Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91984 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Newbie Here...I need help, I think I am drowning. [Solved]


  • This topic is locked This topic is locked
32 replies to this topic

#16 wjh1170

wjh1170

    New Member

  • Authentic Member
  • Pip
  • 18 posts
  • Interests:Sports

Posted 23 January 2014 - 05:50 PM

Jo;

 

Once again sorry for the delay, we must be in very different time zones and I have Physical Therapy Monday thru Friday. I once again apologize if this inconveniences you in any way, you have been so helpful. I am seeing vast improvement already!!!!!

 

Here are the items you requested;

 

# AdwCleaner v3.017 - Report created 23/01/2014 at 06:56:55
# Updated 12/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : HESS - HESS-A23995F71B
# Running from : D:\Documents and Settings\HESS\Desktop\What The Tech Apps\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\searchplugins\zonealarm.xml
File Found : D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\user.js
File Found : D:\WINDOWS.0\Tasks\Object Browser-chromeinstaller.job
File Found : D:\WINDOWS.0\Tasks\Object Browser-codedownloader.job
File Found : D:\WINDOWS.0\Tasks\Object Browser-enabler.job
File Found : D:\WINDOWS.0\Tasks\Object Browser-firefoxinstaller.job
File Found : D:\WINDOWS.0\Tasks\Object Browser-updater.job
Folder Found : D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com
Folder Found : D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan
Folder Found D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Conduit
Folder Found D:\Documents and Settings\HESS\Local Settings\Application Data\genienext
Folder Found D:\Documents and Settings\HESS\Local Settings\Application Data\Object Browser
Folder Found D:\Program Files\Conduit
Folder Found D:\Program Files\Level Quality Watcher
Folder Found D:\Program Files\Object Browser
Folder Found D:\WINDOWS.0\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Object Browser
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Toolbar
Key Found : HKLM\Software\AskBarDis
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0032850.BHO
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355285550}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366286650}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2428615
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0eb7a38e-6c46-42ba-82df-fc76e86818cf}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ba4ef084-eba0-4a60-a329-05f8bd41f9c0}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{edb18fac-25fd-4b78-8600-1b0f5b01ce8b}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f75188d7-d2cc-4214-bdd7-9e10f484d617}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Object Browser
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Object Browser
Key Found : HKLM\Software\Object Browser

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v26.0 (en-US)

[ File : D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\prefs.js ]

Line Found : user_pref("CT3306061_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1388999550854,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN36769864511048520&UM=2&SearchSource=13");
Line Found : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Found : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=en&gu=0c5fc5451cf94920a5e39ea319a7af67&tu=10G9y00Be2C01g0&sku=&tstsId=&ver=&&q=");
Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3306061");
Line Found : user_pref("extensions.BabylonToolbar.admin", false);
Line Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Found : user_pref("extensions.BabylonToolbar.babExt", "");
Line Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=100486");
Line Found : user_pref("extensions.BabylonToolbar.bbDpng", 30);
Line Found : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Line Found : user_pref("extensions.BabylonToolbar.hmpg", false);
Line Found : user_pref("extensions.BabylonToolbar.id", "60a515d6000000000000000c6e617452");
Line Found : user_pref("extensions.BabylonToolbar.instlDay", "15369");
Line Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Found : user_pref("extensions.BabylonToolbar.lastDP", 30);
Line Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1712:53:57");
Line Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "9.0");
Line Found : user_pref("extensions.BabylonToolbar.newTab", true);
Line Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Line Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Line Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Found : user_pref("extensions.BabylonToolbar.propectorlck", 66511213);
Line Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Line Found : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Line Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Line Found : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Line Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Line Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1712:53:57");
Line Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Line Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100486");
Line Found : user_pref("extensions.BabylonToolbar_i.hardId", "60a515d6000000000000000c6e617452");
Line Found : user_pref("extensions.BabylonToolbar_i.id", "60a515d6000000000000000c6e617452");
Line Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15369");
Line Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1712:53:57");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Found : user_pref("extensions.a2eb528f3950d48a3be4b5d7de6c8331ea41e199b6ca44d23ab8773f2d1973314com35510.35510.internaldb.Resources_meta.value", "%7B%22handlebars.js%22%3A%7B%22id%22%3A183015%2C%22ver%22%3A2%2[...]
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.InstallationThankYouPage", true);
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.InstallationTime", 1390392208);
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.active", true);
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.addressbar", "NA");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.addressbarenhanced", "");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.asyncdb_dbWasSet", true);
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.asyncdb_dbWasSet_FF25_FIX", true);
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.asyncinternaldb_dbWasSet", true);
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.asyncinternaldb_dbWasSet_FF25_FIX", true);
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.backgroundver", 1);
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.certdomaininstaller", "");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.changeprevious", false);
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.InstallationTime.value", "%221390392208%22");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22000037%22%2C%22sub_id%22%3A%220%22%2C%22uz[...]
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.jw_token.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.jw_token.value", "%22f12b8932-a080-f788-56b0-801c5a9a73f0%22");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.uc.expiration", "Wed Feb 05 2014 07:06:30 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.cookie.uc.value", "%22%5C%22US%5C%22%22");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.description", "Browser enhancer");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.domain", "");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.enablesearch", false);
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.homepage", "");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.iframe", false);
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard [...]
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%2297513D2E8EB5459584CEEBF759E36[...]
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)[...]
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22000037%22%2C%22sub_id%22%3A%220%22%2C%[...]
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard [...]
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22000037%22%2C%22sub_id%22%3A%220%2[...]
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern [...]
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%2297513D2E8EB5459584CE[...]
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time[...]
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_appVer.value", "142");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard[...]
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_lastVersion.value", "1");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"[...]
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_meta.value", "%7B%7D");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_nextCheck.expiration", "Thu Jan 23 2014 10:00:16 GMT-0500 (Eastern Standard T[...]
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_nextCheck.value", "true");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)[...]
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_queue.value", "%7B%7D");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Sta[...]
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%2297513D2E[...]
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.monetization_plugin_last_executable_request.expiration", "Thu Jan 23 2014 07:17:53 GMT-[...]
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.monetization_plugin_last_executable_request.value", "%22hxxp%3A//download.microsoft.com[...]
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.lastDailyReport", "1390467614728");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.lastUpdate", "1390467601029");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.manifesturl", "");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.name", "Object Browser");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.newtab", "");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.opensearch", "");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/32850/plugins/093/ff/plugins.json");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.pluginsversion", 107);
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.publisher", "Object Browser");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.searchstatus", 0);
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.setnewtab", false);
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.thankyou", "");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.updateinterval", 360);
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.ver", 142);
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.apps", "32850");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.bic", "143a9c0a4d61e42f3d9fdfdc6b29e465");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.cid", 32850);
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.firstrun", false);
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.hadappinstalled", true);
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.installationdate", 1390392343);
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.modetype", "production");
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.reportInstall", true);
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.statsDailyCounter", 3);
Line Found : user_pref("extensions.crossrider.bic", "143a9c0a4d61e42f3d9fdfdc6b29e465");
Line Found : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Found : user_pref("smartbar.machineId", "IZXOCY7ECGZIGRAG2QKWSSY/9K+DTDGHNDN5BTO9YLSVZCUXT4HBNVVA5R8/6+6U4F1BDU5N7L+JSXR6FHKLCW");

[ File : D:\Documents and Settings\Administrator.HESS-A23995F71B.000\Application Data\Mozilla\Firefox\Profiles\z53beqry.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [9073 octets] - [21/01/2014 19:29:09]
AdwCleaner[R1].txt - [10159 octets] - [23/01/2014 06:40:00]
AdwCleaner[R2].txt - [22698 octets] - [23/01/2014 06:56:55]

