20 23:25:55    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-15 16:25:27    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 16:25:27    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2014-01-15 16:25:27    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2014-01-15 16:25:27    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2014-01-15 16:25:27    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2014-01-15 16:25:27    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 16:25:27    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2014-01-15 16:25:26    376768    ----a-w-    C:\Windows\System32\drivers\netio.sys
2014-01-15 16:25:26    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-01-09 18:35:25    1700352    ----a-w-    C:\Windows\SysWow64\gdiplus.dll
2014-01-09 18:35:25    1060864    ----a-w-    C:\Windows\SysWow64\mfc71.dll
2014-01-07 22:16:30    353864    ----a-w-    C:\Windows\SysWow64\msvcr71.dll
2014-01-02 23:54:02    50063360    ----a-w-    C:\Program Files (x86)\GUTBDB4.tmp
2014-01-02 23:54:02    --------    d-----w-    C:\Program Files (x86)\GUMBDA3.tmp
.
==================== Find3M  ====================
.
2014-01-24 19:09:19    25640    ----a-w-    C:\Windows\gdrv.sys
2014-01-23 22:02:23    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-23 22:02:23    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-09 18:35:41    57096    ----a-w-    C:\Windows\System32\certsentry.dll
2014-01-09 18:35:41    48392    ----a-w-    C:\Windows\SysWow64\certsentry.dll
2013-12-18 14:13:56    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2013-12-13 19:22:48    878080    ----a-w-    C:\Windows\System32\advapi32.dll
2013-12-13 19:20:36    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-13 19:19:15    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2013-12-13 19:19:15    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-14 19:38:18    709144    ----a-w-    C:\Windows\System32\drivers\cmdguard.sys
2013-11-14 19:38:02    43216    ----a-w-    C:\Windows\System32\cmdcsr.dll
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
.
============= FINISH: 16:16:19.74 ===============
 

 

==============================================================

FRST SCAN

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2014
Ran by Gerald (administrator) on USER-PC on 24-01-2014 15:34:36
Running from C:\Users\Gerald\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Realtek\Smart Dual Lan\SDLService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Kensington) C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe
(Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(AdTrustMedia) C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedadssvc.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe [1783296 2006-07-22] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] - "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1612504 2013-11-11] (COMODO)
HKLM\...\Run: [Classic Start Menu] - C:\Program Files\Classic Shell\ClassicStartMenu.exe [152576 2013-10-20] (IvoSoft)
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [PrivDogService] - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedadssvc.exe [525480 2013-12-13] (AdTrustMedia)
HKLM-x32\...\Run: [Kensington TrackballWorks Helper] - C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [504320 2011-08-24] (Kensington)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-23] (AVAST Software)
HKLM-x32\...\Run: [emsisoft anti-malware] - c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4329408 2013-12-04] (Emsisoft GmbH)
HKLM-x32\...\Run: [tvncontrol] - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-01-20] (Comodo Security Solutions, Inc.)
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\powerreg schedulerv2.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\powerreg schedulerv2.exe <====== ATTENTION
HKCU\...\Run: [Kensington TrackballWorks] - C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [504320 2011-08-24] (Kensington)
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-23] (SUPERAntiSpyware)
HKCU\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [455744 2013-12-09] (BillP Studios)
MountPoints2: {1dfb6fe0-66eb-11e0-aa4c-806e6f6e6963} - D:\Setup.exe
HKU\User\...\Run: [ISUSPM Startup] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\User\...\Run: [Kensington TrackballWorks] - C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [504320 2011-08-24] (Kensington)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll (AdTrustMedia)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
BHO-x32: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll (AdTrustMedia)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Gerald\AppData\Roaming\Mozilla\Firefox\Profiles\t6gpjc7v.default
FF Homepage: hxxp://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=user_activity&mid=840155
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Malware Search - C:\Users\Gerald\AppData\Roaming\Mozilla\Firefox\Profiles\t6gpjc7v.default\Extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi [2014-01-01]
FF Extension: BBCodeXtra - C:\Users\Gerald\AppData\Roaming\Mozilla\Firefox\Profiles\t6gpjc7v.default\Extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}.xpi [2013-12-14]
FF Extension: CoLT - C:\Users\Gerald\AppData\Roaming\Mozilla\Firefox\Profiles\t6gpjc7v.default\Extensions\{e6c4c3ef-3d4d-42d6-8283-8da73c53a283}.xpi [2013-12-27]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-23]

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Gerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-23]
CHR Extension: (Google Drive) - C:\Users\Gerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-23]
CHR Extension: (YouTube) - C:\Users\Gerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-23]
CHR Extension: (PrivDog) - C:\Users\Gerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja [2014-01-23]
CHR Extension: (Google Search) - C:\Users\Gerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-23]
CHR Extension: (avast! Online Security) - C:\Users\Gerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-23]
CHR Extension: (RealPlayer Downloader) - C:\Users\Gerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-01-23]
CHR Extension: (Google Wallet) - C:\Users\Gerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-23]
CHR Extension: (Gmail) - C:\Users\Gerald\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-23]
CHR HKLM-x32\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Program Files (x86)\AdTrustMedia\PrivDog\PrivDog_chrome.crx [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-23]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4161512 2013-12-04] (Emsisoft GmbH)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-23] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-01-23] (AVAST Software)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2014-01-20] (Comodo Security Solutions, Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6254152 2013-10-20] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [164056 2013-09-24] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2098880 2014-01-08] ()
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-01-20] (Comodo Security Solutions, Inc.)
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72280 2010-09-07] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SDLService; C:\Program Files (x86)\Realtek\Smart Dual Lan\SDLService.exe [88064 2010-02-23] ()

