Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Again Cannot connect to Secure Sites

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Again Cannot connect to Secure Sites

Unread postby boondoc » October 27th, 2014, 9:21 pm

Very strange. After I uninstalled Covenant Eyes, as suggested previously by Gary, I was able to access secure sites temporarily with Comodo Dragon (a Chrome clone browser). However, I am no longer able to do so. I can access sites with Pale Moon (a Firefox clone).

I was going to try to replace Comodo Dragon with Chrome, but I cannot download Google Chrome to try it. I can also not reinstall Covenant Eyes. Also tried to update iTunes and it was having difficulty doing that fully.

Oh, also tried to uninstall FileZilla, but when I did so, my firewall said it might be laced with malware, so I didn't complete the uninstall.

I believe there is something deeper here. Below are my new DDS logs:


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: BrowserJavaVersion: 10.60.2
Run by Palmer at 21:14:16 on 2014-10-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3686.1769 [GMT -4:00]
.
AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\windows\system32\CxAudMsg64.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskeng.exe
C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Pale Moon\palemoon.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=LENN
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=LENN
mStart Page = hxxp://lenovo.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Best Buy pc app] C:\Users\Palmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRunOnce: [WebMatrix] "C:\Program Files (x86)\Microsoft WebMatrix\WebMatrix.exe" "C:\Users\Palmer\Desktop\Greenville Spine and Sport\Website\themeforest-164366-alyeska-responsive-wordpress-theme\documentation\index.html" "#ExecuteCommand#" "ResumeInstallProduct" #ExecuteCommand# ResumeInstallProduct
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Covenant Eyes] C:\Program Files (x86)\CE\CovenantEyes.exe
mRunOnce: [InstallWatchdog] C:\Program Files (x86)\CE\InstallWatchdog.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{9915F6B5-1BB7-4E4A-8E81-998459FA3C76} : DHCPNameServer = 4.2.2.2
TCP: Interfaces\{E3703603-99B8-417C-A789-65E52D052B98} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E3703603-99B8-417C-A789-65E52D052B98}\24144534146554 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E3703603-99B8-417C-A789-65E52D052B98}\8456E62797 : DHCPNameServer = 192.168.2.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://lenovo.msn.com
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-7-28 57952]
R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-7-28 39008]
R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-7-28 13408]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\windows\System32\drivers\cmderd.sys [2011-10-7 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\windows\System32\drivers\cmdGuard.sys [2011-10-7 738472]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\windows\System32\drivers\cmdhlp.sys [2011-10-7 48360]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-6-7 203776]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 CxAudMsg;Conexant Audio Message Service;C:\windows\System32\CxAudMsg64.exe [2011-7-28 198784]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2014-5-21 2135232]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2011-6-7 115216]
R3 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\windows\System32\drivers\FPSensor.sys [2011-4-21 36656]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\System32\drivers\netr28x.sys [2011-7-28 1353280]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-7-28 436840]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\drivers\usbfilter.sys [2011-7-28 44672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-4-7 2264280]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-7-28 307304]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 RsFx0153;RsFx0153 Driver;C:\windows\System32\drivers\RsFx0153.sys [2014-7-10 322736]
.
=============== Created Last 30 ================
.
2014-10-27 12:25:20 4446712 ----a-w- C:\windows\SysWow64\authServer.exe
2014-10-27 12:25:10 -------- d-----w- C:\Program Files\CE
2014-10-27 12:25:02 -------- d-----w- C:\Program Files (x86)\CE
2014-10-27 01:23:09 -------- d-----w- C:\Program Files\iPod
2014-10-27 01:23:07 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-27 01:23:07 -------- d-----w- C:\Program Files (x86)\iTunes
2014-10-27 01:23:06 -------- d-----w- C:\Program Files\iTunes
.
==================== Find3M ====================
.
2014-10-07 23:46:10 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-09-24 00:48:37 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 00:48:37 701104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-08-16 03:35:00 6112072 ----a-w- C:\windows\System32\usbaaplrc.dll
2014-08-16 03:35:00 54784 ----a-w- C:\windows\System32\drivers\usbaapl64.sys
.
============= FINISH: 21:18:52.90 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/10/2011 7:05:15 PM
System Uptime: 10/27/2014 4:45:49 PM (5 hours ago)
.
Motherboard: LENOVO | | Inagua
Processor: AMD E-350 Processor | Socket FT1 | 800/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 189 GiB total, 124.117 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 27.146 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP152: 8/6/2014 9:13:39 PM - Windows Update
RP153: 8/20/2014 10:21:16 PM - Installed Free Facebook Video Downloader
RP154: 8/27/2014 7:33:51 AM - Windows Update
RP155: 10/21/2014 9:14:47 PM - Removed Skype™ 6.18
RP156: 10/21/2014 9:31:37 PM - Removed Skype Click to Call
RP157: 10/26/2014 8:08:33 PM - Removed Covenant Eyes
RP158: 10/26/2014 9:16:52 PM - Installed iTunes
RP159: 10/27/2014 8:24:12 AM - Installed Covenant Eyes
RP160: 10/27/2014 7:59:48 PM - Installed Covenant Eyes
.
==== Installed Programs ======================
.
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.09)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI AVIVO64 Codecs
ATI Catalyst Install Manager
AudibleManager
Best Buy pc app