########## EOF - D:\AdwCleaner\AdwCleaner[R2].txt - [22759 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Microsoft Windows XP x86
Ran by HESS on Thu 01/23/2014 at 18:11:58.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D7E36EA9-168A-45D3-9BA2-1B70F49BD2C6}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "D:\Documents and Settings\All Users.WINDOWS.0\application data\adtrustmedia"
Successfully deleted: [Folder] "D:\Documents and Settings\HESS\Local Settings\Application Data\adtrustmedia"



~~~ FireFox

Successfully deleted the following from D:\Documents and Settings\HESS\Application Data\mozilla\firefox\profiles\da8qvwrs.default\prefs.js

user_pref("extensions.trusted-ads.TrustAd", "{\"r\":[{\"t\":\"FQDN\",\"r\":\"trustedads.adtrustmedia.com\",\"c\":[{\"i\":\"1\",\"s\":[\"display.clickpoint.com\",\"www.africawi





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/23/2014 at 18:25:28.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


OTL logfile created on: 1/23/2014 6:31:24 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Documents and Settings\HESS\Desktop\What The Tech Apps
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.05% Memory free
5.85 Gb Paging File | 5.31 Gb Available in Paging File | 90.76% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092D:\pagef [Binary data over 200 bytes]
 
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS.0 | %ProgramFiles% = D:\Program Files
Drive C: | 74.50 Gb Total Space | 6.78 Gb Free Space | 9.10% Space Free | Partition Type: NTFS
Drive D: | 55.89 Gb Total Space | 20.00 Gb Free Space | 35.78% Space Free | Partition Type: NTFS
 
Computer Name: HESS-A23995F71B | User Name: HESS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Documents and Settings\HESS\Desktop\What The Tech Apps\OTL.exe (OldTimer Tools)
PRC - D:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - D:\Program Files\AVG\AVG2014\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)
PRC - D:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Motorola Mobility LLC)
PRC - D:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\AVG\AVG2014\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - D:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - D:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
PRC - D:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe (ShaPlus Software)
PRC - D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
PRC - D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
PRC - D:\WINDOWS.0\explorer.exe (Microsoft Corporation)
PRC - D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
 
 
========== Modules (No Company Name) ==========
 
MOD - D:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\cab8d2f8933390bab32c35c5c6a479bd\System.Configuration.Install.ni.dll ()
MOD - D:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll ()
MOD - D:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll ()
MOD - D:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll ()
MOD - D:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll ()
MOD - D:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Core\83cd19e8259b8dd9435c1c3f8f31b60c\System.Core.ni.dll ()
MOD - D:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll ()
MOD - D:\Program Files\Motorola Mobility\Motorola Device Manager\css_core.dll ()
MOD - D:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - D:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - D:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - D:\Program Files\ArcSoft\Software Suite\PhotoImpression 5\Share\PIHook.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (TTFixerService) -- D:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe File not found
SRV - (rpcapd) -- %ProgramFiles%\WinPcap\rpcapd.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- D:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- D:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MozillaMaintenance) -- D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Motorola Device Manager) -- D:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)
SRV - (AVGIDSAgent) -- D:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (vsmon) -- D:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (ZAPrivacyService) -- D:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
SRV - (avgwd) -- D:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- D:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (!SASCORE) -- D:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (getPlusHelper) -- D:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (LxrJD31s) -- D:\WINDOWS.0\System32\LxrJD31s.exe ()
SRV - (FileZilla Server) -- D:\Program Files\FileZilla Server\FileZilla server.exe (FileZilla Project)
SRV - (UpdateCenterService) -- D:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe (NVIDIA)
SRV - (nTuneService) -- D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (spupdsvc) -- D:\WINDOWS.0\system32\spupdsvc.exe (Microsoft Corporation)
SRV - (NeroRegInCDSrv) -- D:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe (Nero AG)
SRV - (InCDsrv) -- D:\Program Files\Nero\Nero8\InCD\InCDsrv.exe (Nero AG)
SRV - (Maxtor Sync Service) -- D:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (SandraAgentSrv) -- D:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\RpcAgentSrv.exe (SiSoftware)
SRV - (Diskeeper) -- D:\Program Files\Executive Software\Diskeeper\DkService.exe (Executive Software International, Inc.)
SRV - (Pctspk) -- D:\WINDOWS.0\system32\pctspk.exe (PCtel, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WudfRd) -- D:\WINDOWS.0\system32\wudfrd.sys File not found
DRV - (WudfPf) -- D:\WINDOWS.0\system32\WudfPf.sys File not found
DRV - (WDICA) --  File not found
DRV - (SWUMX20) -- system32\DRIVERS\swumx20.sys File not found
DRV - (PLTurbo) -- system32\drivers\plturbo.sys File not found
DRV - (PLTurbh) -- system32\drivers\plturbh.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (MRESP50a64) -- D:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found
DRV - (MREMP50a64) -- D:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found
DRV - (MpKslc4fa901a) -- d:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{770A43F5-431F-44BC-8FF1-80B9C62ADAB6}\MpKslc4fa901a.sys File not found
DRV - (motccgpfl) -- system32\DRIVERS\motccgpfl.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (Inspect) -- System32\DRIVERS\inspect.sys File not found
DRV - (i2omgmt) --  File not found
DRV - (cmdHlp) -- System32\DRIVERS\cmdhlp.sys File not found
DRV - (cmdGuard) -- System32\DRIVERS\cmdguard.sys File not found
DRV - (cmderd) -- System32\DRIVERS\cmderd.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- D:\DOCUME~1\HESS\LOCALS~1\Temp\catchme.sys File not found
DRV - (MBAMSwissArmy) -- D:\WINDOWS.0\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (SWDUMon) -- D:\WINDOWS.0\system32\drivers\SWDUMon.sys ()
DRV - (Avgdiskx) -- D:\WINDOWS.0\system32\drivers\avgdiskx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- D:\WINDOWS.0\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- D:\WINDOWS.0\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- D:\WINDOWS.0\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Vsdatant) -- D:\WINDOWS.0\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (AVGIDSHX) -- D:\WINDOWS.0\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (HMD) -- D:\WINDOWS.0\system32\drivers\hmd.sys ()
DRV - (Avgmfx86) -- D:\WINDOWS.0\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- D:\WINDOWS.0\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- D:\WINDOWS.0\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- D:\WINDOWS.0\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (CFRMD) -- D:\WINDOWS.0\system32\drivers\CFRMD.sys (Windows ® Win 7 DDK provider)
DRV - (BTCFilterService) -- D:\WINDOWS.0\system32\drivers\motfilt.sys (Motorola Inc)
DRV - (motusbdevice) -- D:\WINDOWS.0\system32\drivers\motusbdevice.sys (Motorola Inc)
DRV - (Motousbnet) -- D:\WINDOWS.0\system32\drivers\Motousbnet.sys (Motorola Mobility Inc)
DRV - (motccgp) -- D:\WINDOWS.0\system32\drivers\motccgp.sys (Motorola Mobility Inc)
DRV - (MotoSwitchService) -- D:\WINDOWS.0\system32\drivers\motswch.sys (Motorola)
DRV - (SASKUTIL) -- D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (LxrJD31d) -- D:\WINDOWS.0\system32\drivers\LxrJD31d.sys ()
DRV - (cpuz133) -- D:\WINDOWS.0\system32\drivers\cpuz133_x32.sys (Windows ® Win 7 DDK provider)
DRV - (SASENUM) -- D:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (cpudrv) -- D:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (nvoclock) -- D:\WINDOWS.0\system32\drivers\nvoclock.sys (NVIDIA Corp.)
DRV - (swmsflt) -- D:\WINDOWS.0\system32\drivers\swmsflt.sys ()
DRV - (InCDfs) -- D:\WINDOWS.0\system32\drivers\InCDfs.sys (Nero AG)
DRV - (incdrm) -- D:\WINDOWS.0\system32\drivers\InCDRm.sys (Nero AG)
DRV - (InCDPass) -- D:\WINDOWS.0\system32\drivers\InCDPass.sys (Nero AG)
DRV - (InCDRec) -- D:\WINDOWS.0\system32\drivers\InCDrec.sys (Nero AG)
DRV - (gameenum) -- D:\WINDOWS.0\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (nm) -- D:\WINDOWS.0\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (AN983) -- D:\WINDOWS.0\system32\drivers\an983.sys (ADMtek Incorporated.)
DRV - (SANDRA) -- D:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\WNt500x86\sandra.sys (SiSoftware)
DRV - (LMouKE) -- D:\WINDOWS.0\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- D:\WINDOWS.0\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- D:\WINDOWS.0\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- D:\WINDOWS.0\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- D:\WINDOWS.0\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (MREMP50) -- D:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- D:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MXOPSWD) -- D:\WINDOWS.0\system32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (camvid40) -- D:\WINDOWS.0\system32\drivers\camdrv41.sys (Philips Consumer Electronics)
DRV - (smrt) -- D:\WINDOWS.0\system32\drivers\smrt.sys (Sony Corporation)
DRV - (itchfltr) -- D:\WINDOWS.0\system32\drivers\itchfltr.sys (Logitech, Inc.)
DRV - (als4k) -- D:\WINDOWS.0\system32\drivers\als4000.sys (Avance Logic, Inc.)
DRV - (Vpctcom) -- D:\WINDOWS.0\system32\drivers\vpctcom.sys (PCtel, Inc.)
DRV - (Vvoice) -- D:\WINDOWS.0\system32\drivers\vvoice.sys (PCtel, Inc.)
DRV - (Vmodem) -- D:\WINDOWS.0\system32\drivers\vmodem.sys (PCTEL, INC.)
DRV - (Ptserlp) -- D:\WINDOWS.0\system32\drivers\ptserlp.sys (PCTEL, INC.)
DRV - (DMICall) -- D:\WINDOWS.0\system32\drivers\DMICall.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS.0\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS.0\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.zoneal...=&tstsId=&ver=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 A7 8B 79 3A 0C CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B4A65FE-2087-4F0E-9609-5B154A682F67}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{C365D2C2-CDBB-4D39-84BD-ED1418F9D43C}: "URL" = http://search.zoneal...Id=&ver=&&r=203
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.3
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\WINDOWS.0\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: d:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: D:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: d:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: D:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: D:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: D:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: D:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: D:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2013/12/18 13:37:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2014/01/18 02:37:02 | 000,000,000 | ---D | M]
 
[2009/06/15 15:30:19 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\HESS\Application Data\Mozilla\Extensions
[2014/01/23 03:47:28 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions
[2013/12/19 16:51:17 | 000,000,000 | ---D | M] (WOT) -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/12/22 04:15:10 | 000,000,000 | ---D | M] (DownloadHelper) -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/12/22 06:29:16 | 000,000,000 | ---D | M] ("PrivDog") -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\PrivDog@AdTrustMedia.com
[2013/12/18 12:24:12 | 000,348,260 | ---- | M] () (No name found) -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\personas@christopher.beard.xpi
[2014/01/18 01:15:26 | 000,940,775 | ---- | M] () (No name found) -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/01/23 04:53:21 | 000,002,289 | ---- | M] () -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\searchplugins\alexa.xml
[2014/01/04 02:59:05 | 000,001,100 | ---- | M] () -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\searchplugins\connect-dlc-5-customized-web-search.xml
[2009/06/15 16:41:45 | 000,001,632 | ---- | M] () -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\searchplugins\live-search.xml
[2011/11/09 16:12:29 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2013/12/18 12:22:59 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/18 12:22:59 | 000,000,000 | ---D | M] (Default) -- D:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/01 15:51:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\WINDOWS.0\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2004/11/12 22:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: No name found = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aghgalahdhgjcpjhdeknpodognmmkgeh\2.0_0\
CHR - Extension: No name found = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\anaehjnjgheaikfecjlfokolkoalpnda\1.5.4_0\
CHR - Extension: Docs = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Docs = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghkaiibchaggdgpdkmbbgdehaecjhcoc\3.3.4_0\
CHR - Extension: No name found = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\5.2_0\
CHR - Extension: No name found = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lbnkklencjcmkepldaineciclcheaoef\1.2_0\
CHR - Extension: No name found = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/01/22 20:35:29 | 000,000,027 | ---- | M]) - D:\WINDOWS.0\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] D:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ShaPlus Bandwidth Meter] "D:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s File not found
O4 - HKLM..\Run: [ZoneAlarm] D:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [FreeRAM XP] D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://D:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAEAFE12-7726-4C39-B620-2601216CFBB5} http://phughescw.hug.../Mcci_6-1-0.cab (McciContext Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 184.63.160.68 184.63.160.69 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F35E9F8-C8F5-44E1-98A7-A03CF2BC6842}: DhcpNameServer = 67.142.164.10 67.142.164.11 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88C1685A-4604-41DA-89EC-6F6F00B585F0}: DhcpNameServer = 184.63.160.68 184.63.160.69 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS.0\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS.0\system32\userinit.exe) - D:\WINDOWS.0\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: D:\Documents and Settings\HESS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\HESS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/29 07:52:00 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (D:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/23 06:42:59 | 000,000,000 | ---D | C] -- D:\WINDOWS.0\ERUNT
[2014/01/23 05:08:27 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS.0\System32\drivers\mbamswissarmy.sys
[2014/01/23 03:58:06 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\HESS\Recent
[2014/01/23 03:57:11 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2014/01/22 20:48:25 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- D:\WINDOWS.0\System32\drivers\PROCEXP113.SYS
[2014/01/22 20:00:06 | 000,518,144 | ---- | C] (SteelWerX) -- D:\WINDOWS.0\SWREG.exe
[2014/01/22 20:00:06 | 000,406,528 | ---- | C] (SteelWerX) -- D:\WINDOWS.0\SWSC.exe
[2014/01/22 20:00:06 | 000,212,480 | ---- | C] (SteelWerX) -- D:\WINDOWS.0\SWXCACLS.exe
[2014/01/22 20:00:06 | 000,060,416 | ---- | C] (NirSoft) -- D:\WINDOWS.0\NIRCMD.exe
[2014/01/22 06:39:28 | 000,000,000 | ---D | C] -- D:\Qoobox
[2014/01/22 06:37:30 | 005,173,757 | R--- | C] (Swearware) -- D:\Documents and Settings\HESS\Desktop\ComboFix.exe
[2014/01/22 06:30:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Desktop\What The Tech Apps
[2014/01/21 19:27:18 | 000,000,000 | ---D | C] -- D:\AdwCleaner
[2014/01/21 05:48:45 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS.0\System32\drivers\mbamchameleon.sys
[2014/01/21 04:10:00 | 000,000,000 | ---D | C] -- D:\SUPERDelete
[2014/01/20 13:38:28 | 000,000,000 | ---D | C] -- D:\Program Files\ShaPlus Bandwidth Meter
[2014/01/20 13:38:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Start Menu\Programs\ShaPlus Bandwidth Meter
[2014/01/20 03:07:42 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Desktop\tor
[2014/01/19 04:04:48 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\SearchModule
[2014/01/19 04:02:55 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Goobzo
[2014/01/19 04:02:44 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Local Settings\Application Data\Installer
[2014/01/19 04:02:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Local Settings\Application Data\CrashRpt
[2014/01/18 02:43:57 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Motorola Device Manager
[2014/01/18 02:42:43 | 001,461,992 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS.0\System32\wdfcoinstaller01009.dll
[2014/01/18 02:42:43 | 000,011,264 | ---- | C] (Motorola Inc) -- D:\WINDOWS.0\System32\drivers\motusbdevice.sys
[2014/01/18 02:42:42 | 000,023,936 | ---- | C] (Motorola Mobility Inc) -- D:\WINDOWS.0\System32\drivers\Motousbnet.sys
[2014/01/18 02:42:42 | 000,006,272 | ---- | C] (Motorola Inc) -- D:\WINDOWS.0\System32\drivers\motfilt.sys
[2014/01/18 02:42:37 | 000,021,376 | ---- | C] (Motorola Mobility Inc) -- D:\WINDOWS.0\System32\drivers\motccgp.sys
[2014/01/18 02:42:37 | 000,006,656 | ---- | C] (Motorola) -- D:\WINDOWS.0\System32\drivers\motswch.sys
[2014/01/18 02:42:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Desktop\V & Other Pics
[2014/01/16 23:05:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Local Settings\Application Data\libimobiledevice
[2014/01/16 03:35:18 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\SlimCleaner
[2014/01/16 03:35:16 | 000,000,000 | ---D | C] -- D:\Program Files\SlimCleaner
[2014/01/16 01:20:50 | 000,264,616 | ---- | C] (Oracle Corporation) -- D:\WINDOWS.0\System32\javaws.exe
[2014/01/16 01:20:34 | 000,175,016 | ---- | C] (Oracle Corporation) -- D:\WINDOWS.0\System32\javaw.exe
[2014/01/16 01:20:34 | 000,174,504 | ---- | C] (Oracle Corporation) -- D:\WINDOWS.0\System32\java.exe
[2014/01/16 01:20:34 | 000,094,632 | ---- | C] (Oracle Corporation) -- D:\WINDOWS.0\System32\WindowsAccessBridge.dll
[2014/01/08 06:27:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Local Settings\Application Data\Sun
[2014/01/07 05:19:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Java
[2014/01/07 05:17:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\McAfee
[2014/01/07 05:03:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Start Menu\Programs\Microsoft Bootvis
[2014/01/07 05:03:13 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Bootvis
[2014/01/07 04:55:28 | 000,000,000 | ---D | C] -- D:\Fonts Backup
[2014/01/06 04:59:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Start Menu\Programs\Music Manager
[2014/01/06 04:59:10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Local Settings\Application Data\Programs
[2014/01/04 03:01:13 | 000,000,000 | ---D | C] -- D:\Program Files\YourWare Solutions
[2014/01/04 03:01:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Start Menu\Programs\FreeRAM XP Pro
[2014/01/04 03:00:57 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\.android
[2014/01/04 03:00:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Local Settings\Application Data\cache
[2013/12/29 05:51:41 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Desktop\Ebay Pics
[2013/12/29 03:50:45 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Application Data\WinPatrol
[2013/12/29 03:36:49 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\WinPatrol
[2013/12/29 03:36:48 | 000,000,000 | ---D | C] -- D:\Program Files\BillP Studios
[2013/12/29 03:36:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\InstallMate
[2013/12/25 04:11:12 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- D:\WINDOWS.0\System32\CSVer.dll
[2013/12/25 04:09:37 | 000,000,000 | ---D | C] -- D:\Intel
[2013/12/25 04:08:11 | 000,000,000 | ---D | C] -- D:\adaptec
[2013/12/25 04:00:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Application Data\Sierra Wireless
[2013/12/25 03:14:32 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Microsoft Office Live Add-in
[2002/12/23 06:45:40 | 000,021,866 | ---- | C] (In-System Design, Inc.) -- D:\Program Files\Common Files\tppupd2k.dll
[3 D:\Documents and Settings\HESS\*.tmp files -> D:\Documents and Settings\HESS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/23 18:26:00 | 000,000,834 | ---- | M] () -- D:\WINDOWS.0\tasks\Adobe Flash Player Updater.job
[2014/01/23 18:12:00 | 000,000,974 | ---- | M] () -- D:\WINDOWS.0\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-261903793-1644491937-1003UA.job
[2014/01/23 17:46:00 | 000,000,882 | ---- | M] () -- D:\WINDOWS.0\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/23 17:08:05 | 000,002,206 | ---- | M] () -- D:\WINDOWS.0\System32\wpa.dbl
[2014/01/23 17:07:20 | 000,000,240 | ---- | M] () -- D:\WINDOWS.0\tasks\OGALogon.job
[2014/01/23 17:07:19 | 000,000,882 | ---- | M] () -- D:\WINDOWS.0\tasks\GoogleUpdateTaskMachineCore1cefc1ca1468c7b.job
[2014/01/23 17:07:19 | 000,000,482 | ---- | M] () -- D:\WINDOWS.0\tasks\AVG_SYS_TASK_DELETE.job
[2014/01/23 17:07:19 | 000,000,454 | ---- | M] () -- D:\WINDOWS.0\tasks\AVG_SYS_TASK.job
[2014/01/23 17:07:01 | 000,002,048 | --S- | M] () -- D:\WINDOWS.0\bootstat.dat
[2014/01/23 05:12:01 | 000,000,922 | ---- | M] () -- D:\WINDOWS.0\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-261903793-1644491937-1003Core.job
[2014/01/23 05:08:27 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS.0\System32\drivers\mbamswissarmy.sys
[2014/01/22 20:48:25 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- D:\WINDOWS.0\System32\drivers\PROCEXP113.SYS
[2014/01/22 20:35:29 | 000,000,027 | ---- | M] () -- D:\WINDOWS.0\System32\drivers\etc\hosts
[2014/01/22 19:33:25 | 000,002,968 | ---- | M] () -- D:\FixitRegBackup.reg
[2014/01/22 18:54:45 | 000,002,485 | ---- | M] () -- D:\Documents and Settings\HESS\Desktop\Microsoft Excel.lnk
[2014/01/22 06:37:34 | 005,173,757 | R--- | M] (Swearware) -- D:\Documents and Settings\HESS\Desktop\ComboFix.exe
[2014/01/21 05:50:35 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS.0\System32\drivers\mbamchameleon.sys
[2014/01/21 04:08:15 | 000,002,235 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS.0\Desktop\SlimCleaner.lnk
[2014/01/21 04:07:47 | 000,000,000 | ---- | M] () -- D:\Documents and Settings\HESS\defogger_reenable
[2014/01/20 13:49:34 | 000,002,439 | ---- | M] () -- D:\Documents and Settings\HESS\Desktop\HiJackThis.lnk
[2014/01/20 13:24:00 | 000,000,284 | ---- | M] () -- D:\WINDOWS.0\tasks\AppleSoftwareUpdate.job
[2014/01/20 04:46:31 | 000,002,201 | ---- | M] () -- D:\Documents and Settings\HESS\Application Data\Microsoft\Internet Explorer\Quick Launch\Live From The Press Box.Com.lnk
[2014/01/20 04:46:31 | 000,001,831 | ---- | M] () -- D:\Documents and Settings\HESS\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/20 04:46:31 | 000,000,815 | ---- | M] () -- D:\Documents and Settings\HESS\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/01/20 04:46:31 | 000,000,742 | ---- | M] () -- D:\Documents and Settings\HESS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/01/19 02:52:34 | 000,001,324 | ---- | M] () -- D:\WINDOWS.0\System32\d3d9caps.dat
[2014/01/19 02:44:07 | 000,000,460 | ---- | M] () -- D:\WINDOWS.0\tasks\Motorola Device Manager Engine.job
[2014/01/18 03:01:49 | 000,000,476 | ---- | M] () -- D:\WINDOWS.0\tasks\Motorola Device Manager Update.job
[2014/01/18 02:59:21 | 000,000,051 | ---- | M] () -- D:\WINDOWS.0\iTouch.ini
[2014/01/18 02:45:00 | 000,000,000 | -H-- | M] () -- D:\WINDOWS.0\System32\drivers\Msft_Kernel_motfilt_01009.Wdf
[2014/01/18 02:44:59 | 000,000,000 | -H-- | M] () -- D:\WINDOWS.0\System32\drivers\Msft_Kernel_Motousbnet_01009.Wdf
[2014/01/18 02:43:18 | 000,000,000 | -H-- | M] () -- D:\WINDOWS.0\System32\drivers\Msft_Kernel_motccgp_01009.Wdf
[2014/01/18 02:43:12 | 000,000,000 | -H-- | M] () -- D:\WINDOWS.0\System32\drivers\Msft_Kernel_motusbdevice_01009.Wdf
[2014/01/18 02:43:10 | 000,000,000 | -H-- | M] () -- D:\WINDOWS.0\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2014/01/18 02:37:03 | 000,001,738 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS.0\Desktop\Adobe Reader XI.lnk
[2014/01/18 02:32:14 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- D:\WINDOWS.0\System32\FlashPlayerApp.exe
[2014/01/18 02:32:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- D:\WINDOWS.0\System32\FlashPlayerCPLApp.cpl
[2014/01/07 05:59:10 | 000,044,128 | ---- | M] () -- D:\WINDOWS.0\System32\FNTCACHE.DAT
[2013/12/29 05:01:59 | 000,001,798 | ---- | M] () -- D:\Documents and Settings\HESS\Desktop\WinPatrol.lnk
[2013/12/25 03:41:03 | 000,013,464 | ---- | M] () -- D:\WINDOWS.0\System32\drivers\SWDUMon.sys
[2013/12/25 03:40:51 | 000,002,235 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS.0\Desktop\SlimDrivers.lnk
[2013/12/25 03:24:52 | 000,000,682 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS.0\Desktop\CCleaner.lnk
[3 D:\Documents and Settings\HESS\*.tmp files -> D:\Documents and Settings\HESS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/01/22 20:00:06 | 000,256,000 | ---- | C] () -- D:\WINDOWS.0\PEV.exe
[2014/01/22 20:00:06 | 000,208,896 | ---- | C] () -- D:\WINDOWS.0\MBR.exe
[2014/01/22 20:00:06 | 000,098,816 | ---- | C] () -- D:\WINDOWS.0\sed.exe
[2014/01/22 20:00:06 | 000,080,412 | ---- | C] () -- D:\WINDOWS.0\grep.exe
[2014/01/22 20:00:06 | 000,068,096 | ---- | C] () -- D:\WINDOWS.0\zip.exe
[2014/01/22 19:20:55 | 000,002,968 | ---- | C] () -- D:\FixitRegBackup.reg
[2014/01/21 04:07:47 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\HESS\defogger_reenable
[2014/01/18 03:01:49 | 000,000,476 | ---- | C] () -- D:\WINDOWS.0\tasks\Motorola Device Manager Update.job
[2014/01/18 02:45:00 | 000,000,000 | -H-- | C] () -- D:\WINDOWS.0\System32\drivers\Msft_Kernel_motfilt_01009.Wdf
[2014/01/18 02:44:59 | 000,000,000 | -H-- | C] () -- D:\WINDOWS.0\System32\drivers\Msft_Kernel_Motousbnet_01009.Wdf
[2014/01/18 02:44:27 | 000,000,460 | ---- | C] () -- D:\WINDOWS.0\tasks\Motorola Device Manager Engine.job
[2014/01/18 02:43:18 | 000,000,000 | -H-- | C] () -- D:\WINDOWS.0\System32\drivers\Msft_Kernel_motccgp_01009.Wdf
[2014/01/18 02:43:12 | 000,000,000 | -H-- | C] () -- D:\WINDOWS.0\System32\drivers\Msft_Kernel_motusbdevice_01009.Wdf
[2014/01/18 02:43:10 | 000,000,000 | -H-- | C] () -- D:\WINDOWS.0\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2014/01/18 02:37:03 | 000,001,738 | ---- | C] () -- D:\Documents and Settings\All Users.WINDOWS.0\Desktop\Adobe Reader XI.lnk
[2014/01/18 02:37:02 | 000,001,808 | ---- | C] () -- D:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Adobe Reader XI.lnk
[2014/01/16 03:35:19 | 000,002,235 | ---- | C] () -- D:\Documents and Settings\All Users.WINDOWS.0\Desktop\SlimCleaner.lnk
[2014/01/06 04:58:40 | 000,000,974 | ---- | C] () -- D:\WINDOWS.0\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-261903793-1644491937-1003UA.job
[2014/01/06 04:58:39 | 000,000,922 | ---- | C] () -- D:\WINDOWS.0\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-261903793-1644491937-1003Core.job
[2013/12/29 05:01:59 | 000,001,798 | ---- | C] () -- D:\Documents and Settings\HESS\Desktop\WinPatrol.lnk
[2013/12/22 04:37:34 | 000,013,464 | ---- | C] () -- D:\WINDOWS.0\System32\drivers\SWDUMon.sys
[2013/12/19 05:23:29 | 000,003,072 | ---- | C] () -- D:\WINDOWS.0\System32\iacenc.dll
[2013/10/07 00:17:38 | 000,014,272 | ---- | C] () -- D:\WINDOWS.0\System32\drivers\hmd.sys
[2013/02/08 05:03:08 | 002,816,504 | ---- | C] () -- D:\WINDOWS.0\System32\nvdata.data
[2012/01/30 12:54:55 | 000,098,304 | ---- | C] () -- D:\WINDOWS.0\System32\redmonnt.dll
[2010/08/31 05:28:53 | 000,000,036 | ---- | C] () -- D:\Documents and Settings\HESS\Local Settings\Application Data\housecall.guid.cache
[2010/07/04 03:20:27 | 000,000,091 | ---- | C] () -- D:\Documents and Settings\HESS\Application Data\default.pls