==================== Drivers (Whitelisted) ====================

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [70960 2013-08-24] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [17384 2013-03-28] (Emsisoft GmbH)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-01-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-23] (AVAST Software)
R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [440672 2014-01-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-23] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-23] ()
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2013-05-06] (Windows ® Win 7 DDK provider)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-09-24] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [709144 2013-11-14] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48872 2013-09-24] (COMODO)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2011-04-14] ()
R1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [14888 2013-10-06] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-09-24] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 rtkio; C:\Program Files (x86)\Realtek\Smart Dual Lan\rtkio.sys [17392 2010-01-20] (Windows ® Codename Longhorn DDK provider)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 tbwkern; C:\Windows\System32\DRIVERS\tbwkern.sys [32848 2011-06-13] ()
S3 KMW_KBD; System32\DRIVERS\KMW_KBD.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-24 15:34 - 2014-01-24 15:34 - 00033511 _____ C:\Users\Gerald\Desktop\FRST.txt
2014-01-24 13:00 - 2014-01-24 13:01 - 00000111 ____H C:\Users\Gerald\Desktop\.~lock.junior2 flags.odt#
2014-01-24 12:50 - 2014-01-24 12:53 - 00000000 ____D C:\Users\Gerald\Desktop\tdsskiller
2014-01-24 12:48 - 2014-01-24 12:48 - 02218636 _____ C:\Users\Gerald\Desktop\tdsskiller.zip
2014-01-24 11:12 - 2014-01-24 11:12 - 00000111 ____H C:\Users\Gerald\Desktop\.~lock.OTL NOTES.odt#
2014-01-23 18:11 - 2014-01-23 18:11 - 00054587 _____ C:\Users\Gerald\Desktop\OTL NOTES.odt
2014-01-23 14:59 - 2014-01-23 14:59 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Comodo
2014-01-23 14:24 - 2014-01-24 15:13 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2014-01-23 14:24 - 2014-01-23 14:24 - 00001091 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-01-23 14:24 - 2014-01-23 14:24 - 00000000 ____D C:\Users\Gerald\Documents\Anti-Malware
2014-01-23 14:03 - 2014-01-23 14:07 - 00000000 ____D C:\AdwCleaner
2014-01-23 13:25 - 2014-01-07 19:36 - 01037068 _____ (Thisisu) C:\Users\Gerald\Desktop\JRT_NEW.exe
2014-01-23 12:45 - 2014-01-23 12:45 - 00003132 _____ C:\Windows\System32\Tasks\{D99BEA32-6DB1-4971-9980-7DBF4A0C9ADA}
2014-01-23 12:41 - 2014-01-23 12:41 - 00100232 _____ C:\Users\Gerald\Desktop\OTLjan23suspectsd.Txt
2014-01-23 12:04 - 2014-01-23 12:04 - 00000000 ____D C:\ProgramData\SUPERSetup
2014-01-23 11:29 - 2014-01-23 11:30 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2014-01-23 11:27 - 2014-01-23 11:27 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-01-23 11:27 - 2014-01-23 11:27 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-01-23 11:27 - 2014-01-23 11:27 - 00002032 _____ C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-01-23 11:27 - 2014-01-23 11:27 - 00001972 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-01-23 10:43 - 2014-01-24 11:10 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-23 10:43 - 2014-01-23 10:43 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\AVAST Software
2014-01-23 10:42 - 2014-01-23 10:42 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-23 10:42 - 2014-01-23 10:42 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-23 10:42 - 2014-01-23 10:42 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-23 10:42 - 2014-01-23 10:42 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-23 10:42 - 2014-01-23 10:42 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-23 10:42 - 2014-01-23 10:42 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-01-23 10:42 - 2014-01-23 10:42 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-23 10:42 - 2014-01-23 10:42 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-23 10:42 - 2014-01-23 10:42 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-23 10:42 - 2014-01-23 10:42 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-21 15:13 - 2014-01-21 15:13 - 00000207 _____ C:\Users\Gerald\Desktop\Home - Welcome to CenturyLink.URL
2014-01-20 16:53 - 2014-01-20 16:53 - 00001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2014-01-20 16:53 - 2014-01-20 16:53 - 00000000 ____D C:\Program Files\HitmanPro
2014-01-20 16:52 - 2014-01-20 16:58 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-20 16:43 - 2014-01-20 16:43 - 00000000 _____ C:\Users\Gerald\Desktop\HitmanPro_x64.exe
2014-01-20 15:43 - 2014-01-20 15:43 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Oracle
2014-01-20 15:26 - 2014-01-20 15:25 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-20 15:25 - 2014-01-20 15:25 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-20 15:25 - 2014-01-20 15:25 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-20 15:25 - 2014-01-20 15:25 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-20 15:25 - 2014-01-20 15:25 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-20 11:24 - 2014-01-23 11:52 - 00003340 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-657677473-2543407536-2734120807-1003
