wont let me go online, wont let me run malwarebytes

naztradomas82 · March 09, 2015, 09:42:35 PM

i just installed comodo on my computer and i removed avast. i had malwarebytes on my comp but it expired. comodo had a lot of pop-ups so instead of uninstalling it, i took my computer to a restore point which was like 3 days earlier. then on the restart. it says it was successful, but i cant get online at all. malwarebytes wont run and avast is back on my comp so im trying to use avast because it is the last line of defense on my computer. but its been over 6hrs and it still hasn't finished. idk what to do. did comodo do this? or am i just that computer illiterate?

Corrine · March 09, 2015, 11:01:51 PM

Hi, naztradomas82. Welcome to LandzDown Forum.

I don't know what changes Comodo made to your computer, but most definitely you would have been better served by uninstalling it rather than first going to a system restore point. From another computer with Internet access, please do the following by downloading the tools to a computer that has Internet access and transferring them to the computer with a problem. Then transfer the logs back to the computer with Internet access and post the logs here as a reply.

1. Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Devices
List Users, Partitions and Memory size.
List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Note: Test to see if you can connect to the Internet now.

2. Download the programs in the Log Posting Instructions and copy/paste here as a reply.

Note: Due to the length of the logs, it may take more than one reply to fit all the informatioin.

naztradomas82 · March 10, 2015, 12:28:09 AM

hi i just got home from work and the avast must have finished running and shut off my computer. i turned it back on and i can get online. do i still need to run minitoolbox? the reason i was lookin for a new anti-virus was because my windows will not always load and my computer is pretty slow in general. i dont know what viruses or malware is on my computer, but it freezes all the time and laggs alot

naztradomas82 · March 10, 2015, 12:29:32 AM

and now the realtime protection on the computer says its not installed.....? idk

winchester73 · March 10, 2015, 12:38:39 AM

Post those logs Corrine asked for and we'll do our best to get you sorted out :D

naztradomas82 · March 10, 2015, 12:55:56 AM

MiniToolBox by Farbar Version: 09-03-2015
Ran by user (administrator) on 09-03-2015 at 20:46:07
Running from "C:\Users\user\Desktop"
Microsoft Windows 7 Enterprise Service Pack 1 (X86)
Model: Inspiron 530s Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1   www.007guard.com
127.0.0.1   007guard.com
127.0.0.1   008i.com
127.0.0.1   www.008k.com
127.0.0.1   008k.com
127.0.0.1   www.00hq.com
127.0.0.1   00hq.com
127.0.0.1   010402.com
127.0.0.1   www.032439.com
127.0.0.1   032439.com
127.0.0.1   www.0scan.com
127.0.0.1   0scan.com
127.0.0.1   www.1000gratisproben.com
127.0.0.1   1000gratisproben.com
127.0.0.1   1001namen.com
127.0.0.1   www.1001namen.com
127.0.0.1   100888290cs.com
127.0.0.1   www.100888290cs.com
127.0.0.1   www.100sexlinks.com

There are 15476 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Intel(R) 82562V-2 10/100 Network Connection = Local Area Connection (Connected)
TAP-Windows Adapter V9 = Local Area Connection 2 (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
add address name="Local Area Connection 2" address=169.254.123.101 mask=255.255.0.0

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : user-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.nj.comcast.net.

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Windows Adapter V9
Physical Address. . . . . . . . . : 00-FF-03-6D-DC-78
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7999:6ba4:bd2b:64ec%16(Preferred)
IPv4 Address. . . . . . . . . . . : 169.254.123.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 352386819
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-42-CE-1C-00-21-9B-0A-CD-20
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : hsd1.nj.comcast.net.
Description . . . . . . . . . . . : Intel(R) 82562V-2 10/100 Network Connection
Physical Address. . . . . . . . . : 00-21-9B-0A-CD-20
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2601:c:5983:8b1e:68a7:7da9:b4f6:763f(Preferred)
Temporary IPv6 Address. . . . . . : 2601:c:5983:8b1e:4c7b:6e21:a6d0:be44(Preferred)
Link-local IPv6 Address . . . . . : fe80::68a7:7da9:b4f6:763f%10(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, March 09, 2015 8:06:35 PM
Lease Expires . . . . . . . . . . : Monday, March 16, 2015 8:06:34 PM
Default Gateway . . . . . . . . . : fe80::21d:d3ff:fe1a:a341%10
10.0.0.1
DHCP Server . . . . . . . . . . . : 10.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 234889627
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-42-CE-1C-00-21-9B-0A-CD-20
DNS Servers . . . . . . . . . . . : 2001:558:feed::1
2001:558:feed::2
75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.hsd1.nj.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns01.comcast.net
Address: 2001:558:feed::1

Name: google.com
Addresses: 2607:f8b0:4006:809::1000
     74.125.226.73
     74.125.226.70
     74.125.226.66
     74.125.226.64
     74.125.226.71
     74.125.226.72
     74.125.226.68
     74.125.226.69
     74.125.226.65
     74.125.226.78
     74.125.226.67

Pinging google.com [2607:f8b0:4006:80e::200e] with 32 bytes of data:
Reply from 2607:f8b0:4006:80e::200e: time=19ms
Reply from 2607:f8b0:4006:80e::200e: time=19ms