[2010/05/09 03:49:57 | 000,000,600 | ---- | C] () -- D:\Documents and Settings\HESS\Local Settings\Application Data\PUTTY.RND
[2010/04/28 03:50:49 | 001,401,344 | ---- | C] () -- D:\Program Files\HijackThis.msi
[2009/12/14 18:48:49 | 000,001,024 | ---- | C] () -- D:\Documents and Settings\HESS\.rnd
[2009/09/21 17:04:52 | 000,000,568 | RHS- | C] () -- D:\Documents and Settings\All Users.WINDOWS.0\ntuser.pol
[2009/06/21 02:48:15 | 007,118,848 | ---- | C] () -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\sandra.mda
[2009/06/15 15:51:18 | 000,036,864 | ---- | C] () -- D:\Documents and Settings\HESS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/09 18:00:24 | 000,000,086 | ---- | C] () -- D:\Documents and Settings\HESS\DelB18.bat
 
========== ZeroAccess Check ==========
 
[2009/06/09 17:49:41 | 000,000,227 | RHS- | M] () -- D:\WINDOWS.0\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/04/28 23:46:52 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Thanks again so very much;

 

Bill


wjh1170 (Bill)

    Advertisements

Register to Remove


#17 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 25 January 2014 - 02:15 AM

Hi wjh1170,
 

Once again sorry for the delay, we must be in very different time zones ...

that's no problem!

You have too many security programs installed.

There are two firewalls, Comodo and ZoneAlarm!
My advice to you is to uninstall one of them.


Please go to Start > Control Panel > Add Remove Programs (XP)
Or Start > Control Panel > Programs and Features ( Vista | Windows 7/8 ).
Select a program you want to uninstall, and then click Uninstall.
 

***


Scan with SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following code box into the main textfield:
:filefind
*Comodo*
*Microsoft Security Essentials*

:regfind
Comodo
Microsoft Security Essentials
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


***


Graduate of the WTT Classroom
Cheers,
Jo

#18 wjh1170

wjh1170

    New Member

  • Authentic Member
  • Pip
  • 18 posts
  • Interests:Sports

Posted 25 January 2014 - 02:49 AM

Jo;

 

Thanks again, Comodo was deleted; Here are the results of the scan you requested.

 

SystemLook 30.07.11 by jpshortstuff
Log created at 03:37 on 25/01/2014 by HESS
Administrator - Elevation successful

========== filefind ==========

Searching for "*Comodo*"
No files found.

Searching for "*Microsoft Security Essentials*"
D:\Documents and Settings\HESS\Favorites\Virus, Spyware & Malware Protection  Microsoft Security Essentials.url    --a---- 313 bytes    [11:03 01/01/2010]    [11:03 01/01/2010] 65F6956953B349FB69DCB60D2E74268E

========== regfind ==========

Searching for "Comodo"
[HKEY_CURRENT_USER\Software\COMODO]
[HKEY_CURRENT_USER\Software\ComodoGroup]
[HKEY_CURRENT_USER\Software\ComodoGroup\CIS\|COMODO Firewall  |1033|96]
[HKEY_CURRENT_USER\Software\ComodoGroup\CIS\|COMODO Firewall Alert|1033|96]
[HKEY_CURRENT_USER\Software\ComodoGroup\CIS\|COMODO HIPS Alert|1033|96]
[HKEY_CURRENT_USER\Software\ComodoGroup\CIS\|COMODO Rating Scan|1033|96]
[HKEY_CURRENT_USER\Software\ComodoGroup\CIS\|COMODO Send To Background|1033|96]
[HKEY_CURRENT_USER\Software\ComodoGroup\CIS\|COMODO Task Manager|1033|96]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b455106-531b-4428-9f56-c35336c89b6e}\InprocServer32]
@="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2040\AutorunsWrapper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C83CF14779721CA4DA36B4569FACB802\SourceList]
"LastUsedSource"="n;1;D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo Downloader\cis\download\installs\xml_binaries\geekbuddy\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C83CF14779721CA4DA36B4569FACB802\SourceList\Net]
"1"="D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo Downloader\cis\download\installs\xml_binaries\geekbuddy\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96D27592-5FAA-4B65-AE65-C41AA290ABCD}\1.0]
@="Comodo Antivirus Shell Menu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96D27592-5FAA-4B65-AE65-C41AA290ABCD}\1.0\0\win64]
@="D:\Program Files\COMODO\COMODO Internet Security\cavshell.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96D27592-5FAA-4B65-AE65-C41AA290ABCD}\1.0\HELPDIR]
@="D:\Program Files\COMODO\COMODO Internet Security"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DA5BEF3F-88B4-45BE-8D8A-8D57B34ACA97}\1.0\0\win32]
@="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2040\AutorunsWrapper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DA5BEF3F-88B4-45BE-8D8A-8D57B34ACA97}\1.0\HELPDIR]
@="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2040"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Dragon\Capabilities]
"ApplicationDescription"="Comodo Dragon is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into Comodo Dragon."
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Dragon\Capabilities]
"ApplicationIcon"="D:\Program Files\Comodo\Dragon\dragon.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Dragon\DefaultIcon]
@="D:\Program Files\Comodo\Dragon\dragon.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Dragon\InstallInfo]
"ReinstallCommand"=""D:\Program Files\Comodo\Dragon\dragon.exe" --make-default-browser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Dragon\InstallInfo]
"HideIconsCommand"=""D:\Program Files\Comodo\Dragon\dragon.exe" --hide-icons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Dragon\InstallInfo]
"ShowIconsCommand"=""D:\Program Files\Comodo\Dragon\dragon.exe" --show-icons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Dragon\shell\open\command]
@=""D:\Program Files\Comodo\Dragon\dragon.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO]
[HKEY_LOCAL_MACHINE\SOFTWARE\ComodoGroup]
[HKEY_LOCAL_MACHINE\SOFTWARE\ComodoGroup\CDI\1]
"InstallProductPath"="D:\Program Files\COMODO\COMODO Internet Security"
[HKEY_LOCAL_MACHINE\SOFTWARE\ComodoGroup\CDI\1]
"Product Name"="COMODO Internet Security"
[HKEY_LOCAL_MACHINE\SOFTWARE\ComodoGroup\Dragon\Setup]
"SetupPath"="D:\Program Files\Comodo\Dragon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"D:\Program Files\COMODO\GeekBuddy\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"D:\Program Files\COMODO\GeekBuddy\lps-cspm\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-5\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\041E1D0EB2805477D110E65A22E83E6E]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D2B74D30B00343E81FC5D31933C61F4]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-203\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1627731B3EB1CA12AF248EF33E49506E]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-16\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1B0F62B009615CC80EC0A473970FF95D]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-202\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1D7BE4C8C391887C3ED85216EEE924A0]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\218C66C16A520E302423F4B535B7CDE5]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-5\eventmonitorapi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22451BC74B3279C290827863BBC84518]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-7\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\229D35CE24C204B256CD187B2852C262]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-vt\components\plugin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2693E75DB882758D3991CF590B802758]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D6F1717F5C25DCEC199E21EBAC71AA1]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-vt\components\core\component-100\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\39AFCC8E58501EA419259D36073F17D1]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\imageformats\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\44C7258DBE14A70E4A5498363878E690]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-13\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\589BBDFC331504DA990A88A48EAAFED9]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-16\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\62B3310CBEA672831A857A4AEB597087]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-13\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D6A6EE36F4824E41BF0AF6286A43724]
"C83CF14779721CA4DA36B4569FACB802"="D?\Program Files\Common Files\COMODO\GeekBuddyRSP.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DB09C917356EFB1717C823D1CE10F54]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-15\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712C88CC2E87003ED4071C60264CD132]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-0\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741E97916907FFB6DFA1B65FE44C0275]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-202\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\77D30811C2E793C41B8E48E27B664625]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-200\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7A65439E74270F90E813E97E23BAD358]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-5\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8F5F6FD1E12654440A1B7CE7FCCF1D7D]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8FBEDE6AF5A55E140A44E84C77CC3C44]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-vt\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\993F2E0B60EABF94B983D5BD469E8F2E]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\resources\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9AF20DDBA4F5C1C4BA2487F366E0B582]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACFAF2B1F98AE5142BD1B2011BE6963D]
"C83CF14779721CA4DA36B4569FACB802"="D?\Program Files\Common Files\COMODO\launcher_service.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B3D8BFA78BBB892B24C4464216740897]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-vt\components\core\component-100\antierrorgui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B87BCF96643B63EF9007B98808B11198]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-203\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CAC119895EDC53573FA4F9E8C7FAEA00]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-200\lpsgui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB24BA18AD5C5D7426CD45834C430621]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-vt\components\core\component-100\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCDAEF5444CCB37D07E6DC566205F8A8]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-ca\components\plugin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5F68FD982CE4FE59CF711C2E50BE8BB]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-15\eventmonitorapi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E620731AFD6EB3349CE9924C743953D8]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-7\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EA32B34CDC8ECFF5EC1061871AE7609F]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-10\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE4A6F6D695EA604622BA55EFCECE9D5]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-6\eventsolverapi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF73F218F9CC0FF49824BE9438BF97A1]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-ca\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFFC28DA85DEAFC62F6D2C3956030F4C]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-10\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2431533B45F720C3E3AD27145D27F51]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-0\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F737EFC62ACF3C72DE6EF0E6FFE84451]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-200\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1343E4807F299D00D4F67A576DE4AC]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-6\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1776D3562FA2AB766260F801C7244E]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-5\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB912288EA0F5A2D6BCEF2DC973AC145]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-15\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FEB387A2A8EF8E5CB46686987A7143CB]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-6\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C83CF14779721CA4DA36B4569FACB802\InstallProperties]
"InstallLocation"="D:\Program Files\COMODO\GeekBuddy\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C83CF14779721CA4DA36B4569FACB802\InstallProperties]
"InstallSource"="D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo Downloader\cis\download\installs\xml_binaries\geekbuddy\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C83CF14779721CA4DA36B4569FACB802\InstallProperties]
"Publisher"="Comodo Security Solutions Inc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C83CF14779721CA4DA36B4569FACB802\InstallProperties]
"URLInfoAbout"="http://www.comodo.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{741FC38C-2797-4AC1-AD63-4B65F9CA8B20}]
"InstallLocation"="D:\Program Files\COMODO\GeekBuddy\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{741FC38C-2797-4AC1-AD63-4B65F9CA8B20}]
"InstallSource"="D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo Downloader\cis\download\installs\xml_binaries\geekbuddy\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{741FC38C-2797-4AC1-AD63-4B65F9CA8B20}]
"Publisher"="Comodo Security Solutions Inc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{741FC38C-2797-4AC1-AD63-4B65F9CA8B20}]
"URLInfoAbout"="http://www.comodo.com"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDAGENT\0000]
"DeviceDesc"="COMODO Firewall Pro Helper Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDGUARD\0000]
"DeviceDesc"="COMODO Firewall Pro Sandbox Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDHLP\0000]
"DeviceDesc"="COMODO Firewall Pro Helper Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_INSPECT\0000]
"DeviceDesc"="COMODO Firewall Pro Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CLPSLAUNCHER\0000]
"DeviceDesc"="COMODO LPS Launcher"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDERD\0000]
"DeviceDesc"="COMODO Internet Security Eradication Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDGUARD\0000]
"DeviceDesc"="COMODO Firewall Pro Sandbox Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDHLP\0000]
"DeviceDesc"="COMODO Firewall Pro Helper Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_DRAGONUPDATER\0000]
"DeviceDesc"="COMODO Dragon Update Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_HMD\0000]
"DeviceDesc"="COMODO livePCsupport Hardware Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_INSPECT\0000]
"DeviceDesc"="COMODO Firewall Pro Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmderd]
"DisplayName"="COMODO Internet Security Eradication Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdGuard]
"Description"="COMODO Internet Security Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdGuard]
"DisplayName"="COMODO Internet Security Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdHlp]
"DisplayName"="COMODO Internet Security Helper Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdHlp]
"Description"="COMODO Internet Security Helper Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application]
"Sources"="ZAPrivacyService WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WgaSetup WebClient VSS VBRuntime Userinit Userenv TTFixerService Tlntsvr System.ServiceModel.Install 3.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Starter Spybot - Search & Destroy 2 SpoolerCtrs Software Restriction Policies Software Installation SNL HiveManager SkypeUpdate ServiceModel Audit 3.0.0.0 SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley NVIDIA OpenGL Driver ntbackup NeroCheck MSSQLSERVER/MSDE MSSOAP MSSHA MsiInstaller MSDTC Client MSDTC MSDMine MPSampleSubmission mnmsrvc Microsoft.Transactions.Bridge 3.0.0.0 Microsoft Security Client Setup Microsoft Security Client Microsoft Office 10 Microsof
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
"CategoryMessageFile"="D:\Program Files\COMODO\GeekBuddy\publisher.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
"EventMessageFile"="D:\Program Files\COMODO\GeekBuddy\publisher.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
"ParameterMessageFile"="D:\Program Files\COMODO\GeekBuddy\publisher.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\GeekBuddyRSP]
"CategoryMessageFile"="D:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\GeekBuddyRSP]
"EventMessageFile"="D:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\GeekBuddyRSP]
"ParameterMessageFile"="D:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HMD]
"DisplayName"="COMODO livePCsupport Hardware Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HMD]
"Description"="COMODO livePCsupport Hardware Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Inspect]
"Description"="COMODO Internet Security Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Inspect]
"DisplayName"="COMODO Internet Security Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CLPSLAUNCHER\0000]
"DeviceDesc"="COMODO LPS Launcher"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDERD\0000]
"DeviceDesc"="COMODO Internet Security Eradication Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDGUARD\0000]
"DeviceDesc"="COMODO Firewall Pro Sandbox Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDHLP\0000]
"DeviceDesc"="COMODO Firewall Pro Helper Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_DRAGONUPDATER\0000]
"DeviceDesc"="COMODO Dragon Update Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_HMD\0000]
"DeviceDesc"="COMODO livePCsupport Hardware Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_INSPECT\0000]
"DeviceDesc"="COMODO Firewall Pro Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmderd]
"DisplayName"="COMODO Internet Security Eradication Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdGuard]
"Description"="COMODO Internet Security Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdGuard]
"DisplayName"="COMODO Internet Security Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdHlp]
"DisplayName"="COMODO Internet Security Helper Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdHlp]
"Description"="COMODO Internet Security Helper Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application]
"Sources"="ZAPrivacyService WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WgaSetup WebClient VSS VBRuntime Userinit Userenv TTFixerService Tlntsvr System.ServiceModel.Install 3.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Starter Spybot - Search & Destroy 2 SpoolerCtrs Software Restriction Policies Software Installation SNL HiveManager SkypeUpdate ServiceModel Audit 3.0.0.0 SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley NVIDIA OpenGL Driver ntbackup NeroCheck MSSQLSERVER/MSDE MSSOAP MSSHA MsiInstaller MSDTC Client MSDTC MSDMine MPSampleSubmission mnmsrvc Microsoft.Transactions.Bridge 3.0.0.0 Microsoft Security Client Setup Microsoft Security Client Microsoft Office 10 Microsof
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
"CategoryMessageFile"="D:\Program Files\COMODO\GeekBuddy\publisher.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
"EventMessageFile"="D:\Program Files\COMODO\GeekBuddy\publisher.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
"ParameterMessageFile"="D:\Program Files\COMODO\GeekBuddy\publisher.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\GeekBuddyRSP]
"CategoryMessageFile"="D:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\GeekBuddyRSP]
"EventMessageFile"="D:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\GeekBuddyRSP]
"ParameterMessageFile"="D:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\HMD]
"DisplayName"="COMODO livePCsupport Hardware Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\HMD]
"Description"="COMODO livePCsupport Hardware Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Inspect]
"Description"="COMODO Internet Security Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Inspect]
"DisplayName"="COMODO Internet Security Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO]
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS\Configuration]
"InstallPath"="D:\Program Files\COMODO\GeekBuddy\"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\application_vulnerability_monitor]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2048"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\application_vulnerability_monitor]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2048\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\application_vulnerability_monitor]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2048"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\autoruns_manager_api]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2040"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\autoruns_manager_api]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2040\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\autoruns_manager_api]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2040"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\boot_time_monitor]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-3"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\boot_time_monitor]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-3\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\boot_time_monitor]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-3"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\browser_addons_api]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2037"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\browser_addons_api]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2037\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\browser_addons_api]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2037"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\browser_addons_monitor]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-8"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\browser_addons_monitor]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-8\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\browser_addons_monitor]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-8"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\client_transaction]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\client_transaction]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\client_transaction]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\cross_selling_installer_monitor]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-17"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\cross_selling_installer_monitor]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-17\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\cross_selling_installer_monitor]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-17"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\hardware_monitor]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2045"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\hardware_monitor]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2045\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\hardware_monitor]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2045"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\hardware_monitor_api]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2051"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\hardware_monitor_api]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2051\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\hardware_monitor_api]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2051"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\memory_monitor]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2054"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\memory_monitor]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2054\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\memory_monitor]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2054"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\system_cleaner_api]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2041"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\system_cleaner_api]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2041\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\system_cleaner_api]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2041"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\system_cleaner_monitor]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2042"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\system_cleaner_monitor]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2042\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\system_cleaner_monitor]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2042"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\windows_event_monitor]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-5"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\windows_event_monitor]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-5\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\windows_event_monitor]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-5"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"Proxy"="D:\Program Files\COMODO\COMODO Internet Security\msica.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations]
"InstallPath"="D:\Program Files\COMODO\COMODO Internet Security"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0]
"Name"="COMODO - Internet Security"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\AV\Settings]
"QuarantinedPath"="D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo\Cis\Quarantine"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\AV\Settings\Exclusions\1]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\AV\Settings\Exclusions\1]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\3\0]
"Filename"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Bookmarks"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\3\0]
"DeviceName"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Bookmarks"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\3\2]
"Filename"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\3\2]
"DeviceName"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\3\3]
"Filename"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Preferences"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\3\3]
"DeviceName"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Preferences"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\4\3]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\4\3]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\4\4]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cmdinstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\4\4]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cmdinstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\5\10]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cavscan.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\5\10]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cavscan.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\7]
"Name"="COMODO Files/Folders"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\7\0]
"Filename"="D:\Program Files\COMODO*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\7\0]
"DeviceName"="D:\Program Files\COMODO*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\7\9]
"Filename"="D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo*|"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\7\9]
"DeviceName"="D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo*|"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\8]
"Name"="COMODO Internet Security"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\8\0]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cistray.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\8\0]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cistray.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\8\1]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cis.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\8\1]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cis.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\8\2]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\8\2]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\8\3]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\8\3]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\8\4]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cavwp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\8\4]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cavwp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\8\5]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cmdupd.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\8\5]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cmdupd.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\0]