2014-01-17 09:14 - 2014-01-24 12:29 - 00000000 ____D C:\Users\Gerald\Desktop\CANNED
2014-01-16 15:51 - 2014-01-16 15:51 - 00020796 _____ C:\Users\Gerald\Desktop\Jr2 first cut.odt
2014-01-15 13:38 - 2014-01-15 13:38 - 00015897 _____ C:\Users\Gerald\Desktop\jr2 wed.odt
2014-01-15 13:01 - 2014-01-16 13:25 - 00010948 _____ C:\Users\Gerald\Desktop\response to reg1.odt
2014-01-15 09:44 - 2014-01-15 11:18 - 00013661 _____ C:\Users\Gerald\Desktop\OTL FIX GUIDE.odt
2014-01-15 08:25 - 2013-11-26 17:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 08:25 - 2013-11-26 17:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 08:25 - 2013-11-26 17:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 08:25 - 2013-11-26 17:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 08:25 - 2013-11-26 17:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 08:25 - 2013-11-26 17:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 08:25 - 2013-11-26 17:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 08:25 - 2013-11-26 03:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 08:25 - 2013-11-26 02:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 15:49 - 2014-01-14 16:13 - 00022500 _____ C:\Users\Gerald\Desktop\Jr 2 tuesday.odt
2014-01-14 12:16 - 2014-01-14 12:16 - 00005175 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-13 19:08 - 2014-01-14 12:20 - 00017448 _____ C:\Users\Gerald\Desktop\Thyroid chart.odt
2014-01-12 11:19 - 2014-01-13 14:24 - 00023153 _____ C:\Users\Gerald\Desktop\searched 1.odt
2014-01-11 15:06 - 2014-01-12 17:44 - 00027629 _____ C:\Users\Gerald\Desktop\jr reply saturday.odt
2014-01-11 12:55 - 2014-01-11 12:55 - 00022133 _____ C:\Users\Gerald\Desktop\jr last reply.odt
2014-01-10 18:04 - 2014-01-10 18:04 - 00008706 _____ C:\Users\Gerald\Desktop\thyroid doc.odt
2014-01-10 13:43 - 2014-01-10 16:19 - 00020497 _____ C:\Users\Gerald\Desktop\jr2 3rd reply.odt
2014-01-09 13:52 - 2014-01-09 13:52 - 00021510 _____ C:\Users\Gerald\Desktop\Eruntrestore.odt
2014-01-09 13:42 - 2014-01-09 13:43 - 00000000 ____D C:\Program Files (x86)\ERUNT
2014-01-09 13:42 - 2014-01-09 13:42 - 00000924 _____ C:\Users\User\Desktop\NTREGOPT.lnk
2014-01-09 13:42 - 2014-01-09 13:42 - 00000924 _____ C:\Users\Gerald\Desktop\NTREGOPT.lnk
2014-01-09 13:42 - 2014-01-09 13:42 - 00000905 _____ C:\Users\User\Desktop\ERUNT.lnk
2014-01-09 13:42 - 2014-01-09 13:42 - 00000905 _____ C:\Users\Gerald\Desktop\ERUNT.lnk
2014-01-09 10:35 - 2014-01-09 10:35 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2014-01-09 10:35 - 2014-01-09 10:35 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2014-01-08 14:54 - 2014-01-08 14:54 - 00018468 _____ C:\Users\Gerald\Desktop\jr2newest.odt
2014-01-07 15:41 - 2014-01-07 15:45 - 00000000 ____D C:\Users\Gerald\Desktop\EAGLES
2014-01-07 14:24 - 2014-01-23 11:52 - 00003208 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-657677473-2543407536-2734120807-1003
2014-01-07 14:16 - 2014-01-23 12:11 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Real
2014-01-07 14:16 - 2014-01-23 12:11 - 00000000 ____D C:\Program Files (x86)\Real
2014-01-07 14:16 - 2014-01-07 14:16 - 00353864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-01-07 14:14 - 2014-01-23 12:11 - 00000000 ____D C:\ProgramData\Real
2014-01-05 12:03 - 2014-01-05 12:27 - 00092018 _____ C:\Users\Gerald\Desktop\reg 1, 2.odt
2014-01-03 15:32 - 2014-01-03 15:32 - 00019716 _____ C:\Users\Gerald\Desktop\jr2temp.odt
2014-01-03 13:36 - 2014-01-03 13:36 - 00020461 _____ C:\Users\Gerald\Desktop\Jr#2 newlist2.odt
2014-01-03 12:56 - 2014-01-03 12:56 - 00016306 _____ C:\Users\Gerald\Desktop\new lookup.odt
2014-01-03 12:26 - 2014-01-04 15:29 - 00015567 _____ C:\Users\Gerald\Desktop\Calendar.ods
2014-01-03 12:08 - 2014-01-03 12:09 - 00014415 _____ C:\Users\Gerald\Desktop\Meds.odt
2014-01-02 15:54 - 2014-01-02 15:54 - 50063360 _____ C:\Program Files (x86)\GUTBDB4.tmp
2014-01-02 15:54 - 2014-01-02 15:54 - 00000000 ____D C:\Program Files (x86)\GUMBDA3.tmp
2014-01-02 10:22 - 2014-01-02 10:40 - 00030633 _____ C:\Users\Gerald\Desktop\Jr2 pink adds.odt
2013-12-31 15:42 - 2014-01-03 15:32 - 00022536 _____ C:\Users\Gerald\Desktop\Jr2.odt
2013-12-30 15:19 - 2013-12-30 16:00 - 00019722 _____ C:\Users\Gerald\Desktop\reply jr2.odt
2013-12-28 19:06 - 2013-12-28 19:06 - 226791476 _____ C:\Users\Gerald\Desktop\regtest.reg
2013-12-28 14:38 - 2013-12-28 14:38 - 00027084 _____ C:\Users\Gerald\Desktop\RESTORE UNBOOTABLE XP.odt
2013-12-28 13:36 - 2013-12-29 17:47 - 00024596 _____ C:\Users\Gerald\Desktop\REGISTRY1.odt
2013-12-28 12:13 - 2013-12-28 12:40 - 00000000 ____D C:\Users\User\AppData\Roaming\ClassicShell
2013-12-28 12:11 - 2013-12-28 12:11 - 00000000 ___RD C:\Users\User\Virtual Machines
2013-12-28 12:11 - 2013-12-28 12:11 - 00000000 ____D C:\Users\User\AppData\Roaming\Kensington
2013-12-27 11:43 - 2014-01-14 15:24 - 00033256 _____ C:\Users\Gerald\Desktop\junior2 flags.odt
2013-12-26 13:17 - 2014-01-19 15:19 - 00018144 _____ C:\Users\Gerald\Desktop\PL CHECKLIST.odt
2013-12-26 12:56 - 2013-12-26 12:56 - 00024349 _____ C:\Users\Gerald\Desktop\Junior 1 flags.odt
2013-12-25 13:43 - 2013-12-25 13:43 - 00000000 ____D C:\Program Files (x86)\Cisco Systems
2013-12-25 13:40 - 2013-12-25 13:40 - 00000000 ____D C:\ProgramData\Cisco Systems
2013-12-25 13:02 - 2013-12-25 13:02 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\WinPatrol
2013-12-25 13:02 - 2013-12-25 13:02 - 00000000 ____D C:\Program Files (x86)\BillP Studios