Ping statistics for 2607:f8b0:4006:80e::200e:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 19ms, Average = 19ms
Server: cdns01.comcast.net
Address: 2001:558:feed::1

Name: yahoo.com
Addresses: 206.190.36.45
     98.139.183.24
     98.138.253.109

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=22ms TTL=52
Reply from 98.139.183.24: bytes=32 time=21ms TTL=52

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 21ms, Maximum = 22ms, Average = 21ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
16...00 ff 03 6d dc 78 ......TAP-Windows Adapter V9
10...00 21 9b 0a cd 20 ......Intel(R) 82562V-2 10/100 Network Connection
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.6 20
10.0.0.0 255.255.255.0 On-link 10.0.0.6 276
10.0.0.6 255.255.255.255 On-link 10.0.0.6 276
10.0.0.255 255.255.255.255 On-link 10.0.0.6 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.123.101 286
169.254.123.101 255.255.255.255 On-link 169.254.123.101 286
169.254.255.255 255.255.255.255 On-link 169.254.123.101 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.6 276
224.0.0.0 240.0.0.0 On-link 169.254.123.101 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.6 276
255.255.255.255 255.255.255.255 On-link 169.254.123.101 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 276 ::/0 fe80::21d:d3ff:fe1a:a341
1 306 ::1/128 On-link
10 28 2601:c:5983:8b1e::/64 On-link
10 276 2601:c:5983:8b1e:4c7b:6e21:a6d0:be44/128
On-link
10 276 2601:c:5983:8b1e:68a7:7da9:b4f6:763f/128
On-link
10 276 fe80::/64 On-link
16 286 fe80::/64 On-link
10 276 fe80::68a7:7da9:b4f6:763f/128
On-link
16 286 fe80::7999:6ba4:bd2b:64ec/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
16 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 08 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/09/2015 03:36:49 PM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.

Error: (03/09/2015 03:27:47 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {66aa9d43-2fa0-4bdc-81d3-6f6555bd676d}

Error: (03/09/2015 10:37:06 AM) (Source: AdvancedSystemCareService8) (User: )
Description: The handle is invalid

Error: (03/09/2015 10:21:03 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e6142b03-d222-4968-bdd3-1f321d8cb34c}

Error: (03/09/2015 10:08:33 AM) (Source: AdvancedSystemCareService8) (User: )
Description: The interface is unknown

Error: (03/09/2015 10:08:33 AM) (Source: AdvancedSystemCareService8) (User: )
Description: The handle is invalid

Error: (03/08/2015 08:37:47 PM) (Source: WinMgmt) (User: )
Description: CisWmiSELECT * FROM CisStatusChangeCisStatusChange//./root/cis

Error: (03/08/2015 08:37:47 PM) (Source: WinMgmt) (User: )
Description: CisWmiSELECT * FROM CisNotificationCisNotification//./root/cis

Error: (03/08/2015 08:37:47 PM) (Source: WinMgmt) (User: )
Description: CisWmiSELECT * FROM FwAlertFwAlert//./root/cis

Error: (03/08/2015 08:37:47 PM) (Source: WinMgmt) (User: )
Description: CisWmiSELECT * FROM DfAlertDfAlert//./root/cis

System errors:
=============
Error: (03/09/2015 03:17:26 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (03/09/2015 02:36:36 PM) (Source: NetBT) (User: )
Description: The driver could not be created.

Error: (03/09/2015 02:36:36 PM) (Source: NetBT) (User: )
Description: The driver could not be created.

Error: (03/09/2015 02:32:56 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (03/09/2015 02:32:26 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (03/09/2015 00:35:32 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.193.1828.0).

Error: (03/09/2015 10:20:45 AM) (Source: Service Control Manager) (User: )
Description: The CyberGhost 5 Client Service service failed to start due to the following error:
%%1053

Error: (03/09/2015 10:20:45 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the CyberGhost 5 Client Service service to connect.

Error: (03/09/2015 00:26:22 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/09/2015 00:26:19 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe AIR (Version: 16.0.0.273 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Refresh Manager (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
aioscnnr (Version: 6.1.4.0 - Your Company Name) Hidden
aioscnnr (Version: 7.6.13.10 - Your Company Name) Hidden
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
C4USelfUpdater (Version: 1.00.0000 - Your Company Name) Hidden
center (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
essentials (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Drive (HKLM\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.2.6.1 - IObit)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java Auto Updater (Version: 2.8.31.13 - Oracle Corporation) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.7.6.0 - Eastman Kodak Company)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MP3 Rocket Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.4.1.28235 - Ask.com)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
ocr (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.4.8 - Pando Networks Inc.)
PreReq (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - )
Rosetta Stone Version 3 (HKLM\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

========================= Devices: ================================

Name: MpKsl7d6adc18
Description: MpKsl7d6adc18
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl7d6adc18
Device ID: ROOT\LEGACY_MPKSL7D6ADC18\0000
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: AntiLog32
Description: AntiLog32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AntiLog32
Device ID: ROOT\LEGACY_ANTILOG32\0000
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

========================= Memory info: ===================================

Percentage of memory in use: 48%
Total physical RAM: 2037.18 MB
Available physical RAM: 1045.63 MB
Total Pagefile: 4074.35 MB
Available Pagefile: 2742.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.31 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:148.91 GB) (Free:54.21 GB) NTFS
2 Drive d: (Repair disc Windows 7 32-bit) (CDROM) (Total:0.14 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\USER-PC