Bonjour
Brain Workshop 4.8.4
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Citrix Online Launcher
Comodo Dragon
COMODO Internet Security
Conexant HD Audio
D3DX10
EgisTec ES603 WDM Driver
Energy Management
Entity Framework Designer for Visual Studio 2012 - enu
Eraser 6.0.10.2620
ES603 WDM Driver
FileZilla Client 3.8.1
GDR 4033 for SQL Server 2008 R2 (KB2977320) (64-bit)
Google Update Helper
iCloud
IIS 8.0 Express
IIS Express Application Compatibility Database for x64
IIS Express Application Compatibility Database for x86
iTunes
Java 7 Update 60
Lenovo EE Boot Optimizer
Lenovo OneKey Recovery
Lenovo Security Suite
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.5 Multi-Targeting Pack
Microsoft .NET Framework 4.5 SDK
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 3
Microsoft ASP.NET Web Pages
Microsoft ASP.NET Web Pages 2
Microsoft ASP.NET Web Pages 2 Runtime
Microsoft Help Viewer 2.0
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2 (64-bit)
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server 2012 Command Line Utilities
Microsoft SQL Server 2012 Data-Tier App Framework
Microsoft SQL Server 2012 Express LocalDB
Microsoft SQL Server 2012 Management Objects
Microsoft SQL Server 2012 Management Objects (x64)
Microsoft SQL Server 2012 Native Client
Microsoft SQL Server 2012 T-SQL Language Service
Microsoft SQL Server 2012 Transact-SQL Compiler Service
Microsoft SQL Server 2012 Transact-SQL ScriptDom
Microsoft SQL Server Browser
Microsoft SQL Server Compact 4.0 SP1 Scripting Tools ENU CTP1
Microsoft SQL Server Compact 4.0 SP1 x64 ENU
Microsoft SQL Server Compact 4.0 Web Tools ENU
Microsoft SQL Server Data Tools - enu (11.1.20627.00)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)
Microsoft SQL Server System CLR Types
Microsoft SQL Server System CLR Types (x64)
Microsoft SQL Server VSS Writer
Microsoft System CLR Types for SQL Server 2012
Microsoft System CLR Types for SQL Server 2012 (x64)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MySQL Connector Net 6.5.4
MySQL Server 5.1
OpenOffice 4.0.0
Pale Moon 25.0.2 (x86 en-US)
PowerXpressHybrid
Prerequisites for SSDT
QuickTime 7
Ralink RT2860 Wireless LAN Card
Realtek Ethernet Controller Driver
Realtek USB 2.0 Reader Driver
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
Security Update for Microsoft .NET Framework 4.5 (KB2861208)
Security Update for Microsoft .NET Framework 4.5 (KB2898864)
Security Update for Microsoft .NET Framework 4.5 (KB2901118)
Security Update for Microsoft .NET Framework 4.5 (KB2931368)
Skype Click to Call
SQL Server 2008 R2 SP2 Common Files
SQL Server 2008 R2 SP2 Database Engine Services
SQL Server 2008 R2 SP2 Database Engine Shared
Sql Server Customer Experience Improvement Program
Synaptics Pointing Device Driver
Update for (KB2504637)
UserGuide
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WMV9/VC-1 Video Playback
.
==== Event Viewer Messages From Past Week ========
.
10/27/2014 8:03:18 PM, Error: Service Control Manager [7000] - The CovenantEyesProxy service failed to start due to the following error: Access is denied.
10/27/2014 7:54:11 PM, Error: Microsoft-Windows-HttpEvent [15011] - Unable to create the error log file. Make sure that the error logging directory is correct.
10/27/2014 7:51:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
10/27/2014 7:18:32 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
10/26/2014 9:05:23 PM, Error: Service Control Manager [7034] - The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s).
10/26/2014 9:05:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: CFRMD
10/26/2014 9:04:31 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/26/2014 8:08:03 PM, Error: Service Control Manager [7034] - The Auth Service service terminated unexpectedly. It has done this 1 time(s).
10/26/2014 7:27:20 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070005: Windows Update Setup Handler.
10/25/2014 9:35:20 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
10/25/2014 6:56:59 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
10/21/2014 9:07:54 PM, Error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The pipe has been ended.
10/21/2014 10:44:32 PM, Error: Service Control Manager [7031] - The Covenant Eyes Communication Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
10/21/2014 10:40:12 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
10/21/2014 10:39:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CovenantEyesProxy with arguments "-Service" in order to run the server: {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
10/21/2014 10:38:44 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/21/2014 10:38:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/21/2014 10:38:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/21/2014 10:38:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/21/2014 10:38:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/21/2014 10:38:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/21/2014 10:38:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/21/2014 10:38:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BPntDrv CFRMD cmdGuard cmdHlp DfsC discache inspect NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
10/21/2014 10:38:12 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
10/21/2014 10:38:11 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/21/2014 10:38:11 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/21/2014 10:38:11 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/21/2014 10:38:11 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/21/2014 10:38:11 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/21/2014 10:38:11 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/21/2014 10:38:11 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/21/2014 10:38:11 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/21/2014 10:38:11 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/21/2014 10:38:11 PM, Error: Service Control Manager [7001] - The Conexant Audio Message Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
.
==== End Of File ===========================
boondoc
Regular Member
 