"DeviceName"="COMODO Internet Security"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\3]
"DeviceName"="COMODO Internet Security"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\3\Protections\0\Exceptions\1]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\3\Protections\0\Exceptions\1]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\3\Protections\1\Exceptions\1]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\3\Protections\1\Exceptions\1]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Protected Files\2]
"DeviceName"="COMODO Files/Folders"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Protected Keys\1]
"DeviceName"="COMODO Keys"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Registry Groups\1]
"Name"="COMODO Keys"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Registry Groups\1\0]
"Filename"="HKLM\System\Software\Comodo*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Registry Groups\1\0]
"DeviceName"="HKLM\System\Software\Comodo*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Registry Groups\1\3]
"Filename"="*\SOFTWARE\Comodo*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Registry Groups\1\3]
"DeviceName"="*\SOFTWARE\Comodo*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1]
"Name"="COMODO - Proactive Security"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\AV\Settings]
"QuarantinedPath"="D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo\Cis\Quarantine"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\AV\Settings\Exclusions\1]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\AV\Settings\Exclusions\1]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\3\0]
"Filename"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Bookmarks"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\3\0]
"DeviceName"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Bookmarks"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\3\2]
"Filename"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\3\2]
"DeviceName"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\3\3]
"Filename"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Preferences"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\3\3]
"DeviceName"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Preferences"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\4\3]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\4\3]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\4\4]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cmdinstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\4\4]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cmdinstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\5\10]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cavscan.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\5\10]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cavscan.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\7]
"Name"="COMODO Files/Folders"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\7\0]
"Filename"="D:\Program Files\COMODO*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\7\0]
"DeviceName"="D:\Program Files\COMODO*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\7\9]
"Filename"="D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo*|"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\7\9]
"DeviceName"="D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo*|"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\8]
"Name"="COMODO Internet Security"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\8\0]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cistray.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\8\0]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cistray.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\8\1]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cis.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\8\1]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cis.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\8\2]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\8\2]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\8\3]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\8\3]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\8\4]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cavwp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\8\4]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cavwp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\8\5]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cmdupd.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\8\5]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cmdupd.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\Firewall\Policy\0]
"DeviceName"="COMODO Internet Security"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Policy\2]
"DeviceName"="COMODO Internet Security"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Policy\2\Protections\0\Exceptions\1]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Policy\2\Protections\0\Exceptions\1]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Policy\2\Protections\1\Exceptions\1]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Policy\2\Protections\1\Exceptions\1]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Protected Files\2]
"DeviceName"="COMODO Files/Folders"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Protected Keys\1]
"DeviceName"="COMODO Keys"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Registry Groups\1]
"Name"="COMODO Keys"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Registry Groups\1\0]
"Filename"="HKLM\System\Software\Comodo*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Registry Groups\1\0]
"DeviceName"="HKLM\System\Software\Comodo*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Registry Groups\1\3]
"Filename"="*\SOFTWARE\Comodo*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Registry Groups\1\3]
"DeviceName"="*\SOFTWARE\Comodo*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2]
"Name"="COMODO - Firewall Security"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\AV\Settings]
"QuarantinedPath"="D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo\Cis\Quarantine"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\AV\Settings\Exclusions\1]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\AV\Settings\Exclusions\1]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\3\0]
"Filename"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Bookmarks"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\3\0]
"DeviceName"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Bookmarks"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\3\2]
"Filename"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\3\2]
"DeviceName"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\3\3]
"Filename"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Preferences"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\3\3]
"DeviceName"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Preferences"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\4\3]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\4\3]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\4\4]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cmdinstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\4\4]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cmdinstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\5\10]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cavscan.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\5\10]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cavscan.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\7]
"Name"="COMODO Files/Folders"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\7\0]
"Filename"="D:\Program Files\COMODO*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\7\0]
"DeviceName"="D:\Program Files\COMODO*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\7\9]
"Filename"="D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo*|"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\7\9]
"DeviceName"="D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo*|"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\8]
"Name"="COMODO Internet Security"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\8\0]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cistray.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\8\0]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cistray.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\8\1]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cis.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\8\1]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cis.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\8\2]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\8\2]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\8\3]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\8\3]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\8\4]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cavwp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\8\4]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cavwp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\8\5]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cmdupd.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\8\5]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cmdupd.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\Firewall\Policy\1]
"DeviceName"="COMODO Internet Security"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\10]
"DeviceName"="COMODO Internet Security"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\10\Protections\0\Exceptions\1]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\10\Protections\0\Exceptions\1]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\10\Protections\1\Exceptions\1]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\10\Protections\1\Exceptions\1]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Protected Files\4]
"DeviceName"="COMODO Files/Folders"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Protected Keys\1]
"DeviceName"="COMODO Keys"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Registry Groups\1]
"Name"="COMODO Keys"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Registry Groups\1\0]
"Filename"="HKLM\System\Software\Comodo*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Registry Groups\1\0]
"DeviceName"="HKLM\System\Software\Comodo*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Registry Groups\1\3]
"Filename"="*\SOFTWARE\Comodo*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Registry Groups\1\3]
"DeviceName"="*\SOFTWARE\Comodo*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Options]
"UpdateURL"="http://download.comodo.com/"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Options]
"Partner"="Comodo"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLPSLAUNCHER\0000]
"DeviceDesc"="COMODO LPS Launcher"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDERD\0000]
"DeviceDesc"="COMODO Internet Security Eradication Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDGUARD\0000]
"DeviceDesc"="COMODO Firewall Pro Sandbox Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDHLP\0000]
"DeviceDesc"="COMODO Firewall Pro Helper Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DRAGONUPDATER\0000]
"DeviceDesc"="COMODO Dragon Update Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HMD\0000]
"DeviceDesc"="COMODO livePCsupport Hardware Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_INSPECT\0000]
"DeviceDesc"="COMODO Firewall Pro Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmderd]
"DisplayName"="COMODO Internet Security Eradication Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdGuard]
"Description"="COMODO Internet Security Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdGuard]
"DisplayName"="COMODO Internet Security Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdHlp]
"DisplayName"="COMODO Internet Security Helper Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdHlp]
"Description"="COMODO Internet Security Helper Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
"Sources"="ZAPrivacyService WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WgaSetup WebClient VSS VBRuntime Userinit Userenv TTFixerService Tlntsvr System.ServiceModel.Install 3.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Starter Spybot - Search & Destroy 2 SpoolerCtrs Software Restriction Policies Software Installation SNL HiveManager SkypeUpdate ServiceModel Audit 3.0.0.0 SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley NVIDIA OpenGL Driver ntbackup NeroCheck MSSQLSERVER/MSDE MSSOAP MSSHA MsiInstaller MSDTC Client MSDTC MSDMine MPSampleSubmission mnmsrvc Microsoft.Transactions.Bridge 3.0.0.0 Microsoft Security Client Setup Microsoft Security Client Microsoft Office 10 Micr
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
"CategoryMessageFile"="D:\Program Files\COMODO\GeekBuddy\publisher.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
"EventMessageFile"="D:\Program Files\COMODO\GeekBuddy\publisher.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
"ParameterMessageFile"="D:\Program Files\COMODO\GeekBuddy\publisher.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\GeekBuddyRSP]
"CategoryMessageFile"="D:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\GeekBuddyRSP]
"EventMessageFile"="D:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\GeekBuddyRSP]
"ParameterMessageFile"="D:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HMD]
"DisplayName"="COMODO livePCsupport Hardware Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HMD]
"Description"="COMODO livePCsupport Hardware Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Inspect]
"Description"="COMODO Internet Security Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Inspect]
"DisplayName"="COMODO Internet Security Firewall Driver"
[HKEY_USERS\.DEFAULT\Software\COMODO]
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\COMODO]
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\ComodoGroup]
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\ComodoGroup\CIS\|COMODO Firewall  |1033|96]
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\ComodoGroup\CIS\|COMODO Firewall Alert|1033|96]
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\ComodoGroup\CIS\|COMODO HIPS Alert|1033|96]
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\ComodoGroup\CIS\|COMODO Rating Scan|1033|96]
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\ComodoGroup\CIS\|COMODO Send To Background|1033|96]
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\ComodoGroup\CIS\|COMODO Task Manager|1033|96]
[HKEY_USERS\S-1-5-18\Software\COMODO]

Searching for "Microsoft Security Essentials"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Microsoft Security Essentials]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\AutoLogger\Microsoft Security Essentials]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\AutoLogger\Microsoft Security Essentials]
"FileName"="D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Security Essentials\Support\Application.etl"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Microsoft Antimalware]
"EventMessageFile"="D:\Program Files\Microsoft Security Essentials\MpEvMsg.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Microsoft Antimalware]
"ParameterMessageFile"="D:\Program Files\Microsoft Security Essentials\MpEvMsg.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsMpSvc]
"ImagePath"=""D:\Program Files\Microsoft Security Essentials\MsMpEng.exe""

-= EOF =-

 

I notice that Microsoft Security Essentials shows up on this scan, it does not however show on Uninstall, and, is not listed in Program Files in the Disk directory.

 

 

Thanks again for all your help;

 

Bill


wjh1170 (Bill)


#19 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 25 January 2014 - 07:16 AM

Hi wjh1170,

we should try to remove Comodo complete:
Link to tool:
https://sites.google...?attredirects=0
Run the tool as explained here:
http://forums.comodo...5-t71897.0.html

Instructions:

1. Disable Sandbox/Defense+
(Right Click CIS Icon > Sandbox/Defense+ Security Level > Disable )
*This Will Allow The Tool To Disable and Remove CIS and Other Protected/Safe Applications without Interruptions*

2. Download Application

3. Run Application (As Administrator)

4. Select Product You Wish To Uninstall/Remove


Select Product You Wish To Uninstall/Remove: Comodo Internet Security
 

***


Run SystemLook again.
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following code box into the main textfield:
:filefind
*Comodo*
*Microsoft Security Essentials*

:regfind
Comodo
Microsoft Security Essentials
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Graduate of the WTT Classroom
Cheers,
Jo

#20 wjh1170

wjh1170

    New Member

  • Authentic Member
  • Pip
  • 18 posts
  • Interests:Sports

Posted 25 January 2014 - 08:41 AM

Jo;

 

I downloaded the tool, and followed the directions, except Disable Sandbox Defense, which has to be done from the Comodo app, and, I can find no way to load that on my machine. The Uninstaller tool loaded, and as I would click on a box it would take me to a system screen where I had to type 'I acknowledge the risks', I hit enter and it takes me straight back to the app and nothing happens.

I did this several times. Here is the log, and it appears Comodo is still there. What am I doing incorrectly?

 

Thank You;

 

Bill

 

SystemLook 30.07.11 by jpshortstuff
Log created at 09:26 on 25/01/2014 by HESS
Administrator - Elevation successful

========== filefind ==========

Searching for "*Comodo*"
No files found.

Searching for "*Microsoft Security Essentials*"
D:\Documents and Settings\HESS\Favorites\Virus, Spyware & Malware Protection  Microsoft Security Essentials.url    --a---- 313 bytes    [11:03 01/01/2010]    [11:03 01/01/2010] 65F6956953B349FB69DCB60D2E74268E

========== regfind ==========

Searching for "Comodo"
[HKEY_CURRENT_USER\Software\COMODO]
[HKEY_CURRENT_USER\Software\ComodoGroup]
[HKEY_CURRENT_USER\Software\ComodoGroup\CIS\|COMODO Firewall  |1033|96]
[HKEY_CURRENT_USER\Software\ComodoGroup\CIS\|COMODO Firewall Alert|1033|96]
[HKEY_CURRENT_USER\Software\ComodoGroup\CIS\|COMODO HIPS Alert|1033|96]
[HKEY_CURRENT_USER\Software\ComodoGroup\CIS\|COMODO Rating Scan|1033|96]
[HKEY_CURRENT_USER\Software\ComodoGroup\CIS\|COMODO Send To Background|1033|96]
[HKEY_CURRENT_USER\Software\ComodoGroup\CIS\|COMODO Task Manager|1033|96]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Uninstaller.exe"="Uninstaller"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CIS\CIS.bat"="CIS"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CBU\CBU.bat"="CBU"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CD\CD.bat"="CD"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CEVPN\CEVPN.bat"="CEVPN"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CPM\CPM.bat"="CPM"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CSC\CSC.bat"="CSC"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CTC\CTC.bat"="CTC"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CMF\CMF.bat"="CMF"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\apwiz.bat"="apwiz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b455106-531b-4428-9f56-c35336c89b6e}\InprocServer32]
@="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2040\AutorunsWrapper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C83CF14779721CA4DA36B4569FACB802\SourceList]
"LastUsedSource"="n;1;D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo Downloader\cis\download\installs\xml_binaries\geekbuddy\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C83CF14779721CA4DA36B4569FACB802\SourceList\Net]
"1"="D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo Downloader\cis\download\installs\xml_binaries\geekbuddy\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96D27592-5FAA-4B65-AE65-C41AA290ABCD}\1.0]
@="Comodo Antivirus Shell Menu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96D27592-5FAA-4B65-AE65-C41AA290ABCD}\1.0\0\win64]
@="D:\Program Files\COMODO\COMODO Internet Security\cavshell.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96D27592-5FAA-4B65-AE65-C41AA290ABCD}\1.0\HELPDIR]
@="D:\Program Files\COMODO\COMODO Internet Security"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DA5BEF3F-88B4-45BE-8D8A-8D57B34ACA97}\1.0\0\win32]
@="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2040\AutorunsWrapper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DA5BEF3F-88B4-45BE-8D8A-8D57B34ACA97}\1.0\HELPDIR]
@="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2040"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Dragon\Capabilities]
"ApplicationDescription"="Comodo Dragon is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into Comodo Dragon."
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Dragon\Capabilities]
"ApplicationIcon"="D:\Program Files\Comodo\Dragon\dragon.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Dragon\DefaultIcon]
@="D:\Program Files\Comodo\Dragon\dragon.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Dragon\InstallInfo]
"ReinstallCommand"=""D:\Program Files\Comodo\Dragon\dragon.exe" --make-default-browser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Dragon\InstallInfo]
"HideIconsCommand"=""D:\Program Files\Comodo\Dragon\dragon.exe" --hide-icons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Dragon\InstallInfo]
"ShowIconsCommand"=""D:\Program Files\Comodo\Dragon\dragon.exe" --show-icons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Dragon\shell\open\command]
@=""D:\Program Files\Comodo\Dragon\dragon.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO]
[HKEY_LOCAL_MACHINE\SOFTWARE\ComodoGroup]
[HKEY_LOCAL_MACHINE\SOFTWARE\ComodoGroup\CDI\1]
"InstallProductPath"="D:\Program Files\COMODO\COMODO Internet Security"
[HKEY_LOCAL_MACHINE\SOFTWARE\ComodoGroup\CDI\1]
"Product Name"="COMODO Internet Security"
[HKEY_LOCAL_MACHINE\SOFTWARE\ComodoGroup\Dragon\Setup]
"SetupPath"="D:\Program Files\Comodo\Dragon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"D:\Program Files\COMODO\GeekBuddy\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"D:\Program Files\COMODO\GeekBuddy\lps-cspm\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-5\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\041E1D0EB2805477D110E65A22E83E6E]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D2B74D30B00343E81FC5D31933C61F4]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-203\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1627731B3EB1CA12AF248EF33E49506E]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-16\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1B0F62B009615CC80EC0A473970FF95D]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-202\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1D7BE4C8C391887C3ED85216EEE924A0]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\218C66C16A520E302423F4B535B7CDE5]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-5\eventmonitorapi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22451BC74B3279C290827863BBC84518]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-7\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\229D35CE24C204B256CD187B2852C262]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-vt\components\plugin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2693E75DB882758D3991CF590B802758]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D6F1717F5C25DCEC199E21EBAC71AA1]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-vt\components\core\component-100\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\39AFCC8E58501EA419259D36073F17D1]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\imageformats\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\44C7258DBE14A70E4A5498363878E690]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-13\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\589BBDFC331504DA990A88A48EAAFED9]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-16\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\62B3310CBEA672831A857A4AEB597087]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-13\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D6A6EE36F4824E41BF0AF6286A43724]
"C83CF14779721CA4DA36B4569FACB802"="D?\Program Files\Common Files\COMODO\GeekBuddyRSP.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DB09C917356EFB1717C823D1CE10F54]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-15\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712C88CC2E87003ED4071C60264CD132]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-0\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741E97916907FFB6DFA1B65FE44C0275]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-202\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\77D30811C2E793C41B8E48E27B664625]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-200\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7A65439E74270F90E813E97E23BAD358]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-5\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8F5F6FD1E12654440A1B7CE7FCCF1D7D]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8FBEDE6AF5A55E140A44E84C77CC3C44]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-vt\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\993F2E0B60EABF94B983D5BD469E8F2E]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\resources\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9AF20DDBA4F5C1C4BA2487F366E0B582]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACFAF2B1F98AE5142BD1B2011BE6963D]
"C83CF14779721CA4DA36B4569FACB802"="D?\Program Files\Common Files\COMODO\launcher_service.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B3D8BFA78BBB892B24C4464216740897]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-vt\components\core\component-100\antierrorgui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B87BCF96643B63EF9007B98808B11198]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-203\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CAC119895EDC53573FA4F9E8C7FAEA00]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-200\lpsgui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB24BA18AD5C5D7426CD45834C430621]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-vt\components\core\component-100\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCDAEF5444CCB37D07E6DC566205F8A8]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-ca\components\plugin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5F68FD982CE4FE59CF711C2E50BE8BB]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-15\eventmonitorapi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E620731AFD6EB3349CE9924C743953D8]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-7\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EA32B34CDC8ECFF5EC1061871AE7609F]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-10\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE4A6F6D695EA604622BA55EFCECE9D5]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-6\eventsolverapi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF73F218F9CC0FF49824BE9438BF97A1]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-ca\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFFC28DA85DEAFC62F6D2C3956030F4C]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-10\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2431533B45F720C3E3AD27145D27F51]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-0\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F737EFC62ACF3C72DE6EF0E6FFE84451]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-200\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1343E4807F299D00D4F67A576DE4AC]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-6\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1776D3562FA2AB766260F801C7244E]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-5\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB912288EA0F5A2D6BCEF2DC973AC145]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-15\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FEB387A2A8EF8E5CB46686987A7143CB]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-6\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C83CF14779721CA4DA36B4569FACB802\InstallProperties]
"InstallLocation"="D:\Program Files\COMODO\GeekBuddy\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C83CF14779721CA4DA36B4569FACB802\InstallProperties]
"InstallSource"="D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo Downloader\cis\download\installs\xml_binaries\geekbuddy\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C83CF14779721CA4DA36B4569FACB802\InstallProperties]
"Publisher"="Comodo Security Solutions Inc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C83CF14779721CA4DA36B4569FACB802\InstallProperties]