==================== One Month Modified Files and Folders =======

2014-01-24 15:34 - 2014-01-24 15:34 - 00033511 _____ C:\Users\Gerald\Desktop\FRST.txt
2014-01-24 15:32 - 2013-12-15 12:14 - 00000000 ____D C:\Users\Gerald\Desktop\FRST-OlderVersion
2014-01-24 15:32 - 2013-12-12 15:25 - 02077696 _____ (Farbar) C:\Users\Gerald\Desktop\FRST64.exe
2014-01-24 15:32 - 2013-12-11 17:10 - 00000000 ____D C:\FRST
2014-01-24 15:31 - 2013-12-14 13:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-24 15:17 - 2013-12-15 09:31 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\ClassicShell
2014-01-24 15:17 - 2013-12-12 10:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-24 15:13 - 2014-01-23 14:24 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2014-01-24 14:21 - 2013-12-11 11:58 - 00002013 _____ C:\Users\Public\Desktop\GeekBuddy.lnk
2014-01-24 13:31 - 2013-12-14 13:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-24 13:08 - 2011-04-14 14:46 - 01484785 _____ C:\Windows\WindowsUpdate.log
2014-01-24 13:01 - 2014-01-24 13:00 - 00000111 ____H C:\Users\Gerald\Desktop\.~lock.junior2 flags.odt#
2014-01-24 12:53 - 2014-01-24 12:50 - 00000000 ____D C:\Users\Gerald\Desktop\tdsskiller
2014-01-24 12:48 - 2014-01-24 12:48 - 02218636 _____ C:\Users\Gerald\Desktop\tdsskiller.zip
2014-01-24 12:29 - 2014-01-17 09:14 - 00000000 ____D C:\Users\Gerald\Desktop\CANNED
2014-01-24 11:17 - 2009-07-13 20:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-24 11:17 - 2009-07-13 20:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-24 11:12 - 2014-01-24 11:12 - 00000111 ____H C:\Users\Gerald\Desktop\.~lock.OTL NOTES.odt#
2014-01-24 11:10 - 2014-01-23 10:43 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-24 11:09 - 2011-04-14 15:08 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-01-24 11:09 - 2011-04-14 15:05 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-24 11:09 - 2011-04-14 14:51 - 00000144 _____ C:\service.log
2014-01-24 11:09 - 2011-03-01 16:44 - 00020344 _____ C:\Windows\setupact.log
2014-01-24 11:09 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-23 18:11 - 2014-01-23 18:11 - 00054587 _____ C:\Users\Gerald\Desktop\OTL NOTES.odt
2014-01-23 15:03 - 2013-12-12 14:54 - 00192886 _____ C:\Windows\system32\Drivers\fvstore.dat
2014-01-23 14:59 - 2014-01-23 14:59 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Comodo
2014-01-23 14:59 - 2013-12-11 11:58 - 00000000 ____D C:\ProgramData\COMODO
2014-01-23 14:51 - 2011-04-18 17:48 - 00000000 ___RD C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-23 14:24 - 2014-01-23 14:24 - 00001091 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-01-23 14:24 - 2014-01-23 14:24 - 00000000 ____D C:\Users\Gerald\Documents\Anti-Malware
2014-01-23 14:07 - 2014-01-23 14:03 - 00000000 ____D C:\AdwCleaner
2014-01-23 14:02 - 2013-12-12 10:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-23 14:02 - 2013-12-12 10:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-23 14:02 - 2013-12-12 10:07 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-23 13:41 - 2013-12-16 21:20 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-23 13:41 - 2013-12-16 21:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-23 13:38 - 2013-12-11 16:19 - 00000000 ____D C:\Users\Gerald\Desktop\ANTIVIRUS
2014-01-23 13:11 - 2013-12-12 11:07 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2014-01-23 13:08 - 2013-12-11 12:56 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-23 12:45 - 2014-01-23 12:45 - 00003132 _____ C:\Windows\System32\Tasks\{D99BEA32-6DB1-4971-9980-7DBF4A0C9ADA}
2014-01-23 12:41 - 2014-01-23 12:41 - 00100232 _____ C:\Users\Gerald\Desktop\OTLjan23suspectsd.Txt
2014-01-23 12:11 - 2014-01-07 14:16 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Real
2014-01-23 12:11 - 2014-01-07 14:16 - 00000000 ____D C:\Program Files (x86)\Real
2014-01-23 12:11 - 2014-01-07 14:14 - 00000000 ____D C:\ProgramData\Real
2014-01-23 12:04 - 2014-01-23 12:04 - 00000000 ____D C:\ProgramData\SUPERSetup
2014-01-23 11:52 - 2014-01-20 11:24 - 00003340 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-657677473-2543407536-2734120807-1003
2014-01-23 11:52 - 2014-01-07 14:24 - 00003208 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-657677473-2543407536-2734120807-1003