Administrator Guest user

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

naztradomas82 · March 10, 2015, 01:12:02 AM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17631 BrowserJavaVersion: 11.31.2
Run by user at 21:04:03 on 2015-03-09
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.2037.984 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\CyberGhost 5\Service.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/?rlz=1W4CHBF_enUS552
uWindow Title = Internet Explorer, enhanced for Bing and MSN
BHO: {10921475-03CE-4E04-90CE-E2E7EF20C814} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_31\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Advanced SystemCare Surfing Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\surfing protection\browerprotect\ASCPlugin_Protection.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_31\bin\jp2ssv.dll
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{3ED21674-7B53-400C-A236-DDF4376038EE} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\40.0.2214.115\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1   www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-9-23 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-9-23 206248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2014-9-23 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-9-23 423784]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2014-5-31 26248]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2015-3-1 23840]
R1 RawDisk3;RawDisk3;c:\windows\system32\drivers\rawdsk3.sys [2014-7-20 28256]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2014-9-2 87968]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-9-23 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-9-23 70384]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-9-23 91496]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2015-1-17 50344]
R2 CGVPNCliService;CyberGhost 5 Client Service;c:\program files\cyberghost 5\Service.exe [2014-10-21 64616]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-4-6 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-4-6 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-4-6 168384]
R3 SmbDrvI;SmbDrvI;c:\windows\system32\drivers\Smb_driver_Intel.sys [2015-3-1 27888]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2014-8-26 2724128]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DMBmdtv;DTMB DTV USB Dongle;c:\windows\system32\drivers\DMBmdtv.sys [2010-1-22 136320]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-5-3 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2015-2-13 102912]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-3-2 114904]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-8-29 14848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-8-29 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-10 1343400]
S4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2013-3-15 395640]
S4 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\kodak\aio\statusmonitor\EKPrinterSDK.exe [2013-1-15 780152]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2015-03-09 19:56:21   9041640   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{5c2a5dc2-d730-466e-a229-f1cd3beb52de}\mpengine.dll
2015-03-09 16:50:36   --------   d-----w-   c:\users\user\appdata\roaming\AVAST Software
2015-03-09 13:10:54   --------   d-----w-   c:\programdata\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-03-09 11:59:57   --------   d-----w-   C:\VTRoot
2015-03-08 23:55:53   --------   d-----w-   c:\programdata\Shared Space
2015-03-08 23:51:13   --------   d-----w-   c:\users\user\appdata\local\Comodo
2015-03-08 23:50:20   --------   d-----w-   c:\programdata\Comodo Downloader
2015-03-08 23:17:41   --------   d-----w-   c:\programdata\COMODO
2015-03-08 23:17:00   --------   d-----w-   c:\program files\COMODO
2015-03-02 10:28:02   114904   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-02 10:27:38   75480   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2015-03-02 10:27:38   51928   ----a-w-   c:\windows\system32\drivers\mwac.sys
2015-03-02 10:27:38   23256   ----a-w-   c:\windows\system32\drivers\mbam.sys
2015-03-02 10:27:37   --------   d-----w-   c:\program files\Malwarebytes Anti-Malware
2015-03-01 12:20:23   --------   d-----w-   c:\program files\Synaptics
2015-03-01 12:20:09   1629040   ----a-w-   c:\windows\system32\WdfCoInstaller01011.dll
2015-03-01 12:20:05   27888   ----a-w-   c:\windows\system32\drivers\Smb_driver_Intel.sys
2015-03-01 12:03:58   927448   ----a-w-   c:\windows\system32\RtkCoInstII.dll
2015-03-01 12:03:58   3343832   ----a-w-   c:\windows\system32\drivers\RTKVHDA.sys
2015-03-01 12:03:58   2588888   ----a-w-   c:\windows\system32\RtkPgExt.dll
2015-03-01 12:03:56   2354544   ----a-w-   c:\windows\system32\RtkApoApi.dll
2015-03-01 12:03:52   1443340   ----a-w-   c:\windows\system32\drivers\RTAIODAT.DAT
2015-03-01 12:03:51   2513264   ----a-w-   c:\windows\system32\RltkAPO.dll
2015-03-01 12:03:45   1728768   ----a-w-   c:\windows\system32\MBAPO232.dll
2015-03-01 12:03:25   519368   ----a-w-   c:\windows\system32\AERTACap.dll
2015-03-01 11:56:13   23840   ----a-w-   c:\windows\system32\drivers\HWiNFO32.SYS
2015-03-01 11:53:43   --------   d-----w-   c:\users\user\appdata\roaming\RHEng
2015-02-18 21:13:32   27136   ----a-w-   c:\windows\system32\powertracker.dll