"URLInfoAbout"="http://www.comodo.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{741FC38C-2797-4AC1-AD63-4B65F9CA8B20}]
"InstallLocation"="D:\Program Files\COMODO\GeekBuddy\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{741FC38C-2797-4AC1-AD63-4B65F9CA8B20}]
"InstallSource"="D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo Downloader\cis\download\installs\xml_binaries\geekbuddy\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{741FC38C-2797-4AC1-AD63-4B65F9CA8B20}]
"Publisher"="Comodo Security Solutions Inc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{741FC38C-2797-4AC1-AD63-4B65F9CA8B20}]
"URLInfoAbout"="http://www.comodo.com"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDAGENT\0000]
"DeviceDesc"="COMODO Firewall Pro Helper Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDGUARD\0000]
"DeviceDesc"="COMODO Firewall Pro Sandbox Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDHLP\0000]
"DeviceDesc"="COMODO Firewall Pro Helper Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_INSPECT\0000]
"DeviceDesc"="COMODO Firewall Pro Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CLPSLAUNCHER\0000]
"DeviceDesc"="COMODO LPS Launcher"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDERD\0000]
"DeviceDesc"="COMODO Internet Security Eradication Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDGUARD\0000]
"DeviceDesc"="COMODO Firewall Pro Sandbox Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDHLP\0000]
"DeviceDesc"="COMODO Firewall Pro Helper Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_DRAGONUPDATER\0000]
"DeviceDesc"="COMODO Dragon Update Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_HMD\0000]
"DeviceDesc"="COMODO livePCsupport Hardware Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_INSPECT\0000]
"DeviceDesc"="COMODO Firewall Pro Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmderd]
"DisplayName"="COMODO Internet Security Eradication Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdGuard]
"Description"="COMODO Internet Security Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdGuard]
"DisplayName"="COMODO Internet Security Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdHlp]
"DisplayName"="COMODO Internet Security Helper Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdHlp]
"Description"="COMODO Internet Security Helper Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application]
"Sources"="ZAPrivacyService WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WgaSetup WebClient VSS VBRuntime Userinit Userenv TTFixerService Tlntsvr System.ServiceModel.Install 3.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Starter Spybot - Search & Destroy 2 SpoolerCtrs Software Restriction Policies Software Installation SNL HiveManager SkypeUpdate ServiceModel Audit 3.0.0.0 SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley NVIDIA OpenGL Driver ntbackup NeroCheck MSSQLSERVER/MSDE MSSOAP MSSHA MsiInstaller MSDTC Client MSDTC MSDMine MPSampleSubmission mnmsrvc Microsoft.Transactions.Bridge 3.0.0.0 Microsoft Security Client Setup Microsoft Security Client Microsoft Office 10 Microsof
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
"CategoryMessageFile"="D:\Program Files\COMODO\GeekBuddy\publisher.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
"EventMessageFile"="D:\Program Files\COMODO\GeekBuddy\publisher.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
"ParameterMessageFile"="D:\Program Files\COMODO\GeekBuddy\publisher.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\GeekBuddyRSP]
"CategoryMessageFile"="D:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\GeekBuddyRSP]
"EventMessageFile"="D:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\GeekBuddyRSP]
"ParameterMessageFile"="D:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HMD]
"DisplayName"="COMODO livePCsupport Hardware Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HMD]
"Description"="COMODO livePCsupport Hardware Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Inspect]
"Description"="COMODO Internet Security Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Inspect]
"DisplayName"="COMODO Internet Security Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CLPSLAUNCHER\0000]
"DeviceDesc"="COMODO LPS Launcher"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDERD\0000]
"DeviceDesc"="COMODO Internet Security Eradication Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDGUARD\0000]
"DeviceDesc"="COMODO Firewall Pro Sandbox Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDHLP\0000]
"DeviceDesc"="COMODO Firewall Pro Helper Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_DRAGONUPDATER\0000]
"DeviceDesc"="COMODO Dragon Update Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_HMD\0000]
"DeviceDesc"="COMODO livePCsupport Hardware Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_INSPECT\0000]
"DeviceDesc"="COMODO Firewall Pro Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmderd]
"DisplayName"="COMODO Internet Security Eradication Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdGuard]
"Description"="COMODO Internet Security Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdGuard]
"DisplayName"="COMODO Internet Security Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdHlp]
"DisplayName"="COMODO Internet Security Helper Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdHlp]
"Description"="COMODO Internet Security Helper Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application]
"Sources"="ZAPrivacyService WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WgaSetup WebClient VSS VBRuntime Userinit Userenv TTFixerService Tlntsvr System.ServiceModel.Install 3.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Starter Spybot - Search & Destroy 2 SpoolerCtrs Software Restriction Policies Software Installation SNL HiveManager SkypeUpdate ServiceModel Audit 3.0.0.0 SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley NVIDIA OpenGL Driver ntbackup NeroCheck MSSQLSERVER/MSDE MSSOAP MSSHA MsiInstaller MSDTC Client MSDTC MSDMine MPSampleSubmission mnmsrvc Microsoft.Transactions.Bridge 3.0.0.0 Microsoft Security Client Setup Microsoft Security Client Microsoft Office 10 Microsof
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
"CategoryMessageFile"="D:\Program Files\COMODO\GeekBuddy\publisher.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
"EventMessageFile"="D:\Program Files\COMODO\GeekBuddy\publisher.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
"ParameterMessageFile"="D:\Program Files\COMODO\GeekBuddy\publisher.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\GeekBuddyRSP]
"CategoryMessageFile"="D:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\GeekBuddyRSP]
"EventMessageFile"="D:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\GeekBuddyRSP]
"ParameterMessageFile"="D:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\HMD]
"DisplayName"="COMODO livePCsupport Hardware Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\HMD]
"Description"="COMODO livePCsupport Hardware Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Inspect]
"Description"="COMODO Internet Security Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Inspect]
"DisplayName"="COMODO Internet Security Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO]
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS\Configuration]
"InstallPath"="D:\Program Files\COMODO\GeekBuddy\"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\application_vulnerability_monitor]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2048"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\application_vulnerability_monitor]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2048\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\application_vulnerability_monitor]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2048"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\autoruns_manager_api]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2040"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\autoruns_manager_api]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2040\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\autoruns_manager_api]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2040"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\boot_time_monitor]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-3"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\boot_time_monitor]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-3\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\boot_time_monitor]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-3"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\browser_addons_api]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2037"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\browser_addons_api]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2037\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\browser_addons_api]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2037"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\browser_addons_monitor]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-8"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\browser_addons_monitor]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-8\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\browser_addons_monitor]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-8"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\client_transaction]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\client_transaction]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\client_transaction]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\cross_selling_installer_monitor]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-17"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\cross_selling_installer_monitor]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-17\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\cross_selling_installer_monitor]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-17"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\hardware_monitor]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2045"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\hardware_monitor]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2045\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\hardware_monitor]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2045"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\hardware_monitor_api]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2051"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\hardware_monitor_api]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2051\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\hardware_monitor_api]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2051"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\memory_monitor]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2054"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\memory_monitor]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2054\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\memory_monitor]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2054"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\system_cleaner_api]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2041"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\system_cleaner_api]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2041\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\system_cleaner_api]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2041"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\system_cleaner_monitor]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2042"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\system_cleaner_monitor]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2042\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\system_cleaner_monitor]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2042"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\windows_event_monitor]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-5"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\windows_event_monitor]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-5\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\windows_event_monitor]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-5"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"Proxy"="D:\Program Files\COMODO\COMODO Internet Security\msica.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations]
"InstallPath"="D:\Program Files\COMODO\COMODO Internet Security"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0]
"Name"="COMODO - Internet Security"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\AV\Settings]
"QuarantinedPath"="D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo\Cis\Quarantine"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\AV\Settings\Exclusions\1]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\AV\Settings\Exclusions\1]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\3\0]
"Filename"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Bookmarks"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\3\0]
"DeviceName"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Bookmarks"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\3\2]
"Filename"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\3\2]
"DeviceName"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\3\3]
"Filename"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Preferences"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\3\3]
"DeviceName"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Preferences"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\4\3]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\4\3]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\4\4]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cmdinstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\4\4]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cmdinstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\5\10]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cavscan.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\5\10]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cavscan.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\7]
"Name"="COMODO Files/Folders"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\7\0]
"Filename"="D:\Program Files\COMODO*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\7\0]
"DeviceName"="D:\Program Files\COMODO*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\7\9]
"Filename"="D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo*|"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\7\9]
"DeviceName"="D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo*|"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\8]
"Name"="COMODO Internet Security"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\8\0]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cistray.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\8\0]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cistray.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\8\1]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cis.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\8\1]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cis.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\8\2]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\8\2]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\8\3]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\8\3]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\8\4]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cavwp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\8\4]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cavwp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\8\5]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cmdupd.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\File Groups\8\5]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cmdupd.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\0]
"DeviceName"="COMODO Internet Security"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\3]
"DeviceName"="COMODO Internet Security"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\3\Protections\0\Exceptions\1]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\3\Protections\0\Exceptions\1]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\3\Protections\1\Exceptions\1]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\3\Protections\1\Exceptions\1]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Protected Files\2]
"DeviceName"="COMODO Files/Folders"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Protected Keys\1]
"DeviceName"="COMODO Keys"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Registry Groups\1]
"Name"="COMODO Keys"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Registry Groups\1\0]
"Filename"="HKLM\System\Software\Comodo*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Registry Groups\1\0]
"DeviceName"="HKLM\System\Software\Comodo*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Registry Groups\1\3]
"Filename"="*\SOFTWARE\Comodo*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Registry Groups\1\3]
"DeviceName"="*\SOFTWARE\Comodo*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1]
"Name"="COMODO - Proactive Security"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\AV\Settings]
"QuarantinedPath"="D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo\Cis\Quarantine"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\AV\Settings\Exclusions\1]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\AV\Settings\Exclusions\1]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\3\0]
"Filename"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Bookmarks"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\3\0]
"DeviceName"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Bookmarks"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\3\2]
"Filename"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\3\2]
"DeviceName"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\3\3]
"Filename"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Preferences"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\3\3]
"DeviceName"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Preferences"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\4\3]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\4\3]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\4\4]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cmdinstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\4\4]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cmdinstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\5\10]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cavscan.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\5\10]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cavscan.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\7]
"Name"="COMODO Files/Folders"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\7\0]
"Filename"="D:\Program Files\COMODO*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\7\0]
"DeviceName"="D:\Program Files\COMODO*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\7\9]
"Filename"="D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo*|"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\7\9]
"DeviceName"="D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo*|"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\8]
"Name"="COMODO Internet Security"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\8\0]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cistray.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\8\0]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cistray.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\8\1]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cis.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\8\1]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cis.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\8\2]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\8\2]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\8\3]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\8\3]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\8\4]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cavwp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\8\4]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cavwp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\8\5]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cmdupd.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\File Groups\8\5]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cmdupd.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\Firewall\Policy\0]
"DeviceName"="COMODO Internet Security"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Policy\2]
"DeviceName"="COMODO Internet Security"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Policy\2\Protections\0\Exceptions\1]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Policy\2\Protections\0\Exceptions\1]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Policy\2\Protections\1\Exceptions\1]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Policy\2\Protections\1\Exceptions\1]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Protected Files\2]
"DeviceName"="COMODO Files/Folders"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Protected Keys\1]
"DeviceName"="COMODO Keys"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Registry Groups\1]
"Name"="COMODO Keys"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Registry Groups\1\0]
"Filename"="HKLM\System\Software\Comodo*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Registry Groups\1\0]
"DeviceName"="HKLM\System\Software\Comodo*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Registry Groups\1\3]
"Filename"="*\SOFTWARE\Comodo*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Registry Groups\1\3]
"DeviceName"="*\SOFTWARE\Comodo*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2]
"Name"="COMODO - Firewall Security"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\AV\Settings]
"QuarantinedPath"="D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo\Cis\Quarantine"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\AV\Settings\Exclusions\1]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\AV\Settings\Exclusions\1]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\3\0]
"Filename"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Bookmarks"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\3\0]
"DeviceName"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Bookmarks"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\3\2]
"Filename"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\3\2]
"DeviceName"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\3\3]
"Filename"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Preferences"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\3\3]
"DeviceName"="D:\Documents and Settings\*\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Preferences"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\4\3]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\4\3]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\4\4]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cmdinstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\4\4]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cmdinstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\5\10]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cavscan.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\5\10]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cavscan.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\7]
"Name"="COMODO Files/Folders"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\7\0]
"Filename"="D:\Program Files\COMODO*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\7\0]
"DeviceName"="D:\Program Files\COMODO*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\7\9]
"Filename"="D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo*|"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\7\9]
"DeviceName"="D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo*|"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\8]
"Name"="COMODO Internet Security"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\8\0]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cistray.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\8\0]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cistray.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\8\1]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cis.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\8\1]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cis.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\8\2]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\8\2]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\8\3]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\8\3]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\8\4]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cavwp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\8\4]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cavwp.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\8\5]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\cmdupd.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\File Groups\8\5]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\cmdupd.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\Firewall\Policy\1]
"DeviceName"="COMODO Internet Security"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\10]
"DeviceName"="COMODO Internet Security"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\10\Protections\0\Exceptions\1]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\10\Protections\0\Exceptions\1]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\10\Protections\1\Exceptions\1]
"Filename"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\10\Protections\1\Exceptions\1]
"DeviceName"="D:\Program Files\COMODO\COMODO Internet Security\*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Protected Files\4]
"DeviceName"="COMODO Files/Folders"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Protected Keys\1]
"DeviceName"="COMODO Keys"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Registry Groups\1]
"Name"="COMODO Keys"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Registry Groups\1\0]
"Filename"="HKLM\System\Software\Comodo*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Registry Groups\1\0]
"DeviceName"="HKLM\System\Software\Comodo*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Registry Groups\1\3]
"Filename"="*\SOFTWARE\Comodo*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Registry Groups\1\3]
"DeviceName"="*\SOFTWARE\Comodo*"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Options]
"UpdateURL"="http://download.comodo.com/"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Options]
"Partner"="Comodo"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLPSLAUNCHER\0000]
"DeviceDesc"="COMODO LPS Launcher"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDERD\0000]
"DeviceDesc"="COMODO Internet Security Eradication Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDGUARD\0000]
"DeviceDesc"="COMODO Firewall Pro Sandbox Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDHLP\0000]
"DeviceDesc"="COMODO Firewall Pro Helper Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DRAGONUPDATER\0000]
"DeviceDesc"="COMODO Dragon Update Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HMD\0000]
"DeviceDesc"="COMODO livePCsupport Hardware Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_INSPECT\0000]
"DeviceDesc"="COMODO Firewall Pro Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmderd]
"DisplayName"="COMODO Internet Security Eradication Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdGuard]
"Description"="COMODO Internet Security Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdGuard]
"DisplayName"="COMODO Internet Security Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdHlp]
"DisplayName"="COMODO Internet Security Helper Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdHlp]
"Description"="COMODO Internet Security Helper Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
"Sources"="ZAPrivacyService WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WgaSetup WebClient VSS VBRuntime Userinit Userenv TTFixerService Tlntsvr System.ServiceModel.Install 3.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Starter Spybot - Search & Destroy 2 SpoolerCtrs Software Restriction Policies Software Installation SNL HiveManager SkypeUpdate ServiceModel Audit 3.0.0.0 SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley NVIDIA OpenGL Driver ntbackup NeroCheck MSSQLSERVER/MSDE MSSOAP MSSHA MsiInstaller MSDTC Client MSDTC MSDMine MPSampleSubmission mnmsrvc Microsoft.Transactions.Bridge 3.0.0.0 Microsoft Security Client Setup Microsoft Security Client Microsoft Office 10 Micr