2014-01-23 11:36 - 2013-12-11 12:56 - 00000000 ____D C:\Users\Gerald\AppData\Local\Google
2014-01-23 11:33 - 2010-11-20 19:47 - 00598934 _____ C:\Windows\PFRO.log
2014-01-23 11:30 - 2014-01-23 11:29 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2014-01-23 11:27 - 2014-01-23 11:27 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-01-23 11:27 - 2014-01-23 11:27 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-01-23 11:27 - 2014-01-23 11:27 - 00002032 _____ C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-01-23 11:27 - 2014-01-23 11:27 - 00001972 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-01-23 10:58 - 2013-12-19 16:00 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-23 10:43 - 2014-01-23 10:43 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\AVAST Software
2014-01-23 10:42 - 2014-01-23 10:42 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-23 10:42 - 2014-01-23 10:42 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-23 10:42 - 2014-01-23 10:42 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-23 10:42 - 2014-01-23 10:42 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-23 10:42 - 2014-01-23 10:42 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-23 10:42 - 2014-01-23 10:42 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-01-23 10:42 - 2014-01-23 10:42 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-23 10:42 - 2014-01-23 10:42 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-23 10:42 - 2014-01-23 10:42 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-23 10:42 - 2014-01-23 10:42 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-23 10:41 - 2013-12-11 12:55 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-21 15:13 - 2014-01-21 15:13 - 00000207 _____ C:\Users\Gerald\Desktop\Home - Welcome to CenturyLink.URL
2014-01-21 15:12 - 2013-12-18 16:19 - 00015589 _____ C:\Users\Gerald\Desktop\med list.odt
2014-01-21 15:01 - 2013-12-11 16:54 - 00000000 ____D C:\Users\Gerald\AppData\Local\Adobe
2014-01-20 16:58 - 2014-01-20 16:52 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-20 16:53 - 2014-01-20 16:53 - 00001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2014-01-20 16:53 - 2014-01-20 16:53 - 00000000 ____D C:\Program Files\HitmanPro
2014-01-20 16:43 - 2014-01-20 16:43 - 00000000 _____ C:\Users\Gerald\Desktop\HitmanPro_x64.exe
2014-01-20 15:43 - 2014-01-20 15:43 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\Oracle
2014-01-20 15:26 - 2013-12-12 10:19 - 00000000 ____D C:\ProgramData\Oracle
2014-01-20 15:25 - 2014-01-20 15:26 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-20 15:25 - 2014-01-20 15:25 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-20 15:25 - 2014-01-20 15:25 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-20 15:25 - 2014-01-20 15:25 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-20 15:25 - 2014-01-20 15:25 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-19 18:10 - 2013-12-22 19:22 - 00017700 _____ C:\Users\Gerald\Desktop\Example of a correct fix.odt
2014-01-19 15:19 - 2013-12-26 13:17 - 00018144 _____ C:\Users\Gerald\Desktop\PL CHECKLIST.odt
2014-01-17 09:51 - 2011-04-18 17:48 - 00000000 ___RD C:\Users\Gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-16 15:51 - 2014-01-16 15:51 - 00020796 _____ C:\Users\Gerald\Desktop\Jr2 first cut.odt
2014-01-16 13:25 - 2014-01-15 13:01 - 00010948 _____ C:\Users\Gerald\Desktop\response to reg1.odt
2014-01-15 18:58 - 2009-07-13 20:45 - 00300568 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 14:02 - 2013-12-16 17:50 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 14:00 - 2013-12-16 17:50 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 13:38 - 2014-01-15 13:38 - 00015897 _____ C:\Users\Gerald\Desktop\jr2 wed.odt
2014-01-15 11:18 - 2014-01-15 09:44 - 00013661 _____ C:\Users\Gerald\Desktop\OTL FIX GUIDE.odt
2014-01-14 16:13 - 2014-01-14 15:49 - 00022500 _____ C:\Users\Gerald\Desktop\Jr 2 tuesday.odt
2014-01-14 15:24 - 2013-12-27 11:43 - 00033256 _____ C:\Users\Gerald\Desktop\junior2 flags.odt
2014-01-14 12:20 - 2014-01-13 19:08 - 00017448 _____ C:\Users\Gerald\Desktop\Thyroid chart.odt
2014-01-14 12:16 - 2014-01-14 12:16 - 00005175 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-13 14:24 - 2014-01-12 11:19 - 00023153 _____ C:\Users\Gerald\Desktop\searched 1.odt