Posts: 40
Joined: November 15th, 2012, 9:02 pm
Advertisement
Register to Remove

Re: Again Cannot connect to Secure Sites

Unread postby Gary R » October 28th, 2014, 2:32 am

There are still signs of Covenant Eyes in your latest logs, which suggests that it has not uninstalled cleanly, this may be the cause of your recurring problem, or it may be something totally unrelated.

What I suggest we do is find and remove any remaining Covenant Eyes remnants, and see where that takes us.

So, first we need to find out what still remains, and to do that I'll need you to do the following for me ....

  • Download FRST64 to your Desktop.
  • Double click Frst.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.

Next ....

I need you to run a Search for me using FRST ....

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    Covenant Eyes; CovenantEyes

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.

Summary of the logs I need from you in your next post:
  • FRST.txt
  • Additions.txt
  • Search.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Again Cannot connect to Secure Sites

Unread postby boondoc » October 28th, 2014, 7:26 am

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01
Ran by Palmer (administrator) on PALMER-PC on 28-10-2014 07:15:57
Running from C:\Users\Palmer\Desktop
Loaded Profile: Palmer (Available profiles: Palmer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\CE\CovenantEyesCommService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
() C:\Windows\SysWOW64\authServer.exe
(CovenantEyes) C:\Program Files\CE\CovenantEyesProxy.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\CE\CovenantEyes.exe
() C:\Program Files (x86)\CE\CovenantEyesHelper.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdupd.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Moonchild Productions) C:\Program Files (x86)\Pale Moon\palemoon.exe
(Mozilla Corporation) C:\Program Files (x86)\Pale Moon\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-15] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2011-07-28] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-07-28] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2011-07-28] (Lenovo)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Covenant Eyes] => C:\Program Files (x86)\CE\CovenantEyes.exe [7104504 2014-01-28] ()
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-586848840-3213021952-4089556407-1000\...\Run: [Best Buy pc app] => C:\Users\Palmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
HKU\S-1-5-21-586848840-3213021952-4089556407-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-586848840-3213021952-4089556407-1000\...\RunOnce: [WebMatrix] => "C:\Program Files (x86)\Microsoft WebMatrix\WebMatrix.exe" "C:\Users\Palmer\Desktop\Greenville Spine and Sport\Website\themeforest-164366-alyeska-responsive-wordpress-theme\documentation\index.html" " (the data entry has 78 more characters).
HKU\S-1-5-21-586848840-3213021952-4089556407-1000\...\MountPoints2: {65f8c295-b93d-11e0-bc09-806e6f6e6963} - F:\Setup.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain ... &bmod=LENN
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Palmer\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Auth Service; C:\windows\SysWOW64\authServer.exe [4446712 2014-01-28] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
R2 CovenantEyesCommService; C:\Program Files (x86)\CE\CovenantEyesCommService.exe [4533240 2014-01-28] ()
R2 CovenantEyesProxy; C:\Program Files\CE\CovenantEyesProxy.exe [5346296 2014-01-28] (CovenantEyes)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] ()
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62379184 2014-07-10] (Microsoft Corporation)
R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\my.ini [8913 2012-09-08] () [File not signed]