2015-02-18 21:13:31   76800   ----a-w-   c:\windows\system32\wdi.dll
2015-02-18 21:13:31   635904   ----a-w-   c:\windows\system32\perftrack.dll
2015-02-15 00:36:46   620032   ----a-w-   c:\windows\system32\jscript9diag.dll
2015-02-15 00:36:43   4300800   ----a-w-   c:\windows\system32\jscript9.dll
2015-02-13 15:59:58   686080   ----a-w-   c:\windows\system32\adtschema.dll
2015-02-13 15:58:45   571904   ----a-w-   c:\windows\system32\oleaut32.dll
2015-02-13 15:57:41   179200   ----a-w-   c:\windows\system32\wintrust.dll
2015-02-13 15:57:41   143872   ----a-w-   c:\windows\system32\cryptsvc.dll
2015-02-13 15:57:41   1174528   ----a-w-   c:\windows\system32\crypt32.dll
2015-02-13 15:56:36   308224   ----a-w-   c:\windows\system32\scesrv.dll
2015-02-13 15:55:22   1230336   ----a-w-   c:\windows\system32\WindowsCodecs.dll
.
==================== Find3M ====================
.
2015-02-09 01:35:53   701616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2015-02-09 01:35:52   71344   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-04 02:54:02   482304   ----a-w-   c:\windows\system32\generaltel.dll
2015-02-04 02:53:44   621056   ----a-w-   c:\windows\system32\invagent.dll
2015-02-04 02:53:39   325632   ----a-w-   c:\windows\system32\devinv.dll
2015-02-04 02:53:37   767488   ----a-w-   c:\windows\system32\appraiser.dll
2015-02-04 02:53:36   202752   ----a-w-   c:\windows\system32\aepdu.dll
2015-02-04 02:53:36   159744   ----a-w-   c:\windows\system32\aepic.dll
2015-02-04 02:49:50   886784   ----a-w-   c:\windows\system32\aeinv.dll
2015-01-27 23:36:23   1167520   ----a-w-   c:\windows\system32\aitstatic.exe
2015-01-21 19:57:07   96680   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2015-01-18 02:21:30   787800   ----a-w-   c:\windows\system32\drivers\aswsnx.sys
2015-01-18 02:20:46   91496   ----a-w-   c:\windows\system32\drivers\aswStm.sys
2015-01-18 02:20:45   81768   ----a-w-   c:\windows\system32\drivers\aswRdr2.sys
2015-01-18 02:20:45   70384   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2015-01-18 02:20:45   49944   ----a-w-   c:\windows\system32\drivers\aswRvrt.sys
2015-01-18 02:20:45   43152   ----a-w-   c:\windows\avastSS.scr
2015-01-18 02:20:45   24184   ----a-w-   c:\windows\system32\drivers\aswHwid.sys
2015-01-18 02:20:45   206248   ----a-w-   c:\windows\system32\drivers\aswVmm.sys
2015-01-15 07:46:05   67520   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2015-01-15 07:46:05   136640   ----a-w-   c:\windows\system32\drivers\ksecpkg.sys
2015-01-15 07:43:01   15872   ----a-w-   c:\windows\system32\sspisrv.dll
2015-01-15 07:43:01   100352   ----a-w-   c:\windows\system32\sspicli.dll
2015-01-15 07:42:59   22016   ----a-w-   c:\windows\system32\secur32.dll
2015-01-15 07:42:50   1061376   ----a-w-   c:\windows\system32\lsasrv.dll
2015-01-15 07:42:17   22528   ----a-w-   c:\windows\system32\lsass.exe
2015-01-15 07:42:05   50176   ----a-w-   c:\windows\system32\auditpol.exe
2015-01-15 07:39:53   60416   ----a-w-   c:\windows\system32\msobjs.dll
2015-01-15 07:39:36   146432   ----a-w-   c:\windows\system32\msaudite.dll
2015-01-15 04:21:41   369968   ----a-w-   c:\windows\system32\drivers\cng.sys
2015-01-14 05:44:59   3972544   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2015-01-14 05:44:58   3917760   ----a-w-   c:\windows\system32\ntoskrnl.exe
2015-01-12 02:21:19   2724864   ----a-w-   c:\windows\system32\mshtml.tlb
2015-01-12 02:21:05   4096   ----a-w-   c:\windows\system32\ieetwcollectorres.dll
2015-01-12 02:08:09   503296   ----a-w-   c:\windows\system32\vbscript.dll
2015-01-12 02:07:51   62464   ----a-w-   c:\windows\system32\iesetup.dll
2015-01-12 02:07:06   47616   ----a-w-   c:\windows\system32\ieetwproxystub.dll
2015-01-12 02:05:36   64000   ----a-w-   c:\windows\system32\MshtmlDac.dll
2015-01-12 01:55:47   115712   ----a-w-   c:\windows\system32\ieUnatt.exe
2015-01-12 01:55:46   102912   ----a-w-   c:\windows\system32\ieetwcollector.exe
2015-01-12 01:48:52   667648   ----a-w-   c:\windows\system32\MsSpellCheckingFacility.exe
2015-01-12 01:40:43   60416   ----a-w-   c:\windows\system32\JavaScriptCollectionAgent.dll
2015-01-12 01:23:09   2052608   ----a-w-   c:\windows\system32\inetcpl.cpl
2015-01-12 01:22:17   1155072   ----a-w-   c:\windows\system32\mshtmlmedia.dll
2015-01-12 01:00:17   1888256   ----a-w-   c:\windows\system32\wininet.dll
2015-01-10 06:27:54   172032   ----a-w-   c:\windows\system32\wdigest.dll
2015-01-10 06:27:51   65536   ----a-w-   c:\windows\system32\TSpkg.dll
2015-01-10 06:27:47   248832   ----a-w-   c:\windows\system32\schannel.dll
2015-01-10 06:27:44   221184   ----a-w-   c:\windows\system32\ncrypt.dll
2015-01-10 06:27:43   259584   ----a-w-   c:\windows\system32\msv1_0.dll
2015-01-10 06:27:39   550912   ----a-w-   c:\windows\system32\kerberos.dll
2015-01-10 06:27:32   17408   ----a-w-   c:\windows\system32\credssp.dll
2015-01-09 01:45:45   2380288   ----a-w-   c:\windows\system32\win32k.sys
2014-12-23 05:50:16   249488   ----a-w-   c:\windows\system32\MpSigStub.exe
2014-12-19 02:43:00   164864   ----a-w-   c:\windows\system32\profsvc.dll
2014-12-19 01:34:44   116224   ----a-w-   c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47:27   56320   ----a-w-   c:\windows\system32\TSWbPrxy.exe
.
============= FINISH: 21:07:08.39 ===============