2014-01-12 17:44 - 2014-01-11 15:06 - 00027629 _____ C:\Users\Gerald\Desktop\jr reply saturday.odt
2014-01-11 12:55 - 2014-01-11 12:55 - 00022133 _____ C:\Users\Gerald\Desktop\jr last reply.odt
2014-01-10 18:04 - 2014-01-10 18:04 - 00008706 _____ C:\Users\Gerald\Desktop\thyroid doc.odt
2014-01-10 16:19 - 2014-01-10 13:43 - 00020497 _____ C:\Users\Gerald\Desktop\jr2 3rd reply.odt
2014-01-09 13:52 - 2014-01-09 13:52 - 00021510 _____ C:\Users\Gerald\Desktop\Eruntrestore.odt
2014-01-09 13:43 - 2014-01-09 13:42 - 00000000 ____D C:\Program Files (x86)\ERUNT
2014-01-09 13:42 - 2014-01-09 13:42 - 00000924 _____ C:\Users\User\Desktop\NTREGOPT.lnk
2014-01-09 13:42 - 2014-01-09 13:42 - 00000924 _____ C:\Users\Gerald\Desktop\NTREGOPT.lnk
2014-01-09 13:42 - 2014-01-09 13:42 - 00000905 _____ C:\Users\User\Desktop\ERUNT.lnk
2014-01-09 13:42 - 2014-01-09 13:42 - 00000905 _____ C:\Users\Gerald\Desktop\ERUNT.lnk
2014-01-09 10:35 - 2014-01-09 10:35 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2014-01-09 10:35 - 2014-01-09 10:35 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2014-01-09 10:35 - 2013-12-11 11:57 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2014-01-09 10:35 - 2013-12-11 11:57 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2014-01-09 10:35 - 2013-12-11 11:57 - 00000000 ____D C:\Program Files (x86)\Comodo
2014-01-08 14:54 - 2014-01-08 14:54 - 00018468 _____ C:\Users\Gerald\Desktop\jr2newest.odt
2014-01-07 19:36 - 2014-01-23 13:25 - 01037068 _____ (Thisisu) C:\Users\Gerald\Desktop\JRT_NEW.exe
2014-01-07 15:45 - 2014-01-07 15:41 - 00000000 ____D C:\Users\Gerald\Desktop\EAGLES
2014-01-07 14:16 - 2014-01-07 14:16 - 00353864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-01-05 12:27 - 2014-01-05 12:03 - 00092018 _____ C:\Users\Gerald\Desktop\reg 1, 2.odt
2014-01-04 15:29 - 2014-01-03 12:26 - 00015567 _____ C:\Users\Gerald\Desktop\Calendar.ods
2014-01-04 14:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-03 15:32 - 2014-01-03 15:32 - 00019716 _____ C:\Users\Gerald\Desktop\jr2temp.odt
2014-01-03 15:32 - 2013-12-31 15:42 - 00022536 _____ C:\Users\Gerald\Desktop\Jr2.odt
2014-01-03 13:36 - 2014-01-03 13:36 - 00020461 _____ C:\Users\Gerald\Desktop\Jr#2 newlist2.odt
2014-01-03 12:56 - 2014-01-03 12:56 - 00016306 _____ C:\Users\Gerald\Desktop\new lookup.odt
2014-01-03 12:32 - 2009-07-13 21:13 - 00795448 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-03 12:09 - 2014-01-03 12:08 - 00014415 _____ C:\Users\Gerald\Desktop\Meds.odt
2014-01-02 15:54 - 2014-01-02 15:54 - 50063360 _____ C:\Program Files (x86)\GUTBDB4.tmp
2014-01-02 15:54 - 2014-01-02 15:54 - 00000000 ____D C:\Program Files (x86)\GUMBDA3.tmp
2014-01-02 10:40 - 2014-01-02 10:22 - 00030633 _____ C:\Users\Gerald\Desktop\Jr2 pink adds.odt
2013-12-30 16:00 - 2013-12-30 15:19 - 00019722 _____ C:\Users\Gerald\Desktop\reply jr2.odt
2013-12-29 17:47 - 2013-12-28 13:36 - 00024596 _____ C:\Users\Gerald\Desktop\REGISTRY1.odt
2013-12-28 19:06 - 2013-12-28 19:06 - 226791476 _____ C:\Users\Gerald\Desktop\regtest.reg
2013-12-28 14:38 - 2013-12-28 14:38 - 00027084 _____ C:\Users\Gerald\Desktop\RESTORE UNBOOTABLE XP.odt
2013-12-28 12:40 - 2013-12-28 12:13 - 00000000 ____D C:\Users\User\AppData\Roaming\ClassicShell
2013-12-28 12:11 - 2013-12-28 12:11 - 00000000 ___RD C:\Users\User\Virtual Machines
2013-12-28 12:11 - 2013-12-28 12:11 - 00000000 ____D C:\Users\User\AppData\Roaming\Kensington
2013-12-28 12:11 - 2011-04-14 15:13 - 00066256 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-28 12:11 - 2011-04-14 14:44 - 00001413 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-28 12:11 - 2011-04-14 14:44 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-28 12:11 - 2011-04-14 14:44 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-26 13:55 - 2013-12-16 18:38 - 00000000 ___RD C:\Users\Gerald\Virtual Machines
2013-12-26 12:56 - 2013-12-26 12:56 - 00024349 _____ C:\Users\Gerald\Desktop\Junior 1 flags.odt
2013-12-25 13:43 - 2013-12-25 13:43 - 00000000 ____D C:\Program Files (x86)\Cisco Systems
2013-12-25 13:40 - 2013-12-25 13:40 - 00000000 ____D C:\ProgramData\Cisco Systems
2013-12-25 13:02 - 2013-12-25 13:02 - 00000000 ____D C:\Users\Gerald\AppData\Roaming\WinPatrol
2013-12-25 13:02 - 2013-12-25 13:02 - 00000000 ____D C:\Program Files (x86)\BillP Studios