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [442536 2014-07-10] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 cewd64f; C:\windows\system32\Drivers\cewd64f.sys [31736 2014-01-28] () [File not signed]
R1 cewd64r; C:\windows\system32\Drivers\cewd64r.sys [45048 2014-01-28] () [File not signed]
S1 CFRMD; C:\Windows\SysWOW64\DRIVERS\CFRMD.sys [37976 2012-09-03] (Windows (R) Win 7 DDK provider) [File not signed]
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-04-16] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-16] (COMODO)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-27] (Malwarebytes Corporation)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2014-07-10] (Microsoft Corporation)
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
U2 DriverService; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
S3 S6000KNT; System32\Drivers\S6000KNT.sys [X]
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-28 07:15 - 2014-10-28 07:18 - 00016115 _____ () C:\Users\Palmer\Desktop\FRST.txt
2014-10-28 07:15 - 2014-10-28 07:16 - 00000000 ____D () C:\FRST
2014-10-28 07:12 - 2014-10-28 07:11 - 02113024 _____ (Farbar) C:\Users\Palmer\Desktop\FRST64.exe
2014-10-28 06:58 - 2014-10-28 06:58 - 00010664 _____ () C:\windows\system32\CovenantEyesProxy.ini
2014-10-28 06:58 - 2014-10-28 06:58 - 00002296 _____ () C:\windows\SysWOW64\CovenantEyesProxyOff.ini
2014-10-28 06:58 - 2014-10-28 06:58 - 00002296 _____ () C:\windows\system32\CovenantEyesProxyOff.ini
2014-10-28 06:58 - 2014-01-28 17:43 - 00031736 _____ () C:\windows\system32\Drivers\cewd64f.sys
2014-10-28 06:57 - 2014-10-28 06:57 - 00000000 ____D () C:\ProgramData\CovenantEyes
2014-10-27 21:19 - 2014-10-27 21:19 - 00014650 _____ () C:\Users\Palmer\Desktop\attach.txt
2014-10-27 21:19 - 2014-10-27 21:18 - 00013552 _____ () C:\Users\Palmer\Desktop\dds.txt
2014-10-27 20:48 - 2014-10-27 20:48 - 00000000 _____ () C:\Users\Palmer\AppData\Local\{0AB88CEE-714B-4A12-B36A-4724D7D10DC8}
2014-10-27 20:43 - 2014-10-28 06:57 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-27 20:43 - 2014-10-27 21:48 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-27 20:43 - 2014-10-27 20:43 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-27 20:43 - 2014-10-27 20:43 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-27 08:25 - 2014-10-27 20:01 - 00000000 ____D () C:\Program Files\CE
2014-10-27 08:25 - 2014-10-27 20:01 - 00000000 ____D () C:\Program Files (x86)\CE
2014-10-27 08:25 - 2014-01-28 17:45 - 04446712 _____ () C:\windows\SysWOW64\authServer.exe
2014-10-27 08:24 - 2014-10-27 20:01 - 00000444 _____ () C:\ceInstall.log
2014-10-26 21:42 - 2014-10-26 21:42 - 00001801 _____ () C:\Users\Palmer\Desktop\iTunes.lnk
2014-10-26 21:24 - 2014-10-26 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-26 21:23 - 2014-10-26 21:24 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-26 21:23 - 2014-10-26 21:24 - 00000000 ____D () C:\Program Files\iTunes
2014-10-26 21:23 - 2014-10-26 21:24 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-26 21:23 - 2014-10-26 21:23 - 00000000 ____D () C:\Program Files\iPod
2014-10-21 22:52 - 2014-10-21 22:51 - 00688992 ____R (Swearware) C:\Users\Palmer\Desktop\dds.scr
2014-10-21 22:29 - 2014-10-21 22:29 - 00602112 _____ (OldTimer Tools) C:\Users\Palmer\Downloads\4893.tmp
2014-10-21 22:28 - 2014-10-21 22:28 - 00688992 _____ (Swearware) C:\Users\Palmer\Downloads\ACDE.tmp
2014-10-21 22:28 - 2014-10-21 22:28 - 00602112 _____ (OldTimer Tools) C:\Users\Palmer\Downloads\4306.tmp
2014-10-21 22:27 - 2014-10-21 22:27 - 00688992 _____ (Swearware) C:\Users\Palmer\Downloads\D802.tmp
2014-10-21 22:15 - 2014-10-21 22:15 - 00688992 _____ (Swearware) C:\Users\Palmer\Downloads\Unconfirmed 269592.crdownload
2014-10-21 21:28 - 2014-10-21 21:28 - 00379392 _____ () C:\Users\Palmer\Downloads\Unconfirmed 944556.crdownload
2014-10-21 10:04 - 2014-10-21 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-10-05 16:16 - 2014-10-05 16:16 - 00050827 _____ () C:\Users\Palmer\Documents\patdata_full.txt