naztradomas82 · March 10, 2015, 01:13:53 AM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 10/9/2010 6:28:23 PM
System Uptime: 3/9/2015 7:06:14 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel(R) Celeron(R) CPU 450 @ 2.20GHz | Socket 775 | 2194/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 54.207 GiB free.
D: is CDROM (UDF)
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl7d6adc18
Device ID: ROOT\LEGACY_MPKSL7D6ADC18\0000
Manufacturer:
Name: MpKsl7d6adc18
PNP Device ID: ROOT\LEGACY_MPKSL7D6ADC18\0000
Service: MpKsl7d6adc18
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: AntiLog32
Device ID: ROOT\LEGACY_ANTILOG32\0000
Manufacturer:
Name: AntiLog32
PNP Device ID: ROOT\LEGACY_ANTILOG32\0000
Service: AntiLog32
.
==== System Restore Points ===================
.
RP720: 3/6/2015 10:35:47 PM - Windows Update
RP721: 3/8/2015 6:14:03 PM - Installed GeekBuddy.
RP723: 3/8/2015 6:28:02 PM - avast! antivirus system restore point
RP724: 3/8/2015 6:52:21 PM - Installing COMODO Internet Security Premium
RP725: 3/8/2015 6:56:49 PM - Device Driver Package Install: COMODO Network Service
RP726: 3/9/2015 9:01:59 AM - Restore Operation
RP728: 3/9/2015 9:21:06 AM - avast! antivirus system restore point
RP729: 3/9/2015 11:28:00 AM - Windows Update
RP730: 3/9/2015 2:12:31 PM - Restore Operation
RP732: 3/9/2015 2:27:49 PM - avast! antivirus system restore point
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Reader XI (11.0.10)
Adobe Refresh Manager
aioscnnr
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avast Free Antivirus
Bonjour
C4USelfUpdater
center
CyberGhost 5
D3DX10
DivX Setup
Dropbox
ESET Online Scanner v3
essentials
Google Chrome
Google Drive
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
IObit Uninstaller
iTunes
Java 8 Update 31
Java Auto Updater
Junk Mail filter update
Kodak AIO Printer
KODAK AiO Software
Malwarebytes Anti-Malware version 2.0.4.1028
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MP3 Rocket Toolbar Updater
MSVCRT
ocr
OGA Notifier 2.0.0048.0
Pando Media Booster
PreReq
PrintProjects
QuickTime 7
Realtek High Definition Audio Driver
Rosetta Stone Version 3
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Spybot - Search & Destroy
Surfing Protection
TAP-Windows 9.9.2
VC80CRTRedist - 8.0.50727.6195
VLC media player
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
3/9/2015 9:20:45 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the CyberGhost 5 Client Service service to connect.
3/9/2015 9:20:45 AM, Error: Service Control Manager [7000] - The CyberGhost 5 Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/9/2015 2:17:26 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
3/9/2015 11:35:32 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.193.1828.0).
3/9/2015 1:36:36 PM, Error: NetBT [4300] - The driver could not be created.
3/9/2015 1:32:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
.
==== End Of File ===========================

naztradomas82 · March 10, 2015, 01:16:05 AM

and now i feel naked :dance: :laughing:

Corrine · March 10, 2015, 01:49:57 AM

:lol: There are Comodo leftovers but fortunately you have your connection back. Let's run ComboFix and then if it doesn't pick up the remnants, I can "rip them out".

Please follow these instructions carefully. Download ComboFix from the following location: Link 1

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.
If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
Double-click ComboFix.exe on your desktop and follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, a log will be produced. Please copy C:\ComboFix.txt in your next reply.

naztradomas82 · March 10, 2015, 02:37:27 AM

i can not disable spybot tea timer. i tried but i dont see the tab or button or anything to click on saying resident,tea timer or anything like that. and combo fix it telling me that it will still run but it is at my own risk...... great!!! so b 4 i f up my comp plz help. idk how to do screen shots of the type of spybot i have. should i just uninstall it?

Corrine · March 10, 2015, 12:04:48 PM

Try the following to disable TeaTimer. If it doesn't work, go ahead and continue with ComboFix.

Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
If TeaTimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
In the File menu click "Exit" to exit Spybot Search & Destroy.

naztradomas82 · March 10, 2015, 12:30:55 PM

ComboFix 15-03-09.01 - user 03/09/2015 22:52:23.1.1 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.2037.777 [GMT -4:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1387721531.bdinstall.bin
c:\programdata\1387721920.bdinstall.bin
c:\programdata\1387722002.2584.bin
c:\programdata\1387722002.584.bin
c:\programdata\1387723020.bdinstall.bin
c:\programdata\1401563141.bdinstall.bin
c:\programdata\1401563146.bdinstall.bin
c:\programdata\1401563622.1972.bin
c:\programdata\1401563622.3344.bin
c:\programdata\1401563622.4832.bin
c:\programdata\1401563622.936.bin
c:\programdata\1409458680.bdinstall.bin
c:\programdata\1411508505.bdinstall.bin
c:\programdata\1411508538.bdinstall.bin
c:\programdata\1411513515.bdinstall.bin
c:\users\user\Documents\~WRL0003.tmp
.
.
((((((((((((((((((((((((( Files Created from 2015-02-10 to 2015-03-10 )))))))))))))))))))))))))))))))
.
.
2015-03-10 03:22 . 2015-03-10 03:22   --------   d-----w-   c:\users\Default\AppData\Local\temp
2015-03-09 19:32 . 2015-01-18 02:20   291352   ----a-w-   c:\windows\system32\aswBoot.exe
2015-03-09 16:50 . 2015-03-09 16:50   --------   d-----w-   c:\users\user\AppData\Roaming\AVAST Software
2015-03-09 13:10 . 2015-03-09 13:12   --------   d-----w-   c:\programdata\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-03-09 11:59 . 2015-03-09 11:59   --------   d-----w-   C:\VTRoot
2015-03-08 23:55 . 2015-03-08 23:55   --------   d-----w-   c:\programdata\Shared Space
2015-03-08 23:51 . 2015-03-08 23:51   --------   d-----w-   c:\users\user\AppData\Local\Comodo
2015-03-08 23:50 . 2015-03-08 23:50   --------   d-----w-   c:\programdata\Comodo Downloader
2015-03-08 23:17 . 2015-03-08 23:59   --------   d-----w-   c:\programdata\COMODO
2015-03-08 23:17 . 2015-03-08 23:55   --------   d-----w-   c:\program files\COMODO
2015-03-02 10:28 . 2015-03-09 19:39   114904   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-02 10:27 . 2014-11-21 11:14   51928   ----a-w-   c:\windows\system32\drivers\mwac.sys
2015-03-02 10:27 . 2014-11-21 11:14   75480   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2015-03-02 10:27 . 2014-11-21 11:14   23256   ----a-w-   c:\windows\system32\drivers\mbam.sys
2015-03-02 10:27 . 2015-03-02 10:27   --------   d-----w-   c:\program files\Malwarebytes Anti-Malware
2015-03-01 12:20 . 2015-03-01 12:20   --------   d-----w-   c:\program files\Synaptics
2015-03-01 12:20 . 2015-03-01 12:20   27888   ----a-w-   c:\windows\system32\drivers\Smb_driver_Intel.sys
2015-03-01 12:03 . 2015-03-01 12:03   3343832   ----a-w-   c:\windows\system32\drivers\RTKVHDA.sys
2015-03-01 12:03 . 2015-03-01 12:03   927448   ----a-w-   c:\windows\system32\RtkCoInstII.dll
2015-03-01 12:03 . 2015-03-01 12:03   2588888   ----a-w-   c:\windows\system32\RtkPgExt.dll
2015-03-01 12:03 . 2015-03-01 12:03   2354544   ----a-w-   c:\windows\system32\RtkApoApi.dll
2015-03-01 12:03 . 2015-03-01 12:03   1443340   ----a-w-   c:\windows\system32\drivers\RTAIODAT.DAT
2015-03-01 12:03 . 2015-03-01 12:03   2513264   ----a-w-   c:\windows\system32\RltkAPO.dll
2015-03-01 12:03 . 2015-03-01 12:03   1728768   ----a-w-   c:\windows\system32\MBAPO232.dll
2015-03-01 12:03 . 2015-03-01 12:03   519368   ----a-w-   c:\windows\system32\AERTACap.dll
2015-03-01 11:56 . 2015-03-01 11:56   23840   ----a-w-   c:\windows\system32\drivers\HWiNFO32.SYS
2015-03-01 11:53 . 2015-03-01 11:53   --------   d-----w-   c:\users\user\AppData\Roaming\RHEng
2015-02-18 21:13 . 2015-02-18 21:13   27136   ----a-w-   c:\windows\system32\powertracker.dll
2015-02-18 21:13 . 2015-02-18 21:13   635904   ----a-w-   c:\windows\system32\perftrack.dll
2015-02-15 00:36 . 2015-01-23 03:43   620032   ----a-w-   c:\windows\system32\jscript9diag.dll
2015-02-15 00:36 . 2015-01-23 03:17   4300800   ----a-w-   c:\windows\system32\jscript9.dll
2015-02-13 15:59 . 2015-01-15 07:46   67520   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2015-02-13 15:58 . 2014-11-26 03:32   571904   ----a-w-   c:\windows\system32\oleaut32.dll
2015-02-13 15:57 . 2014-12-12 05:07   1174528   ----a-w-   c:\windows\system32\crypt32.dll
2015-02-13 15:57 . 2014-07-07 01:40   143872   ----a-w-   c:\windows\system32\cryptsvc.dll
2015-02-13 15:56 . 2014-12-08 02:46   308224   ----a-w-   c:\windows\system32\scesrv.dll
2015-02-13 02:41 . 2015-02-13 02:41   --------   d-----w-   c:\users\Default\AppData\Roaming\IObit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-10 02:14 . 2015-03-10 02:14   62576   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C2A5DC2-D730-466E-A229-F1CD3BEB52DE}\offreg.dll