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
"CategoryMessageFile"="D:\Program Files\COMODO\GeekBuddy\publisher.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
"EventMessageFile"="D:\Program Files\COMODO\GeekBuddy\publisher.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
"ParameterMessageFile"="D:\Program Files\COMODO\GeekBuddy\publisher.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\GeekBuddyRSP]
"CategoryMessageFile"="D:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\GeekBuddyRSP]
"EventMessageFile"="D:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\GeekBuddyRSP]
"ParameterMessageFile"="D:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HMD]
"DisplayName"="COMODO livePCsupport Hardware Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HMD]
"Description"="COMODO livePCsupport Hardware Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Inspect]
"Description"="COMODO Internet Security Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Inspect]
"DisplayName"="COMODO Internet Security Firewall Driver"
[HKEY_USERS\.DEFAULT\Software\COMODO]
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\COMODO]
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\ComodoGroup]
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\ComodoGroup\CIS\|COMODO Firewall  |1033|96]
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\ComodoGroup\CIS\|COMODO Firewall Alert|1033|96]
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\ComodoGroup\CIS\|COMODO HIPS Alert|1033|96]
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\ComodoGroup\CIS\|COMODO Rating Scan|1033|96]
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\ComodoGroup\CIS\|COMODO Send To Background|1033|96]
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\ComodoGroup\CIS\|COMODO Task Manager|1033|96]
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Uninstaller.exe"="Uninstaller"
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CIS\CIS.bat"="CIS"
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CBU\CBU.bat"="CBU"
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CD\CD.bat"="CD"
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CEVPN\CEVPN.bat"="CEVPN"
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CPM\CPM.bat"="CPM"
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CSC\CSC.bat"="CSC"
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CTC\CTC.bat"="CTC"
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CMF\CMF.bat"="CMF"
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\apwiz.bat"="apwiz"
[HKEY_USERS\S-1-5-18\Software\COMODO]

Searching for "Microsoft Security Essentials"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Microsoft Security Essentials]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\AutoLogger\Microsoft Security Essentials]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\AutoLogger\Microsoft Security Essentials]
"FileName"="D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Security Essentials\Support\Application.etl"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Microsoft Antimalware]
"EventMessageFile"="D:\Program Files\Microsoft Security Essentials\MpEvMsg.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Microsoft Antimalware]
"ParameterMessageFile"="D:\Program Files\Microsoft Security Essentials\MpEvMsg.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsMpSvc]
"ImagePath"=""D:\Program Files\Microsoft Security Essentials\MsMpEng.exe""

-= EOF =-


Edited by wjh1170, 25 January 2014 - 08:43 AM.

wjh1170 (Bill)


#21 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 26 January 2014 - 01:23 AM

Hi wjh1170,

I downloaded the tool, and followed the directions, except Disable Sandbox Defense, which has to be done from the Comodo app, and, I can find no way to load that on my machine. The Uninstaller tool loaded, and as I would click on a box it would take me to a system screen where I had to type 'I acknowledge the risks', I hit enter and it takes me straight back to the app and nothing happens.
I did this several times. Here is the log, and it appears Comodo is still there. What am I doing incorrectly?


Do not type 'I acknowledge the risks'!
You just have to type the number:

1

Then let it run.
Reboot when it has finished.

Then run SystemLook again.
Graduate of the WTT Classroom
Cheers,
Jo

#22 wjh1170

wjh1170

    New Member

  • Authentic Member
  • Pip
  • 18 posts
  • Interests:Sports

Posted 26 January 2014 - 01:50 AM

Good Morning Jo;  (Morning in Kentucky USA)

 

Thanks for the correction; enclosed is the new log. The program appeared to run as it should, however there is still a lot of stuff from Comodo in here.

 

SystemLook 30.07.11 by jpshortstuff
Log created at 02:43 on 26/01/2014 by HESS
Administrator - Elevation successful

========== filefind ==========

Searching for "*Comodo*"
No files found.

Searching for "*Microsoft Security Essentials*"
D:\Documents and Settings\HESS\Favorites\Virus, Spyware & Malware Protection  Microsoft Security Essentials.url    --a---- 313 bytes    [11:03 01/01/2010]    [11:03 01/01/2010] 65F6956953B349FB69DCB60D2E74268E

========== regfind ==========

Searching for "Comodo"
[HKEY_CURRENT_USER\Software\COMODO]
[HKEY_CURRENT_USER\Software\ComodoGroup]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Uninstaller.exe"="Uninstaller"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CIS\CIS.bat"="CIS"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CBU\CBU.bat"="CBU"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CD\CD.bat"="CD"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CEVPN\CEVPN.bat"="CEVPN"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CPM\CPM.bat"="CPM"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CSC\CSC.bat"="CSC"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CTC\CTC.bat"="CTC"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CMF\CMF.bat"="CMF"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\apwiz.bat"="apwiz"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CGB\CGB.bat"="CGB"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CU\CU.bat"="CU"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b455106-531b-4428-9f56-c35336c89b6e}\InprocServer32]
@="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2040\AutorunsWrapper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C83CF14779721CA4DA36B4569FACB802\SourceList]
"LastUsedSource"="n;1;D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo Downloader\cis\download\installs\xml_binaries\geekbuddy\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C83CF14779721CA4DA36B4569FACB802\SourceList\Net]
"1"="D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo Downloader\cis\download\installs\xml_binaries\geekbuddy\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DA5BEF3F-88B4-45BE-8D8A-8D57B34ACA97}\1.0\0\win32]
@="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2040\AutorunsWrapper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DA5BEF3F-88B4-45BE-8D8A-8D57B34ACA97}\1.0\HELPDIR]
@="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2040"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"D:\Program Files\COMODO\GeekBuddy\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"D:\Program Files\COMODO\GeekBuddy\lps-cspm\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-5\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\041E1D0EB2805477D110E65A22E83E6E]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D2B74D30B00343E81FC5D31933C61F4]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-203\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1627731B3EB1CA12AF248EF33E49506E]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-16\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1B0F62B009615CC80EC0A473970FF95D]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-202\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1D7BE4C8C391887C3ED85216EEE924A0]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\218C66C16A520E302423F4B535B7CDE5]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-5\eventmonitorapi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22451BC74B3279C290827863BBC84518]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-7\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\229D35CE24C204B256CD187B2852C262]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-vt\components\plugin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2693E75DB882758D3991CF590B802758]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D6F1717F5C25DCEC199E21EBAC71AA1]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-vt\components\core\component-100\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\39AFCC8E58501EA419259D36073F17D1]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\imageformats\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\44C7258DBE14A70E4A5498363878E690]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-13\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\589BBDFC331504DA990A88A48EAAFED9]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-16\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\62B3310CBEA672831A857A4AEB597087]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-13\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D6A6EE36F4824E41BF0AF6286A43724]
"C83CF14779721CA4DA36B4569FACB802"="D?\Program Files\Common Files\COMODO\GeekBuddyRSP.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DB09C917356EFB1717C823D1CE10F54]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-15\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712C88CC2E87003ED4071C60264CD132]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-0\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741E97916907FFB6DFA1B65FE44C0275]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-202\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\77D30811C2E793C41B8E48E27B664625]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-200\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7A65439E74270F90E813E97E23BAD358]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-5\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8F5F6FD1E12654440A1B7CE7FCCF1D7D]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8FBEDE6AF5A55E140A44E84C77CC3C44]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-vt\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\993F2E0B60EABF94B983D5BD469E8F2E]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\resources\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9AF20DDBA4F5C1C4BA2487F366E0B582]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACFAF2B1F98AE5142BD1B2011BE6963D]
"C83CF14779721CA4DA36B4569FACB802"="D?\Program Files\Common Files\COMODO\launcher_service.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B3D8BFA78BBB892B24C4464216740897]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-vt\components\core\component-100\antierrorgui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B87BCF96643B63EF9007B98808B11198]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-203\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CAC119895EDC53573FA4F9E8C7FAEA00]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-200\lpsgui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB24BA18AD5C5D7426CD45834C430621]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-vt\components\core\component-100\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCDAEF5444CCB37D07E6DC566205F8A8]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-ca\components\plugin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5F68FD982CE4FE59CF711C2E50BE8BB]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-15\eventmonitorapi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E620731AFD6EB3349CE9924C743953D8]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-7\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EA32B34CDC8ECFF5EC1061871AE7609F]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-10\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE4A6F6D695EA604622BA55EFCECE9D5]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-6\eventsolverapi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF73F218F9CC0FF49824BE9438BF97A1]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-ca\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFFC28DA85DEAFC62F6D2C3956030F4C]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-10\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2431533B45F720C3E3AD27145D27F51]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-0\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F737EFC62ACF3C72DE6EF0E6FFE84451]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-ca\components\core\component-200\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1343E4807F299D00D4F67A576DE4AC]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-6\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1776D3562FA2AB766260F801C7244E]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-5\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB912288EA0F5A2D6BCEF2DC973AC145]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-15\export.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FEB387A2A8EF8E5CB46686987A7143CB]
"C83CF14779721CA4DA36B4569FACB802"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-6\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C83CF14779721CA4DA36B4569FACB802\InstallProperties]
"InstallLocation"="D:\Program Files\COMODO\GeekBuddy\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C83CF14779721CA4DA36B4569FACB802\InstallProperties]
"InstallSource"="D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo Downloader\cis\download\installs\xml_binaries\geekbuddy\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C83CF14779721CA4DA36B4569FACB802\InstallProperties]
"Publisher"="Comodo Security Solutions Inc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C83CF14779721CA4DA36B4569FACB802\InstallProperties]
"URLInfoAbout"="http://www.comodo.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{741FC38C-2797-4AC1-AD63-4B65F9CA8B20}]
"InstallLocation"="D:\Program Files\COMODO\GeekBuddy\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{741FC38C-2797-4AC1-AD63-4B65F9CA8B20}]
"InstallSource"="D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Comodo Downloader\cis\download\installs\xml_binaries\geekbuddy\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{741FC38C-2797-4AC1-AD63-4B65F9CA8B20}]
"Publisher"="Comodo Security Solutions Inc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{741FC38C-2797-4AC1-AD63-4B65F9CA8B20}]
"URLInfoAbout"="http://www.comodo.com"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDAGENT\0000]
"DeviceDesc"="COMODO Firewall Pro Helper Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDGUARD\0000]
"DeviceDesc"="COMODO Firewall Pro Sandbox Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDHLP\0000]
"DeviceDesc"="COMODO Firewall Pro Helper Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_INSPECT\0000]
"DeviceDesc"="COMODO Firewall Pro Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CLPSLAUNCHER\0000]
"DeviceDesc"="COMODO LPS Launcher"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDERD\0000]
"DeviceDesc"="COMODO Internet Security Eradication Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_DRAGONUPDATER\0000]
"DeviceDesc"="COMODO Dragon Update Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_HMD\0000]
"DeviceDesc"="COMODO livePCsupport Hardware Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application]
"Sources"="ZAPrivacyService WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WgaSetup WebClient VSS VBRuntime Userinit Userenv TTFixerService Tlntsvr System.ServiceModel.Install 3.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Starter Spybot - Search & Destroy 2 SpoolerCtrs Software Restriction Policies Software Installation SNL HiveManager SkypeUpdate ServiceModel Audit 3.0.0.0 SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley NVIDIA OpenGL Driver ntbackup NeroCheck MSSQLSERVER/MSDE MSSOAP MSSHA MsiInstaller MSDTC Client MSDTC MSDMine MPSampleSubmission mnmsrvc Microsoft.Transactions.Bridge 3.0.0.0 Microsoft Security Client Setup Microsoft Security Client Microsoft Office 10 Microsof
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
"CategoryMessageFile"="D:\Program Files\COMODO\GeekBuddy\publisher.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
"EventMessageFile"="D:\Program Files\COMODO\GeekBuddy\publisher.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
"ParameterMessageFile"="D:\Program Files\COMODO\GeekBuddy\publisher.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\GeekBuddyRSP]
"CategoryMessageFile"="D:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\GeekBuddyRSP]
"EventMessageFile"="D:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\GeekBuddyRSP]
"ParameterMessageFile"="D:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HMD]
"DisplayName"="COMODO livePCsupport Hardware Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HMD]
"Description"="COMODO livePCsupport Hardware Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CLPSLAUNCHER\0000]
"DeviceDesc"="COMODO LPS Launcher"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDERD\0000]
"DeviceDesc"="COMODO Internet Security Eradication Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_DRAGONUPDATER\0000]
"DeviceDesc"="COMODO Dragon Update Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_HMD\0000]
"DeviceDesc"="COMODO livePCsupport Hardware Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application]
"Sources"="ZAPrivacyService WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WgaSetup WebClient VSS VBRuntime Userinit Userenv TTFixerService Tlntsvr System.ServiceModel.Install 3.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Starter Spybot - Search & Destroy 2 SpoolerCtrs Software Restriction Policies Software Installation SNL HiveManager SkypeUpdate ServiceModel Audit 3.0.0.0 SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley NVIDIA OpenGL Driver ntbackup NeroCheck MSSQLSERVER/MSDE MSSOAP MSSHA MsiInstaller MSDTC Client MSDTC MSDMine MPSampleSubmission mnmsrvc Microsoft.Transactions.Bridge 3.0.0.0 Microsoft Security Client Setup Microsoft Security Client Microsoft Office 10 Microsof
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
"CategoryMessageFile"="D:\Program Files\COMODO\GeekBuddy\publisher.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
"EventMessageFile"="D:\Program Files\COMODO\GeekBuddy\publisher.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
"ParameterMessageFile"="D:\Program Files\COMODO\GeekBuddy\publisher.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\GeekBuddyRSP]
"CategoryMessageFile"="D:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\GeekBuddyRSP]
"EventMessageFile"="D:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\GeekBuddyRSP]
"ParameterMessageFile"="D:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\HMD]
"DisplayName"="COMODO livePCsupport Hardware Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\HMD]
"Description"="COMODO livePCsupport Hardware Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO]
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\application_vulnerability_monitor]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2048"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\application_vulnerability_monitor]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2048\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\application_vulnerability_monitor]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2048"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\autoruns_manager_api]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2040"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\autoruns_manager_api]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2040\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\autoruns_manager_api]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2040"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\boot_time_monitor]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-3"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\boot_time_monitor]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-3\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\boot_time_monitor]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-3"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\browser_addons_api]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2037"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\browser_addons_api]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2037\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\browser_addons_api]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2037"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\browser_addons_monitor]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-8"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\browser_addons_monitor]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-8\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\browser_addons_monitor]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-8"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\client_transaction]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\client_transaction]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\client_transaction]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\cross_selling_installer_monitor]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-17"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\cross_selling_installer_monitor]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-17\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\cross_selling_installer_monitor]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-17"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\hardware_monitor]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2045"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\hardware_monitor]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2045\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\hardware_monitor]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2045"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\hardware_monitor_api]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2051"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\hardware_monitor_api]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2051\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\hardware_monitor_api]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2051"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\memory_monitor]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2054"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\memory_monitor]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2054\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\memory_monitor]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2054"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\system_cleaner_api]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2041"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\system_cleaner_api]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2041\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\system_cleaner_api]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\plugin\component-2041"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\system_cleaner_monitor]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2042"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\system_cleaner_monitor]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2042\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\system_cleaner_monitor]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-2042"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\windows_event_monitor]
"Path"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-5"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\windows_event_monitor]
"UninstallString"="D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-5\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\CLPS 4\Component\windows_event_monitor]
"SilentCmd"="/S _?=D:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-5"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLPSLAUNCHER\0000]
"DeviceDesc"="COMODO LPS Launcher"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDERD\0000]
"DeviceDesc"="COMODO Internet Security Eradication Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DRAGONUPDATER\0000]
"DeviceDesc"="COMODO Dragon Update Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HMD\0000]
"DeviceDesc"="COMODO livePCsupport Hardware Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
"Sources"="ZAPrivacyService WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WgaSetup WebClient VSS VBRuntime Userinit Userenv TTFixerService Tlntsvr System.ServiceModel.Install 3.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Starter Spybot - Search & Destroy 2 SpoolerCtrs Software Restriction Policies Software Installation SNL HiveManager SkypeUpdate ServiceModel Audit 3.0.0.0 SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley NVIDIA OpenGL Driver ntbackup NeroCheck MSSQLSERVER/MSDE MSSOAP MSSHA MsiInstaller MSDTC Client MSDTC MSDMine MPSampleSubmission mnmsrvc Microsoft.Transactions.Bridge 3.0.0.0 Microsoft Security Client Setup Microsoft Security Client Microsoft Office 10 Micr
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
"CategoryMessageFile"="D:\Program Files\COMODO\GeekBuddy\publisher.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
"EventMessageFile"="D:\Program Files\COMODO\GeekBuddy\publisher.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Comodo livePcSupport4 3rd Party Provider]
"ParameterMessageFile"="D:\Program Files\COMODO\GeekBuddy\publisher.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\GeekBuddyRSP]
"CategoryMessageFile"="D:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\GeekBuddyRSP]
"EventMessageFile"="D:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\GeekBuddyRSP]
"ParameterMessageFile"="D:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HMD]
"DisplayName"="COMODO livePCsupport Hardware Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HMD]
"Description"="COMODO livePCsupport Hardware Monitor Driver"
[HKEY_USERS\.DEFAULT\Software\COMODO]
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\COMODO]
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\ComodoGroup]
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Uninstaller.exe"="Uninstaller"
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CIS\CIS.bat"="CIS"
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CBU\CBU.bat"="CBU"
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CD\CD.bat"="CD"
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CEVPN\CEVPN.bat"="CEVPN"
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CPM\CPM.bat"="CPM"
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CSC\CSC.bat"="CSC"
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CTC\CTC.bat"="CTC"
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CMF\CMF.bat"="CMF"
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\apwiz.bat"="apwiz"
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CGB\CGB.bat"="CGB"
[HKEY_USERS\S-1-5-21-220523388-261903793-1644491937-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)\Scripts\CU\CU.bat"="CU"
[HKEY_USERS\S-1-5-18\Software\COMODO]

Searching for "Microsoft Security Essentials"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Microsoft Security Essentials]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\AutoLogger\Microsoft Security Essentials]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\AutoLogger\Microsoft Security Essentials]
"FileName"="D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Security Essentials\Support\Application.etl"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Microsoft Antimalware]
"EventMessageFile"="D:\Program Files\Microsoft Security Essentials\MpEvMsg.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Microsoft Antimalware]
"ParameterMessageFile"="D:\Program Files\Microsoft Security Essentials\MpEvMsg.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsMpSvc]
"ImagePath"=""D:\Program Files\Microsoft Security Essentials\MsMpEng.exe""

-= EOF =-

 

Thank You as Always;

 

Bill


wjh1170 (Bill)


#23 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 26 January 2014 - 01:27 PM

Hi wjh1170,
 

The program appeared to run as it should, however there is still a lot of stuff from Comodo in here.

that's because you have Comodo´s GeekBuddy installed
http://www.comodo.co...s-Remotely.html