2014-10-05 16:16 - 2014-10-05 16:16 - 00050827 _____ () C:\Users\Palmer\Documents\patdata_all.txt
2014-10-05 16:16 - 2014-10-05 16:16 - 00043429 _____ () C:\Users\Palmer\Documents\patdata_jt.txt
2014-10-05 16:16 - 2014-10-05 16:16 - 00007398 _____ () C:\Users\Palmer\Documents\patdata_apm.txt
2014-10-02 06:39 - 2014-10-02 06:39 - 00017644 _____ () C:\Users\Palmer\Documents\CisReport_x64_v7.0.317799.4142_20141002-063921.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-28 07:16 - 2012-11-20 21:57 - 01474832 _____ () C:\windows\system32\Drivers\sfi.dat
2014-10-28 07:07 - 2013-08-08 08:35 - 00007086 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-28 07:06 - 2011-07-28 12:44 - 01390568 _____ () C:\windows\WindowsUpdate.log
2014-10-28 07:05 - 2012-05-10 22:22 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-28 07:05 - 2009-07-14 00:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-28 07:05 - 2009-07-14 00:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-28 06:58 - 2011-07-28 13:54 - 00098016 _____ () C:\windows\system32\fastboot.set
2014-10-28 06:56 - 2010-11-20 23:47 - 00584398 _____ () C:\windows\PFRO.log
2014-10-28 06:56 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-28 06:56 - 2009-07-14 00:51 - 00060090 _____ () C:\windows\setupact.log
2014-10-27 22:11 - 2013-02-10 16:35 - 00000000 ____D () C:\Users\Palmer\Documents\Greenville Spine and Sport
2014-10-27 21:38 - 2014-06-29 15:00 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-27 21:38 - 2014-06-29 14:58 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-27 21:38 - 2014-06-29 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-27 21:38 - 2014-06-29 14:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-27 20:42 - 2011-07-28 13:47 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-27 08:25 - 2011-07-28 13:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-26 21:23 - 2012-03-11 11:03 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-26 21:22 - 2014-05-13 21:03 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-26 19:51 - 2014-02-16 21:17 - 00000000 ____D () C:\Users\Palmer\AppData\Roaming\Dropbox
2014-10-25 08:21 - 2014-05-28 19:44 - 00000000 ____D () C:\Program Files (x86)\Pale Moon
2014-10-24 19:34 - 2014-02-16 21:21 - 00000000 ___RD () C:\Users\Palmer\Dropbox
2014-10-21 21:23 - 2014-07-29 22:12 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-21 21:23 - 2012-01-29 23:32 - 00000000 ____D () C:\ProgramData\Skype
2014-10-21 21:17 - 2011-11-10 20:35 - 00000000 ____D () C:\Users\Palmer\Desktop\CID Reviews
2014-10-21 21:11 - 2014-07-16 20:38 - 00000000 ____D () C:\Users\Palmer\Documents\Chirotrust
2014-10-21 21:11 - 2012-01-29 23:32 - 00000000 ____D () C:\Users\Palmer\AppData\Roaming\Skype
2014-10-07 21:35 - 2014-08-20 22:19 - 00000000 ____D () C:\Users\Palmer\AppData\Roaming\Systweak
2014-10-01 11:11 - 2014-06-29 14:58 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-01 11:11 - 2014-06-29 14:58 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-01 11:11 - 2012-03-05 09:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\Palmer\AppData\Local\Temp\certutil.exe
C:\Users\Palmer\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpegqfxn.dll
C:\Users\Palmer\AppData\Local\Temp\msvcr71.dll
C:\Users\Palmer\AppData\Local\Temp\nspr4.dll
C:\Users\Palmer\AppData\Local\Temp\nss3.dll
C:\Users\Palmer\AppData\Local\Temp\plc4.dll
C:\Users\Palmer\AppData\Local\Temp\plds4.dll
C:\Users\Palmer\AppData\Local\Temp\smime3.dll
C:\Users\Palmer\AppData\Local\Temp\softokn3.dll
C:\Users\Palmer\AppData\Local\Temp\SpOrder.dll
C:\Users\Palmer\AppData\Local\Temp\WebMatrix.3f.3f.3faccepteula.26upgrade.26sqm.26new.exe
C:\Users\Palmer\AppData\Local\Temp\WebMatrix.3f.3f.3faccepteula.26upgrade.26sqm.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 11:02