2015-03-01 12:20 . 2015-03-01 12:20   1629040   ----a-w-   c:\windows\system32\WdfCoInstaller01011.dll
2015-02-18 21:13 . 2015-02-18 21:13   76800   ----a-w-   c:\windows\system32\wdi.dll
2015-02-16 09:21 . 2015-03-09 19:56   9041640   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C2A5DC2-D730-466E-A229-F1CD3BEB52DE}\mpengine.dll
2015-02-09 01:35 . 2013-08-04 14:06   701616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2015-02-09 01:35 . 2013-08-04 14:06   71344   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-21 19:57 . 2015-01-21 19:59   96680   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2015-01-18 02:21 . 2014-09-23 23:17   787800   ----a-w-   c:\windows\system32\drivers\aswsnx.sys
2015-01-18 02:21 . 2014-09-23 23:17   423784   ----a-w-   c:\windows\system32\drivers\aswsp.sys
2015-01-18 02:20 . 2014-09-23 23:17   91496   ----a-w-   c:\windows\system32\drivers\aswStm.sys
2015-01-18 02:20 . 2015-01-18 02:20   43152   ----a-w-   c:\windows\avastSS.scr
2015-01-18 02:20 . 2014-09-23 23:17   206248   ----a-w-   c:\windows\system32\drivers\aswVmm.sys
2015-01-18 02:20 . 2014-09-23 23:17   49944   ----a-w-   c:\windows\system32\drivers\aswRvrt.sys
2015-01-18 02:20 . 2014-09-23 23:17   70384   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2015-01-18 02:20 . 2014-09-23 23:17   24184   ----a-w-   c:\windows\system32\drivers\aswHwid.sys
2015-01-18 02:20 . 2014-09-23 23:17   81768   ----a-w-   c:\windows\system32\drivers\aswRdr2.sys
2015-01-13 02:49 . 2015-02-13 15:55   1230336   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2015-01-12 02:08 . 2015-02-13 15:58   503296   ----a-w-   c:\windows\system32\vbscript.dll
2015-01-12 01:00 . 2015-02-13 15:58   1888256   ----a-w-   c:\windows\system32\wininet.dll
2015-01-10 06:27 . 2015-02-13 16:00   172032   ----a-w-   c:\windows\system32\wdigest.dll
2015-01-10 06:27 . 2015-02-13 16:00   65536   ----a-w-   c:\windows\system32\TSpkg.dll
2015-01-09 01:45 . 2015-02-13 16:00   2380288   ----a-w-   c:\windows\system32\win32k.sys
2014-12-23 05:50 . 2010-10-09 22:47   249488   ----a-w-   c:\windows\system32\MpSigStub.exe
2014-12-19 02:43 . 2015-01-14 15:21   164864   ----a-w-   c:\windows\system32\profsvc.dll
2014-12-19 01:34 . 2015-01-14 15:20   116224   ----a-w-   c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-14 15:20   56320   ----a-w-   c:\windows\system32\TSWbPrxy.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-01-18 02:20   723976   ----a-w-   c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09   131248   ----a-w-   c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09   131248   ----a-w-   c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09   131248   ----a-w-   c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-01-15 21:59   577864   ----a-w-   c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-01-15 21:59   577864   ----a-w-   c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-01-15 21:59   577864   ----a-w-   c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-01-15 21:59   577864   ----a-w-   c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-01-15 21:59   577864   ----a-w-   c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2015-03-01 12111576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-27 5227112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
backup=c:\windows\pss\CurseClientStartup.ccip.Startup
backupExtension=.Startup
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\20131121
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 8]
2015-01-20 22:22   2428704   ----a-w-   c:\program files\IObit\Advanced SystemCare 8\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-02-13 00:57   43848   ----a-w-   c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CyberGhost]
2014-11-03 07:31   410216   ----a-w-   c:\program files\CyberGhost 5\CyberGhost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2014-11-17 08:11   448856   ----a-w-   c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2014-01-10 05:26   1861968   ----a-w-   c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKStatusMonitor]
2013-01-15 17:07   2750840   ----a-w-   c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
2015-01-15 21:59   23308256   ----a-w-   c:\program files\Google\Drive\googledrivesync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-02-21 07:54   152392   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 19:23   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spybot-S&D Cleaning]
2012-11-13 18:07   3713032   ----a-w-   c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-12-18 03:12   508800   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolwizCareFree]
2014-09-29 16:17   5274328   ----a-w-   c:\program files\ToolwizCareFree\ToolwizCares.exe
.
R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog32.sys