It's up to you, if you uninstall it or leave it alone.


Please follow all previous instructions regarding security programs.
Disable your AntiVirus and AntiSpyware applications

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE
ClearJavaCache::

SecCenter::
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

Driver::
MpKslc4fa901a


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again. Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

CFScriptB-4.gif

When finished, please post the C:\ComboFix.txt for further review.

Enable your antivirus!
Graduate of the WTT Classroom
Cheers,
Jo

#24 wjh1170

wjh1170

    New Member

  • Authentic Member
  • Pip
  • 18 posts
  • Interests:Sports

Posted 27 January 2014 - 03:20 AM

Jo;

 

Here is the Combofix log you requested as per your instructions.

 

ComboFix 14-01-23.02 - HESS 01/27/2014   3:49.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2047.1522 [GMT -5:00]
Running from: d:\documents and settings\HESS\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\HESS\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MPKSLC4FA901A
-------\Service_MpKslc4fa901a
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-27 to 2014-01-27  )))))))))))))))))))))))))))))))
.
.
2014-01-26 11:38 . 2014-01-26 11:38    --------    d-----w-    d:\windows.0\system32\wbem\Repository
2014-01-25 14:16 . 2014-01-25 14:16    --------    d-----w-    d:\documents and settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)
2014-01-23 11:42 . 2014-01-23 11:42    --------    d-----w-    d:\windows.0\ERUNT
2014-01-23 00:20 . 2014-01-23 00:33    2968    ----a-w-    D:\FixitRegBackup.reg
2014-01-22 00:27 . 2014-01-23 12:24    --------    d-----w-    D:\AdwCleaner
2014-01-21 10:48 . 2014-01-21 10:50    51416    ----a-w-    d:\windows.0\system32\drivers\mbamchameleon.sys
2014-01-21 09:10 . 2014-01-21 09:10    --------    d-----w-    D:\SUPERDelete
2014-01-20 18:38 . 2014-01-20 18:38    --------    d-----w-    d:\program files\ShaPlus Bandwidth Meter
2014-01-19 09:04 . 2014-01-20 09:47    --------    d-----w-    d:\documents and settings\All Users.WINDOWS.0\Application Data\SearchModule
2014-01-19 09:02 . 2014-01-20 11:35    --------    d-----w-    d:\program files\Common Files\Goobzo
2014-01-19 09:02 . 2014-01-19 09:02    --------    d-----w-    d:\documents and settings\HESS\Local Settings\Application Data\Installer
2014-01-19 09:02 . 2014-01-19 09:02    --------    d-----w-    d:\documents and settings\HESS\Local Settings\Application Data\CrashRpt
2014-01-18 07:42 . 2013-03-20 14:49    11264    ----a-w-    d:\windows.0\system32\drivers\motusbdevice.sys
2014-01-18 07:42 . 2009-07-14 17:27    1461992    ----a-w-    d:\windows.0\system32\wdfcoinstaller01009.dll
2014-01-18 07:42 . 2013-03-20 14:51    6272    ----a-w-    d:\windows.0\system32\drivers\motfilt.sys
2014-01-18 07:42 . 2013-03-19 22:25    23936    ----a-w-    d:\windows.0\system32\drivers\Motousbnet.sys
2014-01-18 07:42 . 2013-03-19 22:25    21376    ----a-w-    d:\windows.0\system32\drivers\motccgp.sys
2014-01-18 07:42 . 2012-06-08 21:08    6656    ----a-w-    d:\windows.0\system32\drivers\motswch.sys
2014-01-17 04:05 . 2014-01-17 04:05    --------    d-----w-    d:\documents and settings\HESS\Local Settings\Application Data\libimobiledevice
2014-01-16 08:35 . 2014-01-16 08:37    --------    d-----w-    d:\program files\SlimCleaner
2014-01-16 06:20 . 2013-12-19 02:10    94632    ----a-w-    d:\windows.0\system32\WindowsAccessBridge.dll
2014-01-08 11:27 . 2014-01-08 11:27    --------    d-----w-    d:\documents and settings\HESS\Local Settings\Application Data\Sun
2014-01-07 10:17 . 2014-01-07 10:17    --------    d-----w-    d:\documents and settings\All Users.WINDOWS.0\Application Data\McAfee
2014-01-07 10:03 . 2014-01-07 10:03    --------    d-----w-    d:\program files\Microsoft Bootvis
2014-01-07 09:55 . 2014-01-07 09:58    --------    d-----w-    D:\Fonts Backup
2014-01-06 09:59 . 2014-01-06 09:59    --------    d-----w-    d:\documents and settings\HESS\Local Settings\Application Data\Programs
2014-01-04 08:01 . 2014-01-04 08:01    --------    d-----w-    d:\program files\YourWare Solutions
2014-01-04 08:00 . 2014-01-04 08:00    --------    d-----w-    d:\documents and settings\HESS\.android
2014-01-04 08:00 . 2014-01-04 08:03    --------    d-----w-    d:\documents and settings\HESS\Local Settings\Application Data\cache
2013-12-29 08:50 . 2014-01-23 09:02    --------    d-----w-    d:\documents and settings\HESS\Application Data\WinPatrol
2013-12-29 08:36 . 2013-12-29 08:36    --------    d-----w-    d:\program files\BillP Studios
2013-12-29 08:36 . 2013-12-29 08:36    --------    d-----w-    d:\documents and settings\All Users.WINDOWS.0\Application Data\InstallMate
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-18 07:32 . 2013-12-18 18:02    692616    ----a-w-    d:\windows.0\system32\FlashPlayerApp.exe
2014-01-18 07:32 . 2011-07-26 20:42    71048    ----a-w-    d:\windows.0\system32\FlashPlayerCPLApp.cpl
2013-12-25 08:41 . 2013-12-22 09:37    13464    ----a-w-    d:\windows.0\system32\drivers\SWDUMon.sys
2013-12-22 09:11 . 2013-12-22 09:11    1700352    ----a-w-    d:\windows.0\system32\gdiplus.dll
2013-12-20 14:05 . 2013-12-20 14:05    40392    ----a-w-    d:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA764D14-97EB-4263-9D8C-D77C6AF0C225}\MpKsl3857c20a.sys
2013-12-19 01:46 . 2009-06-09 22:48    145408    ----a-w-    d:\windows.0\system32\javacpl.cpl
2013-12-18 18:00 . 2010-02-06 11:26    270240    ----a-w-    d:\windows.0\system32\aswBoot.exe
2013-12-16 06:54 . 2013-12-20 16:20    7760024    ----a-w-    d:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CED51127-9566-4810-9220-2B6EF75F00CC}\mpengine.dll
2013-12-16 06:54 . 2013-12-20 16:13    7760024    ----a-w-    d:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2013-12-16 06:54 . 2013-12-20 09:11    7760024    ----a-w-    d:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA764D14-97EB-4263-9D8C-D77C6AF0C225}\mpengine.dll
2013-11-27 20:21 . 2008-04-14 05:27    40960    ----a-w-    d:\windows.0\system32\drivers\ndproxy.sys
2013-11-19 08:33 . 2010-01-01 11:06    230048    ------w-    d:\windows.0\system32\MpSigStub.exe
2013-11-13 02:59 . 2008-04-14 10:41    150528    ----a-w-    d:\windows.0\system32\imagehlp.dll
2013-11-07 05:38 . 2008-04-14 10:42    591360    ----a-w-    d:\windows.0\system32\rpcrt4.dll
2013-11-06 02:50 . 2013-11-06 02:50    120600    ----a-w-    d:\windows.0\system32\drivers\avgdiskx.sys
2013-11-06 01:03 . 2009-06-16 09:47    7168    ----a-w-    d:\windows.0\system32\xpsp4res.dll
2013-11-05 02:57 . 2013-11-05 02:57    209176    ----a-w-    d:\windows.0\system32\drivers\avgidsdriverx.sys
2013-11-01 04:00 . 2013-11-01 04:00    176952    ----a-w-    d:\windows.0\system32\drivers\avgldx86.sys
2013-11-01 03:30 . 2013-11-01 03:30    222520    ----a-w-    d:\windows.0\system32\drivers\avglogx.sys
2013-10-30 02:26 . 2008-04-14 06:00    1879040    ----a-w-    d:\windows.0\system32\win32k.sys
2010-04-28 08:50 . 2010-04-28 08:50    1401344    ----a-w-    d:\program files\HijackThis.msi
2001-10-05 17:53 . 2002-12-23 11:45    21866    -c--a-w-    d:\program files\Common Files\tppupd2k.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-08 . 679A7259741F6A09994F02CE261B5F2E . 507904 . . [5.1.2600.5512] . . d:\windows.0\system32\winlogon.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    d:\documents and settings\HESS\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    d:\documents and settings\HESS\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    d:\documents and settings\HESS\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    d:\documents and settings\HESS\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-08-08 16:28    97064    ----a-w-    d:\program files\Nero\Nero8\InCD\NBHShx.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="d:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 1591808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShaPlus Bandwidth Meter"="d:\program files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" [X]
"AppleSyncNotifier"="d:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"APSDaemon"="d:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"AVG_UI"="d:\program files\AVG\AVG2014\avgui.exe" [2013-11-08 4956176]
"ZoneAlarm"="d:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-10-26 73832]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-10-15 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21    548352    ----a-w-    d:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0d:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users.WINDOWS.0^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=d:\documents and settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=d:\windows.0\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\D:^Documents and Settings^HESS^Start Menu^Programs^Startup^Dropbox.lnk]
path=d:\documents and settings\HESS\Start Menu\Programs\Startup\Dropbox.lnk
backup=d:\windows.0\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\D:^Documents and Settings^HESS^Start Menu^Programs^Startup^Dropbox.lnk.disabled]
path=d:\documents and settings\HESS\Start Menu\Programs\Startup\Dropbox.lnk.disabled
backup=d:\windows.0\pss\Dropbox.lnk.disabledStartup
.
[HKLM\~\startupfolder\D:^Documents and Settings^HESS^Start Menu^Programs^Startup^HughesNetStatusMeter.lnk]
path=d:\documents and settings\HESS\Start Menu\Programs\Startup\HughesNetStatusMeter.lnk
backup=d:\windows.0\pss\HughesNetStatusMeter.lnkStartup
.
[HKLM\~\startupfolder\D:^Documents and Settings^HESS^Start Menu^Programs^Startup^MyPC Backup.lnk]
path=d:\documents and settings\HESS\Start Menu\Programs\Startup\MyPC Backup.lnk
backup=d:\windows.0\pss\MyPC Backup.lnkStartup
.
[HKLM\~\startupfolder\D:^Documents and Settings^HESS^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=d:\documents and settings\HESS\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=d:\windows.0\pss\OpenOffice.org 3.1.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-12-21 06:04    959904    ----a-w-    d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX620 Series]
2004-05-19 20:00    98304    ----a-w-    d:\windows.0\system32\spool\drivers\w32x86\3\E_FATI9HA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
2009-09-06 14:26    1230336    ----a-w-    d:\program files\FileZilla Server\FileZilla Server Interface.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2014-01-06 09:57    116648    ----atw-    d:\documents and settings\HESS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 03:13    208952    ----a-w-    d:\windows.0\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2008-08-08 16:27    1083176    ----a-w-    d:\program files\Nero\Nero8\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 20:06    1840424    ----a-w-    d:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-08-22 19:13    2363392    ----a-w-    d:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-17 03:12    3872080    ----a-w-    d:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
2008-07-21 20:54    169312    ----a-w-    d:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-09 19:39    570664    ----a-w-    d:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-06-03 04:48    1753192    ----a-w-    d:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2008-08-08 16:28    2049320    ----a-w-    d:\program files\Nero\Nero8\InCD\NBHGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 18:33    17418928    ----a-r-    d:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 14:16    254336    ----a-w-    d:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayMin900]
2005-08-25 11:41    266240    ----a-r-    d:\windows.0\system32\drivers\Tray900.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
2013-12-10 05:01    455744    ------w-    d:\program files\BillP Studios\WinPatrol\WinPatrol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TTFixerService"=2 (0x2)
"Pctspk"=2 (0x2)
"Maxtor Sync Service"=3 (0x3)
"LBTServ"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="d:\documents and settings\HESS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"SUPERAntiSpyware"=d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"DiskeeperSystray"="d:\program files\Executive Software\Diskeeper\DkIcon.exe"
"MSPY2002"=d:\windows.0\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"PhiBtn"=%SystemRoot%\System32\drivers\PhiBtn.exe
"PHIME2002A"=d:\windows.0\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"PHIME2002ASync"=d:\windows.0\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"NvCplDaemon"=RUNDLL32.EXE d:\windows.0\system32\NvCpl.dll,NvStartup
"nwiz"=d:\program files\NVIDIA Corporation\nView\nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE d:\windows.0\system32\NvMcTray.dll,NvTaskbarInit
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"AppleSyncNotifier"=d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" -atboottime
"mmtask"=c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe
"zBrowser Launcher"=d:\program files\Logitech\iTouch\iTouch.exe
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XII.SP2c\\RpcAgentSrv.exe"=
"d:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"d:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"d:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"d:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
"d:\\Documents and Settings\\HESS\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"d:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSHX;AVGIDSHX;d:\windows.0\system32\drivers\avgidshx.sys [10/24/2013 10:28 PM 147768]
R0 Avglogx;AVG Logging Driver;d:\windows.0\system32\drivers\avglogx.sys [10/31/2013 10:30 PM 222520]
R0 Avgrkx86;AVG Anti-Rootkit Driver;d:\windows.0\system32\drivers\avgrkx86.sys [9/10/2013 12:43 AM 27448]
R1 Avgdiskx;AVG Disk Driver;d:\windows.0\system32\drivers\avgdiskx.sys [11/5/2013 9:50 PM 120600]
R1 AVGIDSDriver;AVGIDSDriver;d:\windows.0\system32\drivers\avgidsdriverx.sys [11/4/2013 9:57 PM 209176]
R1 AVGIDSShim;AVGIDSShim;d:\windows.0\system32\drivers\avgidsshimx.sys [9/17/2013 12:57 AM 22840]
R1 Avgldx86;AVG AVI Loader Driver;d:\windows.0\system32\drivers\avgldx86.sys [10/31/2013 11:00 PM 176952]
R1 Avgtdix;AVG TDI Driver;d:\windows.0\system32\drivers\avgtdix.sys [8/1/2013 4:08 PM 193848]
R1 HMD;COMODO livePCsupport Hardware Monitor Driver;d:\windows.0\system32\drivers\hmd.sys [10/7/2013 12:17 AM 14272]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 10:25 AM 12880]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 67664]
R2 AVGIDSAgent;AVGIDSAgent;d:\program files\AVG\AVG2014\avgidsagent.exe [11/11/2013 10:02 PM 3478544]
R2 avgwd;AVG WatchDog;d:\program files\AVG\AVG2014\avgwdsvc.exe [9/24/2013 1:33 AM 348008]
R2 cpuz133;cpuz133;d:\windows.0\system32\drivers\cpuz133_x32.sys [6/5/2010 5:19 AM 20968]
R2 Motorola Device Manager;Motorola Device Manager Service;d:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [11/15/2013 9:24 AM 137528]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;d:\program files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [10/15/2013 5:38 AM 50704]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;d:\windows.0\system32\drivers\nvoclock.sys [3/9/2009 11:25 AM 38304]
S2 SkypeUpdate;Skype Updater;d:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 !SASCORE;SAS Core Service;d:\program files\SUPERAntiSpyware\SASCORE.EXE [7/1/2010 2:23 PM 116608]
S3 als4k;Avance Audio Miniport Driver (WDM);d:\windows.0\system32\drivers\als4000.sys [10/22/2001 11:46 AM 28919]
S3 BTCFilterService;USB Networking Driver Filter Service;d:\windows.0\system32\drivers\motfilt.sys [1/18/2014 2:42 AM 6272]
S3 camvid40;Philips SPC 900NC PC Camera;d:\windows.0\system32\drivers\camdrv41.sys [6/16/2009 6:44 AM 1240576]
S3 cpudrv;cpudrv;d:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 9:58 AM 11336]
S3 motccgp;Motorola USB Composite Device Driver;d:\windows.0\system32\drivers\motccgp.sys [1/18/2014 2:42 AM 21376]
S3 motccgpfl;MotCcgpFlService;d:\windows.0\system32\DRIVERS\motccgpfl.sys --> d:\windows.0\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;d:\windows.0\system32\drivers\Motousbnet.sys [1/18/2014 2:42 AM 23936]
S3 motusbdevice;Motorola USB Dev Driver;d:\windows.0\system32\drivers\motusbdevice.sys [1/18/2014 2:42 AM 11264]
S3 NeroRegInCDSrv;Nero Registry InCD Service;d:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [8/8/2008 11:28 AM 53032]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;d:\program files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\RpcAgentSrv.exe [6/21/2009 2:48 AM 98488]
S3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]
S3 SWDUMon;SWDUMon;d:\windows.0\system32\drivers\SWDUMon.sys [12/22/2013 4:37 AM 13464]
S4 TTFixerService;NST ToolTipFixer;"d:\program files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe" --> d:\program files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper    REG_MULTI_SZ       getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-08-22 19:11    451872    ----a-w-    d:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-26 d:\windows.0\Tasks\Adobe Flash Player Updater.job
- d:\windows.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-18 07:32]
.
2014-01-20 d:\windows.0\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2014-01-27 d:\windows.0\Tasks\AVG_SYS_TASK.job
- d:\documents and settings\All Users.WINDOWS.0\Application Data\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe [2013-12-21 18:06]
.
2014-01-27 d:\windows.0\Tasks\AVG_SYS_TASK_DELETE.job
- d:\documents and settings\All Users.WINDOWS.0\Application Data\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe [2013-12-21 18:06]
.
2014-01-27 d:\windows.0\Tasks\GoogleUpdateTaskMachineCore1cefc1ca1468c7b.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 10:14]
.
2014-01-27 d:\windows.0\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 10:14]
.
2014-01-23 d:\windows.0\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-261903793-1644491937-1003Core.job
- d:\documents and settings\HESS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2014-01-06 09:57]
.
2014-01-27 d:\windows.0\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-261903793-1644491937-1003UA.job
- d:\documents and settings\HESS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2014-01-06 09:57]
.
2014-01-26 d:\windows.0\Tasks\Motorola Device Manager Engine.job
- d:\program files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31 15:05]
.
2014-01-18 d:\windows.0\Tasks\Motorola Device Manager Update.job
- d:\program files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31 15:05]
.
2014-01-27 d:\windows.0\Tasks\OGALogon.job
- d:\windows.0\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.zonealarm.com/?src=hp&tbid=goughGA&Lan=en&gu=0c5fc5451cf94920a5e39ea319a7af67&tu=10G9y00Be2C01g0&sku=&tstsId=&ver=&
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: E&xport to Microsoft Excel - d:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - d:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 184.63.160.68 184.63.160.69 192.168.1.1
DPF: {CAEAFE12-7726-4C39-B620-2601216CFBB5} - hxxp://phughescw.hughes.motive.com/wizlet/spaceway/static/controls/Mcci_6-1-0.cab
FF - ProfilePath - d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-27 04:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
d:\program files\SUPERAntiSpyware\SASWINLO.DLL
d:\windows.0\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2904)
d:\windows.0\system32\WININET.dll
d:\documents and settings\HESS\Application Data\Dropbox\bin\DropboxExt.22.dll
d:\program files\Nero\Nero8\InCD\NBHShx.dll
d:\windows.0\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
d:\program files\Nero\Nero8\InCD\NBHStr.dll
d:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
d:\windows.0\system32\ieframe.dll
d:\windows.0\system32\webcheck.dll
d:\windows.0\system32\WPDShServiceObj.dll
d:\program files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
d:\windows.0\system32\PortableDeviceTypes.dll
d:\windows.0\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Java\jre7\bin\jqs.exe
d:\program files\Common Files\Motive\McciCMService.exe
d:\program files\NVIDIA Corporation\nTune\nTuneService.exe
d:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
d:\windows.0\system32\locator.exe
d:\program files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
d:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2014-01-27  04:18:10 - machine was rebooted
ComboFix-quarantined-files.txt  2014-01-27 09:17
ComboFix2.txt  2014-01-23 01:47
.
Pre-Run: 21,619,679,232 bytes free
Post-Run: 21,602,807,808 bytes free
.
- - End Of File - - DE55EBE37F1A4414320AB31BC4AF90A2
8F558EB6672622401DA993E1E865C861
 


wjh1170 (Bill)


#25 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 27 January 2014 - 10:36 AM

Hi wjh1170,

1. Java
1.1 Uninstall old Java versions (if present):
  • Please go to Start > Control Panel > Programs and Features .
  • Locate all Java 6 Updates
  • Java 6 Update 16
  • Java 6 Update 18
  • Java 6 Update 20
  • Java 6 Update ...
  • Uninstall them all.
1.2 Find here instructions how to clear the java cache.
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
Under Temporary Internet Files, click the Delete Files button.
There are options in the window to clear the cache - Leave ALL Checked
  • Applications and Applets
  • Trace and log files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel.

 

***


2. Malwarebytes' Anti-Malware
Download the free version of Malwarebytes' Anti-Malware and save it to your desktop.
Double-click mbam-setup****.exe and follow the prompts to install the program.
Note to Vista | Windows 7/8 users, please right-click and select Run as Administrator.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware.
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply.
Note 1: The log can also be found via the Logs tab when Malwarebytes' Anti-Malware is started.
Note 2: If you receive a notice that some of the items couldn't be removed and they have been added to the delete on reboot list, please reboot.


***


3. ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

***


How the computer is running now?
Graduate of the WTT Classroom
Cheers,
Jo

    Advertisements

Register to Remove


#26 wjh1170

wjh1170

    New Member

  • Authentic Member
  • Pip
  • 18 posts
  • Interests:Sports

Posted 29 January 2014 - 03:38 AM

Jo;

 

I apologize for the slow response, we had an Ice Storm followed by a drop in temperature to -20 Celsius that caused a power outage here for the past two days. I just wanted to make sure you knew I had not forgotten the tremendous work you are doing.

 

I did complete the Malwarebytes Scan, and the Java deletions before the power went out, and have not used the computer again until this morning, I would assume this is still valid, if not, let me know and I can re-run.

 


1. Java
1.1 Uninstall old Java versions (if present):

  • Please go to Start > Control Panel > Programs and Features .
  • Locate all Java 6 Updates
  • Java 6 Update 16
  • Java 6 Update 18
  • Java 6 Update 20
  • Java 6 Update ...
  • Uninstall them all.

DONE!!
 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.27.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HESS :: HESS-A23995F71B [administrator]

1/27/2014 11:57:52 AM
mbam-log-2014-01-27 (11-57-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 500814
Time elapsed: 20 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

 

The ESET scan is currently at 31% completion with no threats found, this scan takes quite a bit of time, I am currently 2 hours and 15 minutes into it. I will post the results once it has finished.

 

You Asked;

 

"How the computer is running now?"

 

The Computer is running better than I can ever recall, my main initial complaint was that I was going through 10 GB of data with my Internet Carrier every few days, I am very pleased to tell you I have only gone through 1.5 GB of data since January 23 after you had helped me make several corrections.......that's 6 days and I am very pleased to say the least. Also my Boot time has increased remarkably, and I am getting much faster internet connection speeds.

 

In my humble opinion you have done a very thorough job and words cannot express the gratitude I feel. I initially posted I had a few health issues but declined to go into detail so it would not be perceived as an attempt to get faster service on the site. The truth is I am a Brain injury survivor of nearly 10 years, and suffered a stroke a couple of months ago. The computer is how I help to rehabilitate myself. My point is......your instructions have been very clear, concise, and easy for me to follow. I will always remember your help, without the fixes you have done, I have no idea how I would have proceeded.

 

So I say again.........Thank You so Very Much Jo!!!!!!!!!!!!!


wjh1170 (Bill)


#27 wjh1170

wjh1170

    New Member

  • Authentic Member
  • Pip
  • 18 posts
  • Interests:Sports

Posted 29 January 2014 - 04:43 PM

Jo;

 

Here are the results of the ESET Scan;

 

D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy\Recovery\WinDownloadergen4.zip    Win32/Bagle.gen.zip worm
D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy\Recovery\WinDownloadergen5.zip    Win32/Bagle.gen.zip worm
D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy\Recovery\WinDownloadergen6.zip    Win32/Bagle.gen.zip worm
D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy\Recovery\WinDownloadergen7.zip    Win32/Bagle.gen.zip worm
D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy\Recovery\WinDownloadergen8.zip    Win32/Bagle.gen.zip worm

 

 

Thanks as Always;

 

Bill
 


wjh1170 (Bill)


#28 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 30 January 2014 - 09:19 AM

Hi wjh1170,

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    
    :Files
    D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy\Recovery\WinDownloadergen4.zip 
    D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy\Recovery\WinDownloadergen5.zip 
    D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy\Recovery\WinDownloadergen6.zip 
    D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy\Recovery\WinDownloadergen7.zip 
    D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy\Recovery\WinDownloadergen8.zip
    
    :Commands
    [purity]
    [emptytemp]
    


    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system.
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post Fix OTL log as well as a new OTL log by rerunning it after reboot without custom scans script.

Graduate of the WTT Classroom
Cheers,
Jo

#29 wjh1170

wjh1170

    New Member

  • Authentic Member
  • Pip
  • 18 posts
  • Interests:Sports

Posted 31 January 2014 - 03:17 AM

Hello again Jo;

 

As per your instructions:

 

Results of OTL scan with your script

 

All processes killed
========== OTL ==========
========== FILES ==========
D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy\Recovery\WinDownloadergen4.zip moved successfully.
D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy\Recovery\WinDownloadergen5.zip moved successfully.
D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy\Recovery\WinDownloadergen6.zip moved successfully.
D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy\Recovery\WinDownloadergen7.zip moved successfully.
D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy\Recovery\WinDownloadergen8.zip moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Administrator.HESS-A23995F71B
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Administrator.HESS-A23995F71B.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 469 bytes
->FireFox cache emptied: 13556356 bytes
 
User: All Users
 
User: All Users.WINDOWS
 
User: All Users.WINDOWS.0
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User.WINDOWS.0
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 469 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
User: HESS
->Temp folder emptied: 218836854 bytes
->Temporary Internet Files folder emptied: 10360085 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 73252992 bytes
->Google Chrome cache emptied: 557424 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 58473 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: NetworkService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Owner
 
User: W.J. Hess
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: WJ48CD~1~HES
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70759 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 71652 bytes
 
Total Files Cleaned = 302.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01312014_035304

Files\Folders moved on Reboot...
File\Folder D:\Documents and Settings\HESS\Local Settings\Temp\tmpA.tmp not found!
D:\Documents and Settings\HESS\Local Settings\Temp\~DF8D1E.tmp moved successfully.