==================== End Of Log ============================
boondoc
Regular Member
 
Posts: 40
Joined: November 15th, 2012, 9:02 pm

Re: Again Cannot connect to Secure Sites

Unread postby boondoc » October 28th, 2014, 7:28 am

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01
Ran by Palmer at 2014-10-28 07:21:14
Running from C:\Users\Palmer\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Antivirus (Enabled - Up to date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10518 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{37B907C1-EA3D-4894-EEBE-275CB0BF5BA2}) (Version: 3.0.812.0 - ATI Technologies, Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1998011598.48.56.41815274 - Audible, Inc.)
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brain Workshop 4.8.4 (HKLM-x32\...\Brain Workshop_is1) (Version: 4.8.4 - Paul Hoskinson & Jonathan Toomim)
ccc-core-static (x32 Version: 2011.0525.1041.17280 - ATI) Hidden
Citrix Online Launcher (HKLM-x32\...\{3D5F07C3-1B93-47F8-9F8A-DE8E47BF1669}) (Version: 1.0.209 - Citrix)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 33.1.0.0 - COMODO)
COMODO Internet Security (HKLM\...\{4EAB2511-0135-48CA-A47B-CE1E6836793A}) (Version: 5.8.16726.2131 - COMODO Security Solutions Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.50 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EgisTec ES603 WDM Driver (HKLM-x32\...\InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}) (Version: 3.0.20.0 - Egis Technology Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.1 - Lenovo)
Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
ES603 WDM Driver (x32 Version: 3.0.20.0 - Egis Technology Inc.) Hidden
FileZilla Client 3.8.1 (HKCU\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
GDR 4033 for SQL Server 2008 R2 (KB2977320) (64-bit) (HKLM\...\KB2977320) (Version: 10.52.4033.0 - Microsoft Corporation)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.7 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.2525 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.2525 - CyberLink Corp.) Hidden
Lenovo Security Suite (HKLM-x32\...\InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}) (Version: 2.0.13.0 - Lenovo)
Lenovo Security Suite (x32 Version: 2.0.13.0 - Lenovo) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages 2 (HKLM-x32\...\{cb29be6c-39c4-493e-9da7-d585d5353714}) (Version: 2.0.20715.0 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E8F7904A-4780-4F3F-B153-21BE32857120}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{1D4A3734-9328-440F-960C-42B4CE481EB4}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 Scripting Tools ENU CTP1 (HKLM-x32\...\{82284382-30E3-4DED-980B-746278DA6CC2}) (Version: 4.0.8854.1 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 Web Tools ENU (HKLM-x32\...\{A51500FE-6408-4305-B071-B961F691A4CE}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MySQL Connector Net 6.5.4 (HKLM-x32\...\{92E19B5A-1985-49BF-9022-9CF4AD652C72}) (Version: 6.5.4 - Oracle)
MySQL Server 5.1 (HKLM\...\{2AA0764A-4EA1-4C63-8E42-173A015030B3}) (Version: 5.1.63 - Oracle Corporation)
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Pale Moon 25.0.2 (x86 en-US) (HKLM-x32\...\Pale Moon 25.0.2 (x86 en-US)) (Version: 25.0.2 - Moonchild Productions)
PowerXpressHybrid (x32 Version: 1.00.0000 - ATI) Hidden
Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.30 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.5.2 - Synaptics Incorporated)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-586848840-3213021952-4089556407-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Palmer\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

==================== Restore Points =========================

07-08-2014 01:13:39 Windows Update
21-08-2014 02:21:16 Installed Free Facebook Video Downloader
27-08-2014 11:33:51 Windows Update
22-10-2014 01:14:47 Removed Skype™ 6.18