R1 MpKsl7d6adc18;MpKsl7d6adc18;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AFE9AD71-26E0-4792-B068-7E53E5AF5F59}\MpKsl7d6adc18.sys
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2015-01-16 2724128]
R3 DMBmdtv;DTMB DTV USB Dongle;c:\windows\system32\Drivers\DMBmdtv.sys [2010-01-22 136320]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-01-12 102912]
R3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt32.sys
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-03-09 114904]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-08-29 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2014-08-29 49664]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-10 1343400]
R3 XDva344;XDva344;c:\windows\system32\XDva344.sys
R3 XDva365;XDva365;c:\windows\system32\XDva365.sys
R4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [2013-03-15 395640]
R4 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2013-01-15 780152]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 aswRvrt;avast! Revert;
S0 aswVmm;avast! VM Monitor;
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-01-18 787800]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-01-18 423784]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2014-04-30 26248]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2015-03-01 23840]
S1 RawDisk3;RawDisk3;c:\windows\system32\drivers\rawdsk3.sys [2014-07-13 28256]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2014-09-02 87968]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-01-18 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-01-18 70384]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-01-18 91496]
S2 CGVPNCliService;CyberGhost 5 Client Service;c:\program files\CyberGhost 5\Service.exe [2014-11-03 64616]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2015-03-01 27888]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-19 22:11 1084744 ----a-w- c:\program files\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-04 01:35]
.
2015-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 09:41]
.
2015-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 09:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/?rlz=1W4CHBF_enUS552
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{10921475-03CE-4E04-90CE-E2E7EF20C814} - (no file)
Notify-SDWinLogon - SDWinLogon.dll
MSConfigStartUp-SearchProtection - c:\users\user\AppData\Roaming\Search Protection\SearchProtection.EXE
MSConfigStartUp-uTorrent - c:\users\user\AppData\Roaming\uTorrent\uTorrent.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bc,02,e9,de,b9,6f,01,42,85,3d,9a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bc,02,e9,de,b9,6f,01,42,85,3d,9a,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\IObit\IObit Uninstaller\UninstallMonitor.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2015-03-09 23:44:48 - machine was rebooted
ComboFix-quarantined-files.txt 2015-03-10 03:44
.
Pre-Run: 57,717,092,352 bytes free
Post-Run: 57,503,178,752 bytes free
.
- - End Of File - - F84A1DFB9CFBA2FCC81D2117D566F59C
A36C5E4F47E84449FF07ED3517B43A31

Corrine · March 10, 2015, 03:19:10 PM

Although ComboFix found files that needed to be removed, the Comodo remnants will need to be addressed. However, based on a couple of items ComboFix found in the log, there is another tool I'd like you to run before doing that. Before I get to that, however, please consider the following:

Registry cleaners/system optimizers: Windows is a closed source system. Developers of registry cleaners do not have the core code and are not working on definitive information, but rather they are going on past knowledge and experience. Automatic cleaners will usually have to do some guesswork. In addition, modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. No registry cleaner is completely safe and the potential is ever present to cause more problems than they claim to fix. There is more on the topic but that Microsoft does not support the use of registry cleaners should be more than sufficient. See Microsoft support policy for the use of registry cleaning utilities

Thus, I suggest you consider using the "IObit Uninstaller" listed in Programs and Features to remove IObit Advanced System Care.

P2P Programs: P2P programs form a direct conduit on to your computer. They have always been a target of malware writers. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.

With P2P file sharing, what means do you have of identifying or authenticating the source of the download? In addition, a file can be distributed among many hosts, and peers will provide for download the sections that they have already downloaded. This results in the distinct possibility of a distribution method in which malicious bits are mixed with with good files.

In fact, µTorrent has been the subject of a recent controversy (One example here: µTorrent latest victim of crapware paranoia | Ars Technica). Thus, it is strongly recommended that you uninstall µTorrent.

Moving on, please do the following. Please download Adware Cleaner by Xplode. Please save it to your desktop!

Close all open programs and internet browsers.
Double-click AdwCleaner.exe to run the tool.
Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
Click the Scan button.
AdwCleaner will begin. Be patient as the scan may take some time to complete.
After the scan has finished, click the Logfile button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

naztradomas82 · March 10, 2015, 04:48:59 PM

# AdwCleaner v4.112 - Logfile created 10/03/2015 at 12:20:18
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Enterprise Service Pack 1 (x86)
# Username : user - USER-PC
# Running from : C:\Users\user\Desktop\adwcleaner_4.112.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Fighters
Folder Deleted : C:\users\user\AppData\Local\apn
Folder Deleted : C:\users\user\AppData\Local\OpenCandy
Folder Deleted : C:\users\user\AppData\LocalLow\FreePriceAlerts
Folder Deleted : C:\users\user\AppData\Roaming\Search Protection
Folder Deleted : C:\users\user\AppData\Roaming\RHEng
[!] Folder Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\j6eykxva.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi
File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\j6eykxva.default\user.js
File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\animeshow.tv
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631

-\\ Mozilla Firefox v

-\\ Google Chrome v40.0.2214.115

[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [3562 bytes] - [10/03/2015 12:14:10]
AdwCleaner[S0].txt - [3510 bytes] - [10/03/2015 12:20:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3569 bytes] ##########