File\Folder D:\WINDOWS.0\temp\ZLT030ec.TMP not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

 

Results of OTL scan after reboot

 

OTL logfile created on: 1/31/2014 3:58:01 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Documents and Settings\HESS\Desktop\What The Tech Apps
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.68% Memory free
5.85 Gb Paging File | 5.32 Gb Available in Paging File | 90.90% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092D:\pagef [Binary data over 200 bytes]
 
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS.0 | %ProgramFiles% = D:\Program Files
Drive C: | 74.50 Gb Total Space | 10.64 Gb Free Space | 14.28% Space Free | Partition Type: NTFS
Drive D: | 55.89 Gb Total Space | 20.32 Gb Free Space | 36.37% Space Free | Partition Type: NTFS
 
Computer Name: HESS-A23995F71B | User Name: HESS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Documents and Settings\HESS\Desktop\What The Tech Apps\OTL.exe (OldTimer Tools)
PRC - D:\Program Files\AVG\AVG2014\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)
PRC - D:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Motorola Mobility LLC)
PRC - D:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\AVG\AVG2014\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - D:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - D:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
PRC - D:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe (ShaPlus Software)
PRC - D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
PRC - D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
PRC - D:\WINDOWS.0\explorer.exe (Microsoft Corporation)
PRC - D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
 
 
========== Modules (No Company Name) ==========
 
MOD - D:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\cab8d2f8933390bab32c35c5c6a479bd\System.Configuration.Install.ni.dll ()
MOD - D:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll ()
MOD - D:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll ()
MOD - D:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll ()
MOD - D:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll ()
MOD - D:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Core\83cd19e8259b8dd9435c1c3f8f31b60c\System.Core.ni.dll ()
MOD - D:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll ()
MOD - D:\Program Files\Motorola Mobility\Motorola Device Manager\css_core.dll ()
MOD - D:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - D:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (TTFixerService) -- D:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- D:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Motorola Device Manager) -- D:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)
SRV - (AVGIDSAgent) -- D:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (vsmon) -- D:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (ZAPrivacyService) -- D:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
SRV - (avgwd) -- D:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- D:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (!SASCORE) -- D:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (getPlusHelper) -- D:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (LxrJD31s) -- D:\WINDOWS.0\System32\LxrJD31s.exe ()
SRV - (FileZilla Server) -- D:\Program Files\FileZilla Server\FileZilla server.exe (FileZilla Project)
SRV - (UpdateCenterService) -- D:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe (NVIDIA)
SRV - (nTuneService) -- D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (spupdsvc) -- D:\WINDOWS.0\system32\spupdsvc.exe (Microsoft Corporation)
SRV - (NeroRegInCDSrv) -- D:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe (Nero AG)
SRV - (InCDsrv) -- D:\Program Files\Nero\Nero8\InCD\InCDsrv.exe (Nero AG)
SRV - (Maxtor Sync Service) -- D:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (SandraAgentSrv) -- D:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\RpcAgentSrv.exe (SiSoftware)
SRV - (Diskeeper) -- D:\Program Files\Executive Software\Diskeeper\DkService.exe (Executive Software International, Inc.)
SRV - (Pctspk) -- D:\WINDOWS.0\system32\pctspk.exe (PCtel, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WudfRd) -- D:\WINDOWS.0\system32\wudfrd.sys File not found
DRV - (WudfPf) -- D:\WINDOWS.0\system32\WudfPf.sys File not found
DRV - (WDICA) --  File not found
DRV - (Wdf01000) -- system32\DRIVERS\Wdf01000.sys File not found
DRV - (SWUMX20) -- system32\DRIVERS\swumx20.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (MRESP50a64) -- D:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found
DRV - (MREMP50a64) -- D:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found
DRV - (motccgpfl) -- system32\DRIVERS\motccgpfl.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- D:\ComboFix\catchme.sys File not found
DRV - (SWDUMon) -- D:\WINDOWS.0\system32\drivers\SWDUMon.sys ()
DRV - (Avgdiskx) -- D:\WINDOWS.0\system32\drivers\avgdiskx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- D:\WINDOWS.0\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- D:\WINDOWS.0\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- D:\WINDOWS.0\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Vsdatant) -- D:\WINDOWS.0\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (AVGIDSHX) -- D:\WINDOWS.0\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (HMD) -- D:\WINDOWS.0\system32\drivers\hmd.sys ()
DRV - (Avgmfx86) -- D:\WINDOWS.0\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- D:\WINDOWS.0\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- D:\WINDOWS.0\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- D:\WINDOWS.0\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BTCFilterService) -- D:\WINDOWS.0\system32\drivers\motfilt.sys (Motorola Inc)
DRV - (motusbdevice) -- D:\WINDOWS.0\system32\drivers\motusbdevice.sys (Motorola Inc)
DRV - (Motousbnet) -- D:\WINDOWS.0\system32\drivers\Motousbnet.sys (Motorola Mobility Inc)
DRV - (motccgp) -- D:\WINDOWS.0\system32\drivers\motccgp.sys (Motorola Mobility Inc)
DRV - (MotoSwitchService) -- D:\WINDOWS.0\system32\drivers\motswch.sys (Motorola)
DRV - (SASKUTIL) -- D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (LxrJD31d) -- D:\WINDOWS.0\system32\drivers\LxrJD31d.sys ()
DRV - (cpuz133) -- D:\WINDOWS.0\system32\drivers\cpuz133_x32.sys (Windows ® Win 7 DDK provider)
DRV - (SASENUM) -- D:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (cpudrv) -- D:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (nvoclock) -- D:\WINDOWS.0\system32\drivers\nvoclock.sys (NVIDIA Corp.)
DRV - (swmsflt) -- D:\WINDOWS.0\system32\drivers\swmsflt.sys ()
DRV - (InCDfs) -- D:\WINDOWS.0\system32\drivers\InCDfs.sys (Nero AG)
DRV - (incdrm) -- D:\WINDOWS.0\system32\drivers\InCDRm.sys (Nero AG)
DRV - (InCDPass) -- D:\WINDOWS.0\system32\drivers\InCDPass.sys (Nero AG)
DRV - (InCDRec) -- D:\WINDOWS.0\system32\drivers\InCDrec.sys (Nero AG)
DRV - (gameenum) -- D:\WINDOWS.0\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (nm) -- D:\WINDOWS.0\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (AN983) -- D:\WINDOWS.0\system32\drivers\an983.sys (ADMtek Incorporated.)
DRV - (SANDRA) -- D:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\WNt500x86\sandra.sys (SiSoftware)
DRV - (LMouKE) -- D:\WINDOWS.0\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- D:\WINDOWS.0\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- D:\WINDOWS.0\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- D:\WINDOWS.0\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- D:\WINDOWS.0\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (MREMP50) -- D:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- D:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MXOPSWD) -- D:\WINDOWS.0\system32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (camvid40) -- D:\WINDOWS.0\system32\drivers\camdrv41.sys (Philips Consumer Electronics)
DRV - (smrt) -- D:\WINDOWS.0\system32\drivers\smrt.sys (Sony Corporation)
DRV - (itchfltr) -- D:\WINDOWS.0\system32\drivers\itchfltr.sys (Logitech, Inc.)
DRV - (als4k) -- D:\WINDOWS.0\system32\drivers\als4000.sys (Avance Logic, Inc.)
DRV - (Vpctcom) -- D:\WINDOWS.0\system32\drivers\vpctcom.sys (PCtel, Inc.)
DRV - (Vvoice) -- D:\WINDOWS.0\system32\drivers\vvoice.sys (PCtel, Inc.)
DRV - (Vmodem) -- D:\WINDOWS.0\system32\drivers\vmodem.sys (PCTEL, INC.)
DRV - (Ptserlp) -- D:\WINDOWS.0\system32\drivers\ptserlp.sys (PCTEL, INC.)
DRV - (DMICall) -- D:\WINDOWS.0\system32\drivers\DMICall.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS.0\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS.0\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 A7 8B 79 3A 0C CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B4A65FE-2087-4F0E-9609-5B154A682F67}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{C365D2C2-CDBB-4D39-84BD-ED1418F9D43C}: "URL" = http://search.zoneal...Id=&ver=&&r=203
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.3
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\WINDOWS.0\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: d:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: D:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: d:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: D:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: D:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: D:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: D:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: D:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2013/12/18 13:37:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2014/01/18 02:37:02 | 000,000,000 | ---D | M]
 
[2009/06/15 15:30:19 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\HESS\Application Data\Mozilla\Extensions
[2014/01/23 03:47:28 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions
[2013/12/19 16:51:17 | 000,000,000 | ---D | M] (WOT) -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/12/22 04:15:10 | 000,000,000 | ---D | M] (DownloadHelper) -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/12/22 06:29:16 | 000,000,000 | ---D | M] ("PrivDog") -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\PrivDog@AdTrustMedia.com
[2013/12/18 12:24:12 | 000,348,260 | ---- | M] () (No name found) -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\personas@christopher.beard.xpi
[2014/01/18 01:15:26 | 000,940,775 | ---- | M] () (No name found) -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/01/23 04:53:21 | 000,002,289 | ---- | M] () -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\searchplugins\alexa.xml
[2014/01/04 02:59:05 | 000,001,100 | ---- | M] () -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\searchplugins\connect-dlc-5-customized-web-search.xml
[2009/06/15 16:41:45 | 000,001,632 | ---- | M] () -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\searchplugins\live-search.xml
[2011/11/09 16:12:29 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2013/12/18 12:22:59 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/18 12:22:59 | 000,000,000 | ---D | M] (Default) -- D:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/01 15:51:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\WINDOWS.0\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2004/11/12 22:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Drive = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Google Wallet = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/01/27 04:07:09 | 000,000,027 | ---- | M]) - D:\WINDOWS.0\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] D:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ShaPlus Bandwidth Meter] "D:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s File not found
O4 - HKLM..\Run: [ZoneAlarm] D:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [FreeRAM XP] D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://D:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAEAFE12-7726-4C39-B620-2601216CFBB5} http://phughescw.hug.../Mcci_6-1-0.cab (McciContext Class)
O16 - DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_51)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_51)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 184.63.160.68 184.63.160.69 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F35E9F8-C8F5-44E1-98A7-A03CF2BC6842}: DhcpNameServer = 67.142.164.10 67.142.164.11 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88C1685A-4604-41DA-89EC-6F6F00B585F0}: DhcpNameServer = 184.63.160.68 184.63.160.69 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS.0\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS.0\system32\userinit.exe) - D:\WINDOWS.0\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: D:\Documents and Settings\HESS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\HESS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/29 07:52:00 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (D:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/31 03:53:04 | 000,000,000 | ---D | C] -- D:\_OTL
[2014/01/30 05:03:33 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\HESS\Recent
[2014/01/29 17:44:02 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\AVG 0214c Campaign
[2014/01/27 12:24:55 | 000,000,000 | ---D | C] -- D:\Program Files\ESET
[2014/01/27 11:51:22 | 000,000,000 | ---D | C] -- D:\WINDOWS.0\System32\appmgmt
[2014/01/27 04:31:19 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2014/01/25 09:16:10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Application Data\Uninstaller Tool(Comodo Forums)
[2014/01/23 06:42:59 | 000,000,000 | ---D | C] -- D:\WINDOWS.0\ERUNT
[2014/01/22 20:00:06 | 000,518,144 | ---- | C] (SteelWerX) -- D:\WINDOWS.0\SWREG.exe
[2014/01/22 20:00:06 | 000,406,528 | ---- | C] (SteelWerX) -- D:\WINDOWS.0\SWSC.exe
[2014/01/22 20:00:06 | 000,212,480 | ---- | C] (SteelWerX) -- D:\WINDOWS.0\SWXCACLS.exe
[2014/01/22 20:00:06 | 000,060,416 | ---- | C] (NirSoft) -- D:\WINDOWS.0\NIRCMD.exe
[2014/01/22 06:39:28 | 000,000,000 | ---D | C] -- D:\Qoobox
[2014/01/22 06:37:30 | 005,175,240 | R--- | C] (Swearware) -- D:\Documents and Settings\HESS\Desktop\ComboFix.exe
[2014/01/22 06:30:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Desktop\What The Tech Apps
[2014/01/21 19:27:18 | 000,000,000 | ---D | C] -- D:\AdwCleaner
[2014/01/21 05:48:45 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS.0\System32\drivers\mbamchameleon.sys
[2014/01/21 04:10:00 | 000,000,000 | ---D | C] -- D:\SUPERDelete
[2014/01/20 13:38:28 | 000,000,000 | ---D | C] -- D:\Program Files\ShaPlus Bandwidth Meter
[2014/01/20 13:38:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Start Menu\Programs\ShaPlus Bandwidth Meter
[2014/01/20 03:07:42 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Desktop\tor
[2014/01/19 04:04:48 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\SearchModule
[2014/01/19 04:02:55 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Goobzo
[2014/01/19 04:02:44 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Local Settings\Application Data\Installer
[2014/01/19 04:02:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Local Settings\Application Data\CrashRpt
[2014/01/18 02:43:57 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Motorola Device Manager
[2014/01/18 02:42:43 | 001,461,992 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS.0\System32\wdfcoinstaller01009.dll
[2014/01/18 02:42:43 | 000,011,264 | ---- | C] (Motorola Inc) -- D:\WINDOWS.0\System32\drivers\motusbdevice.sys
[2014/01/18 02:42:42 | 000,023,936 | ---- | C] (Motorola Mobility Inc) -- D:\WINDOWS.0\System32\drivers\Motousbnet.sys
[2014/01/18 02:42:42 | 000,006,272 | ---- | C] (Motorola Inc) -- D:\WINDOWS.0\System32\drivers\motfilt.sys
[2014/01/18 02:42:37 | 000,021,376 | ---- | C] (Motorola Mobility Inc) -- D:\WINDOWS.0\System32\drivers\motccgp.sys
[2014/01/18 02:42:37 | 000,006,656 | ---- | C] (Motorola) -- D:\WINDOWS.0\System32\drivers\motswch.sys
[2014/01/18 02:42:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Desktop\V & Other Pics
[2014/01/16 23:05:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Local Settings\Application Data\libimobiledevice
[2014/01/16 03:35:18 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\SlimCleaner
[2014/01/16 03:35:16 | 000,000,000 | ---D | C] -- D:\Program Files\SlimCleaner
[2014/01/16 01:20:50 | 000,264,616 | ---- | C] (Oracle Corporation) -- D:\WINDOWS.0\System32\javaws.exe
[2014/01/16 01:20:34 | 000,175,016 | ---- | C] (Oracle Corporation) -- D:\WINDOWS.0\System32\javaw.exe
[2014/01/16 01:20:34 | 000,174,504 | ---- | C] (Oracle Corporation) -- D:\WINDOWS.0\System32\java.exe
[2014/01/16 01:20:34 | 000,094,632 | ---- | C] (Oracle Corporation) -- D:\WINDOWS.0\System32\WindowsAccessBridge.dll
[2014/01/08 06:27:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Local Settings\Application Data\Sun
[2014/01/07 05:19:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Java
[2014/01/07 05:17:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\McAfee
[2014/01/07 05:03:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Start Menu\Programs\Microsoft Bootvis
[2014/01/07 05:03:13 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Bootvis
[2014/01/07 04:55:28 | 000,000,000 | ---D | C] -- D:\Fonts Backup
[2014/01/06 04:59:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Start Menu\Programs\Music Manager
[2014/01/06 04:59:10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Local Settings\Application Data\Programs
[2014/01/04 03:01:13 | 000,000,000 | ---D | C] -- D:\Program Files\YourWare Solutions
[2014/01/04 03:01:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Start Menu\Programs\FreeRAM XP Pro
[2014/01/04 03:00:57 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\.android
[2014/01/04 03:00:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Local Settings\Application Data\cache
[2002/12/23 06:45:40 | 000,021,866 | ---- | C] (In-System Design, Inc.) -- D:\Program Files\Common Files\tppupd2k.dll
[3 D:\Documents and Settings\HESS\*.tmp files -> D:\Documents and Settings\HESS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/31 03:55:59 | 000,002,206 | ---- | M] () -- D:\WINDOWS.0\System32\wpa.dbl
[2014/01/31 03:55:30 | 000,000,240 | ---- | M] () -- D:\WINDOWS.0\tasks\OGALogon.job
[2014/01/31 03:55:26 | 000,000,882 | ---- | M] () -- D:\WINDOWS.0\tasks\GoogleUpdateTaskMachineCore1cefc1ca1468c7b.job
[2014/01/31 03:55:26 | 000,000,482 | ---- | M] () -- D:\WINDOWS.0\tasks\AVG_SYS_TASK_DELETE.job
[2014/01/31 03:55:26 | 000,000,454 | ---- | M] () -- D:\WINDOWS.0\tasks\AVG_SYS_TASK.job
[2014/01/31 03:55:06 | 000,002,048 | --S- | M] () -- D:\WINDOWS.0\bootstat.dat
[2014/01/31 03:46:00 | 000,000,882 | ---- | M] () -- D:\WINDOWS.0\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/31 01:26:00 | 000,000,834 | ---- | M] () -- D:\WINDOWS.0\tasks\Adobe Flash Player Updater.job
[2014/01/31 01:12:24 | 000,000,974 | ---- | M] () -- D:\WINDOWS.0\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-261903793-1644491937-1003UA.job
[2014/01/30 05:12:03 | 000,000,922 | ---- | M] () -- D:\WINDOWS.0\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-261903793-1644491937-1003Core.job
[2014/01/29 19:39:22 | 000,002,487 | ---- | M] () -- D:\Documents and Settings\HESS\Desktop\Microsoft Word.lnk
[2014/01/29 02:44:04 | 000,000,460 | ---- | M] () -- D:\WINDOWS.0\tasks\Motorola Device Manager Engine.job
[2014/01/27 04:07:09 | 000,000,027 | ---- | M] () -- D:\WINDOWS.0\System32\drivers\etc\hosts
[2014/01/27 03:45:50 | 005,175,240 | R--- | M] (Swearware) -- D:\Documents and Settings\HESS\Desktop\ComboFix.exe
[2014/01/26 15:54:25 | 000,044,128 | ---- | M] () -- D:\WINDOWS.0\System32\FNTCACHE.DAT
[2014/01/26 06:44:29 | 000,002,235 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS.0\Desktop\SlimCleaner.lnk
[2014/01/24 05:51:29 | 000,000,682 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS.0\Desktop\CCleaner.lnk
[2014/01/22 19:33:25 | 000,002,968 | ---- | M] () -- D:\FixitRegBackup.reg
[2014/01/22 18:54:45 | 000,002,485 | ---- | M] () -- D:\Documents and Settings\HESS\Desktop\Microsoft Excel.lnk
[2014/01/21 05:50:35 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS.0\System32\drivers\mbamchameleon.sys
[2014/01/21 04:07:47 | 000,000,000 | ---- | M] () -- D:\Documents and Settings\HESS\defogger_reenable
[2014/01/20 13:49:34 | 000,002,439 | ---- | M] () -- D:\Documents and Settings\HESS\Desktop\HiJackThis.lnk
[2014/01/20 13:24:00 | 000,000,284 | ---- | M] () -- D:\WINDOWS.0\tasks\AppleSoftwareUpdate.job
[2014/01/20 04:46:31 | 000,002,201 | ---- | M] () -- D:\Documents and Settings\HESS\Application Data\Microsoft\Internet Explorer\Quick Launch\Live From The Press Box.Com.lnk
[2014/01/20 04:46:31 | 000,001,831 | ---- | M] () -- D:\Documents and Settings\HESS\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/20 04:46:31 | 000,000,815 | ---- | M] () -- D:\Documents and Settings\HESS\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/01/20 04:46:31 | 000,000,742 | ---- | M] () -- D:\Documents and Settings\HESS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/01/19 02:52:34 | 000,001,324 | ---- | M] () -- D:\WINDOWS.0\System32\d3d9caps.dat
[2014/01/18 03:01:49 | 000,000,476 | ---- | M] () -- D:\WINDOWS.0\tasks\Motorola Device Manager Update.job
[2014/01/18 02:59:21 | 000,000,051 | ---- | M] () -- D:\WINDOWS.0\iTouch.ini
[2014/01/18 02:45:00 | 000,000,000 | -H-- | M] () -- D:\WINDOWS.0\System32\drivers\Msft_Kernel_motfilt_01009.Wdf
[2014/01/18 02:44:59 | 000,000,000 | -H-- | M] () -- D:\WINDOWS.0\System32\drivers\Msft_Kernel_Motousbnet_01009.Wdf
[2014/01/18 02:43:18 | 000,000,000 | -H-- | M] () -- D:\WINDOWS.0\System32\drivers\Msft_Kernel_motccgp_01009.Wdf
[2014/01/18 02:43:12 | 000,000,000 | -H-- | M] () -- D:\WINDOWS.0\System32\drivers\Msft_Kernel_motusbdevice_01009.Wdf
[2014/01/18 02:43:10 | 000,000,000 | -H-- | M] () -- D:\WINDOWS.0\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2014/01/18 02:37:03 | 000,001,738 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS.0\Desktop\Adobe Reader XI.lnk
[2014/01/18 02:32:14 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- D:\WINDOWS.0\System32\FlashPlayerApp.exe
[2014/01/18 02:32:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- D:\WINDOWS.0\System32\FlashPlayerCPLApp.cpl
[3 D:\Documents and Settings\HESS\*.tmp files -> D:\Documents and Settings\HESS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/01/26 15:54:25 | 000,044,128 | ---- | C] () -- D:\WINDOWS.0\System32\FNTCACHE.DAT
[2014/01/22 20:00:06 | 000,256,000 | ---- | C] () -- D:\WINDOWS.0\PEV.exe
[2014/01/22 20:00:06 | 000,208,896 | ---- | C] () -- D:\WINDOWS.0\MBR.exe
[2014/01/22 20:00:06 | 000,098,816 | ---- | C] () -- D:\WINDOWS.0\sed.exe
[2014/01/22 20:00:06 | 000,080,412 | ---- | C] () -- D:\WINDOWS.0\grep.exe
[2014/01/22 20:00:06 | 000,068,096 | ---- | C] () -- D:\WINDOWS.0\zip.exe
[2014/01/22 19:20:55 | 000,002,968 | ---- | C] () -- D:\FixitRegBackup.reg
[2014/01/21 04:07:47 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\HESS\defogger_reenable
[2014/01/18 03:01:49 | 000,000,476 | ---- | C] () -- D:\WINDOWS.0\tasks\Motorola Device Manager Update.job
[2014/01/18 02:45:00 | 000,000,000 | -H-- | C] () -- D:\WINDOWS.0\System32\drivers\Msft_Kernel_motfilt_01009.Wdf
[2014/01/18 02:44:59 | 000,000,000 | -H-- | C] () -- D:\WINDOWS.0\System32\drivers\Msft_Kernel_Motousbnet_01009.Wdf
[2014/01/18 02:44:27 | 000,000,460 | ---- | C] () -- D:\WINDOWS.0\tasks\Motorola Device Manager Engine.job
[2014/01/18 02:43:18 | 000,000,000 | -H-- | C] () -- D:\WINDOWS.0\System32\drivers\Msft_Kernel_motccgp_01009.Wdf
[2014/01/18 02:43:12 | 000,000,000 | -H-- | C] () -- D:\WINDOWS.0\System32\drivers\Msft_Kernel_motusbdevice_01009.Wdf
[2014/01/18 02:43:10 | 000,000,000 | -H-- | C] () -- D:\WINDOWS.0\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2014/01/18 02:37:03 | 000,001,738 | ---- | C] () -- D:\Documents and Settings\All Users.WINDOWS.0\Desktop\Adobe Reader XI.lnk
[2014/01/18 02:37:02 | 000,001,808 | ---- | C] () -- D:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Adobe Reader XI.lnk
[2014/01/16 03:35:19 | 000,002,235 | ---- | C] () -- D:\Documents and Settings\All Users.WINDOWS.0\Desktop\SlimCleaner.lnk
[2014/01/06 04:58:40 | 000,000,974 | ---- | C] () -- D:\WINDOWS.0\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-261903793-1644491937-1003UA.job
[2014/01/06 04:58:39 | 000,000,922 | ---- | C] () -- D:\WINDOWS.0\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-261903793-1644491937-1003Core.job
[2013/12/22 04:37:34 | 000,013,464 | ---- | C] () -- D:\WINDOWS.0\System32\drivers\SWDUMon.sys
[2013/12/19 05:23:29 | 000,003,072 | ---- | C] () -- D:\WINDOWS.0\System32\iacenc.dll
[2013/10/07 00:17:38 | 000,014,272 | ---- | C] () -- D:\WINDOWS.0\System32\drivers\hmd.sys
[2013/02/08 05:03:08 | 002,816,504 | ---- | C] () -- D:\WINDOWS.0\System32\nvdata.data
[2010/08/31 05:28:53 | 000,000,036 | ---- | C] () -- D:\Documents and Settings\HESS\Local Settings\Application Data\housecall.guid.cache
[2010/07/04 03:20:27 | 000,000,091 | ---- | C] () -- D:\Documents and Settings\HESS\Application Data\default.pls
[2010/05/09 03:49:57 | 000,000,600 | ---- | C] () -- D:\Documents and Settings\HESS\Local Settings\Application Data\PUTTY.RND
[2010/04/28 03:50:49 | 001,401,344 | ---- | C] () -- D:\Program Files\HijackThis.msi
[2009/12/14 18:48:49 | 000,001,024 | ---- | C] () -- D:\Documents and Settings\HESS\.rnd
[2009/09/21 17:04:52 | 000,000,568 | RHS- | C] () -- D:\Documents and Settings\All Users.WINDOWS.0\ntuser.pol
[2009/06/21 02:48:15 | 007,118,848 | ---- | C] () -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\sandra.mda
[2009/06/15 15:51:18 | 000,036,864 | ---- | C] () -- D:\Documents and Settings\HESS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/09 18:00:24 | 000,000,086 | ---- | C] () -- D:\Documents and Settings\HESS\DelB18.bat
 
========== ZeroAccess Check ==========
 
[2009/06/09 17:49:41 | 000,000,227 | RHS- | M] () -- D:\WINDOWS.0\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/04/28 23:46:52 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
 

 

I have a question or two if you have time.

 

1. Spybot is an Anti-Malware program I thought, How did I get a Trojan in there. And do I need to just remove the program?

 

2. I run Spybot, Malwarebytes (Scan every other day) and have Zone Alarm and AVG. Are these programs sufficient or are there others that you might suggest?

 

Thanks as always for your tireless work;

 

Bill


wjh1170 (Bill)


#30 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 31 January 2014 - 08:17 AM

Hi wjh1170,
 

have a question or two if you have time.
1. Spybot is an Anti-Malware program I thought, How did I get a Trojan in there. And do I need to just remove the program?

What ESET found looks like files, that Spybot detected and quarantained earlier. So do not remove the program.
 

2. I run Spybot, Malwarebytes (Scan every other day) and have Zone Alarm and AVG. Are these programs sufficient or are there others that you might suggest?

Spybot & Malwarebytes are good.
ZoneAlarm Free Firewall + AVG 2014 are OK.

There is no program that protects you 100%; it is more important to follow some Preventive tips, which you get with this post.


It Appears That Your Pc Is Now Clean!
 

***


Clean up:
We used Combofix.
Deactivate your antivirus software once more.
  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

    CF-Uninstall.png
Enable your antivirus software.


***

Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Files
    D:\Documents and Settings\HESS\Desktop\What The Tech Apps
    
    :Commands
    [emptytemp]
    [clearallrestorepoints]
    
  • Close all other programs apart from OTL as this step may require a reboot
  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Say Yes to the prompt and then allow the program to reboot your computer.

***


Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.


***


Here are some Preventive tips to reduce the potential for spyware infection in the future:

1. Browse more secure2. Enable Protected Mode in Internet Explorer. This helps Windows Vista, 7 / 8 users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
  • Open Internet Explorer
  • Click on Tools > Internet Options
  • Press Security tab
  • Select Internet zone then place check next to Enable Protected Mode if not already done
  • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
  • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Make sure you keep your Windows OS current.
  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
4. Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
5. Use only one anti-virus software and keep it up-to-date.

6. Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

7. Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

8. Use Strong passwords!

9. Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/


***


Graduate of the WTT Classroom
Cheers,
Jo

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users