22-10-2014 01:31:37 Removed Skype Click to Call
27-10-2014 00:08:33 Removed Covenant Eyes
27-10-2014 01:16:52 Installed iTunes
27-10-2014 12:24:12 Installed Covenant Eyes
27-10-2014 23:59:48 Installed Covenant Eyes

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1C9FD168-9100-4FAC-9242-0CA5748C9D60} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {43B6EF92-A845-4439-9BE6-3B0F401B8ECD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {4C2BECD6-9437-4E1B-B3B7-487029F71953} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {759885FF-E321-4073-B4C9-BD4C6AF8CC0C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {984ABACB-6FBB-4A80-93D4-4E86B56E8070} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {AD56AA16-5925-4244-858F-0A9876A4A72C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CD918208-C52E-40E8-AE82-A566406EC095} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {DCF0A881-1BFB-4996-AEAD-0592FA9FDDA7} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {F23E47DE-83B6-4ED0-BD50-70B0FCAC9976} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-01 15:29 - 2014-05-01 15:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-10-27 08:25 - 2014-01-28 17:43 - 04533240 _____ () C:\Program Files (x86)\CE\CovenantEyesCommService.exe
2014-05-21 06:22 - 2014-05-21 06:22 - 02135232 _____ () C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
2012-04-16 16:11 - 2012-04-16 16:11 - 07663616 _____ () C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
2014-10-27 08:25 - 2014-01-28 17:45 - 04446712 _____ () C:\windows\SysWOW64\authServer.exe
2014-10-27 08:25 - 2014-01-28 17:45 - 02941944 _____ () C:\Program Files\CE\nmsvc64.dll
2014-10-27 08:25 - 2014-01-28 17:44 - 00087544 _____ () C:\Program Files\CE\nmsvTree64.dll
2008-12-19 23:20 - 2011-07-28 13:51 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-19 23:20 - 2011-07-28 13:51 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2014-10-27 08:25 - 2014-01-28 17:43 - 07104504 _____ () C:\Program Files (x86)\CE\CovenantEyes.exe
2014-10-27 08:25 - 2014-01-28 17:44 - 05695992 _____ () C:\Program Files (x86)\CE\CovenantEyesHelper.exe
2011-10-07 19:46 - 2013-04-15 13:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-27 08:25 - 2014-01-28 17:45 - 02298872 _____ () C:\Program Files (x86)\CE\nmsvc.dll
2014-10-27 08:25 - 2014-01-28 17:44 - 00076280 _____ () C:\Program Files (x86)\CE\nmsvTree.dll
2014-05-28 19:44 - 2014-10-25 08:20 - 03044864 _____ () C:\Program Files (x86)\Pale Moon\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cewd64f.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cewd64r.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Auth Service => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cewd64f.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cewd64r.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CovenantEyesCommService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CovenantEyesProxy => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-586848840-3213021952-4089556407-500 - Administrator - Disabled)
Guest (S-1-5-21-586848840-3213021952-4089556407-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-586848840-3213021952-4089556407-1002 - Limited - Enabled)
Palmer (S-1-5-21-586848840-3213021952-4089556407-1000 - Administrator - Enabled) => C:\Users\Palmer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/28/2014 07:06:56 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (10/28/2014 07:06:56 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (10/28/2014 06:57:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2014 07:52:33 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (10/27/2014 07:52:33 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (10/27/2014 08:15:23 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (10/27/2014 08:15:23 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (10/27/2014 08:06:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2933