Some content of TEMP:
====================
C:\Users\Gerald\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Gerald\AppData\Local\Temp\lowproc.exe
C:\Users\Gerald\AppData\Local\Temp\Quarantine.exe
C:\Users\Gerald\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\Gerald\AppData\Local\Temp\stubhelper.dll
C:\Users\Gerald\AppData\Local\Temp\swt-win32-3349.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-24 14:54

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:53 PM

Posted 25 January 2014 - 11:24 PM

Greetings Jerry and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Based on the information contained in the logs you have already provided I would like your to consider and perform the following steps for me please.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove all but one of the Antivirus programs currently on your computer, even if only one is running. You can do this via Add/Remove Programs, or Programs and Features in the Control Panel.
 

Emsisoft Anti-Malware
avast! Internet Security


===================================================

Spybot S&D No Longer Recommended

--------------------

MVPS.org is no longer recommending Spybot S&D due to poor testing results. (scroll down on the web site and read under Freeware Antispyware Products)

I strongly recommend uninstalling Spybot Search & Destroy. The presence of this program can make cleaning your computer more difficult.

If you choose to uninstall please go to Start, Control Panel, Add/Remove Programs (or Programs and Features) and uninstall the program.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM-x32\...\Run: [PrivDogService] - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedadssvc.exe [525480 2013-12-13] (AdTrustMedia)
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedadssvc.exe
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\powerreg schedulerv2.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\powerreg schedulerv2.exe <====== ATTENTION
MountPoints2: {1dfb6fe0-66eb-11e0-aa4c-806e6f6e6963} - D:\Setup.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll (AdTrustMedia)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll (AdTrustMedia)
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
2014-01-02 15:54 - 2014-01-02 15:54 - 50063360 _____ C:\Program Files (x86)\GUTBDB4.tmp
2014-01-02 15:54 - 2014-01-02 15:54 - 00000000 ____D C:\Program Files (x86)\GUMBDA3.tmp
C:\Users\Gerald\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Gerald\AppData\Local\Temp\lowproc.exe
C:\Users\Gerald\AppData\Local\Temp\Quarantine.exe
C:\Users\Gerald\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\Gerald\AppData\Local\Temp\stubhelper.dll
C:\Users\Gerald\AppData\Local\Temp\swt-win32-3349.dll
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 Jerhyn

Jerhyn
  • Topic Starter

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas Nv
  • Local time:12:53 PM

Posted 26 January 2014 - 04:51 PM

I found a post where cryptoprevent had been run and the changes to the Hklm Group Policy had come from cryptoprevent.

Is this the case here ?

 

The only issue I can see on reboot is that my kensington trackball has been reset or needs to be reinstalled, I had a little trouble with the software when I installed win7, and my original kensington install disk would not cooperate. I think I remember using the 76trackball driver from Bc download.

 

Here is a snip from dds on the Fw, Av installs

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.51.2
Run by Gerald at 13:43:29 on 2014-01-26
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8190.6048 [GMT -8:00]
.
AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-01-2014 02
Ran by Gerald at 2014-01-26 12:42:34 Run:1
Running from C:\Users\Gerald\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [PrivDogService] - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedadssvc.exe [525480 2013-12-13] (AdTrustMedia)
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedadssvc.exe
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\powerreg schedulerv2.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\powerreg schedulerv2.exe <====== ATTENTION
MountPoints2: {1dfb6fe0-66eb-11e0-aa4c-806e6f6e6963} - D:\Setup.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll (AdTrustMedia)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll (AdTrustMedia)
C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
2014-01-02 15:54 - 2014-01-02 15:54 - 50063360 _____ C:\Program Files (x86)\GUTBDB4.tmp
2014-01-02 15:54 - 2014-01-02 15:54 - 00000000 ____D C:\Program Files (x86)\GUMBDA3.tmp
C:\Users\Gerald\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Gerald\AppData\Local\Temp\lowproc.exe
C:\Users\Gerald\AppData\Local\Temp\Quarantine.exe
C:\Users\Gerald\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\Gerald\AppData\Local\Temp\stubhelper.dll
C:\Users\Gerald\AppData\Local\Temp\swt-win32-3349.dll
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PrivDogService => Value not found.
"C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedadssvc.exe" => File/Directory not found.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1dfb6fe0-66eb-11e0-aa4c-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{1dfb6fe0-66eb-11e0-aa4c-806e6f6e6963} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} => Key not found.
HKCR\CLSID\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} => Key not found.
HKCR\Wow6432Node\CLSID\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} => Key not found.
"C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.18\trustedads.dll" => File/Directory not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
C:\Program Files (x86)\GUTBDB4.tmp => Moved successfully.
C:\Program Files (x86)\GUMBDA3.tmp => Moved successfully.
C:\Users\Gerald\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\Gerald\AppData\Local\Temp\lowproc.exe => Moved successfully.
C:\Users\Gerald\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Gerald\AppData\Local\Temp\Shockwave_Installer_FF.exe => Moved successfully.
C:\Users\Gerald\AppData\Local\Temp\stubhelper.dll => Moved successfully.
C:\Users\Gerald\AppData\Local\Temp\swt-win32-3349.dll => Moved successfully.

==== End of Fixlog ====



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:53 PM

Posted 26 January 2014 - 05:44 PM

Hi Jerry,
 

Is this the case here?

It is possible, however I do not see any evidence of the program on your computer.

If you have not done so already, please reinstall the 76trackball driver and test the device.

In addition, please run this to look for any leftover malware entries.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Trackball work properly?
  • ESET log
  • Are you experiencing any other issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#5 Jerhyn

Jerhyn
  • Topic Starter

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas Nv
  • Local time:12:53 PM

Posted 26 January 2014 - 08:30 PM

Eset found only one.

C:\Users\Gerald\Desktop\ANTIVIRUS\clean.exe    multiple threats    deleted - quarantined
 

Still having trouble configuring the trackball.

As I remember it was several tries to get run as admin/ compatability mode, to get it to run before.

I will try mode xp/2 or xp/3 in the morning. I have one version from kensington site, one from Bc.

Apparently something in win 7 doesn't like kensington drivers.

 

Is crypto prevent or crypto guard a good idea for prevention ?

 

http://www.bleepingcomputer.com/forums/t/513182/cryptoguard-prevents-your-files-from-being-taken-hostage/?hl=cryptoprevent

 

Jerry



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:53 PM

Posted 26 January 2014 - 09:07 PM

Yes, one monitors file behavior and the other modifies policy settings.

Let me know how you do with the trackball.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#7 Jerhyn

Jerhyn
  • Topic Starter

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas Nv
  • Local time:12:53 PM

Posted 26 January 2014 - 09:11 PM

Got the trackball working on the third delete and reboot, install the mouseworks version 1.1.15 from Bc.

Not the 1.1.18 version from Kensington support site.

The crypto prevent was installed on 12/21/2013, so now it misses the 30 day mark.

 

Jerry



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:53 PM

Posted 26 January 2014 - 09:13 PM

Ah, that is why there is no evidence in your logs. How is your computer running now? Any remaining issues you might be concerned about?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#9 Jerhyn

Jerhyn
  • Topic Starter

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Las Vegas Nv
  • Local time:12:53 PM

Posted 26 January 2014 - 10:28 PM

I threw every scan at it and all came out clean.

For the last 2 decades I thought that keeping a current copy of Zone alarm + anti virus was sufficient .

 

But as I learn more details here, the shear number of scripts that get tossed at my system, a steady stream of sniffing, pinging and

trojan's I am looking at which defense options offer the best layered screens.

 

Comodo firewall and avast av seem to be popular choices.

The emisoft seems to work very good as well. When I ask around everyone says to use whichever is comfortable.

 

So finding the "best " is entirely subjective rather than objective.

I don't mind paying for a good option, if I can just figure which works best.

 

I will be sifting through that frst fix to learn which were malicious, and which were just poor housekeeping.

Since I have just 8 weeks on this win7 I am surprised that were that many that seemed to get through.

 

For now I'm comfortable that my system seems ok while I keep up with the learning. By the end I should

be confident about identifying and dealing with these rascals and choosing my " best " defence.

 

Jerry



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:53 PM

Posted 27 January 2014 - 10:15 AM

Sounds good Jerry,

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean

--------------

Your machine appears to be clean. You can remove any of the programs or logs on your system as a result of our efforts together. Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a couple of days in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:53 PM

Posted 27 January 2014 - 07:53 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users