Error: (10/27/2014 08:06:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2933

Error: (10/27/2014 08:06:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (10/28/2014 07:06:27 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070005: Windows Update Setup Handler.

Error: (10/28/2014 06:58:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CovenantEyesProxy service terminated unexpectedly. It has done this 1 time(s).

Error: (10/28/2014 06:58:14 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Auth Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/28/2014 06:58:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/28/2014 06:57:59 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
CFRMD

Error: (10/27/2014 10:36:05 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (10/27/2014 09:48:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).

Error: (10/27/2014 09:32:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Covenant Eyes Communication Service service failed to start due to the following error:
%%5

Error: (10/27/2014 08:03:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CovenantEyesProxy service failed to start due to the following error:
%%5

Error: (10/27/2014 07:54:11 PM) (Source: HTTP) (EventID: 15011) (User: )
Description:


Microsoft Office Sessions:
=========================
Error: (10/28/2014 07:06:56 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (10/28/2014 07:06:56 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (10/28/2014 06:57:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2014 07:52:33 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (10/27/2014 07:52:33 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (10/27/2014 08:15:23 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (10/27/2014 08:15:23 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (10/27/2014 08:06:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2933

Error: (10/27/2014 08:06:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2933

Error: (10/27/2014 08:06:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Processor: AMD E-350 Processor
Percentage of memory in use: 42%
Total physical RAM: 3686.11 MB
Available physical RAM: 2120.48 MB
Total Pagefile: 7370.4 MB
Available Pagefile: 5008.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:188.94 GB) (Free:123.79 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 92FD6A56)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=188.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

==================== End Of Log ============================
boondoc
Regular Member
 
Posts: 40
Joined: November 15th, 2012, 9:02 pm

Re: Again Cannot connect to Secure Sites

Unread postby boondoc » October 28th, 2014, 7:58 am

Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01
Ran by Palmer at 2014-10-28 07:55:12
Running from C:\Users\Palmer\Desktop
Boot Mode: Normal

================== Search Registry: "Covenant Eyes; CovenantEyes" ===========


===================== Search result for "Covenant Eyes" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Covenant Eyes, Inc.]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Covenant Eyes"="C:\Program Files (x86)\CE\CovenantEyes.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\CisConfigs\2\HIPS\Policy\1\Rules\0\Allowed\1]
"DeviceName"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes\Uninstall Covenant Eyes.lnk"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\CisConfigs\2\HIPS\Policy\1\Rules\0\Allowed\2]
"DeviceName"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes\Restart Covenant Eyes.lnk"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\CisConfigs\2\HIPS\Policy\1\Rules\0\Allowed\3]
"DeviceName"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes\Advanced Configuration.lnk"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\CisConfigs\2\HIPS\Policy\1\Rules\0\Allowed\4]
"DeviceName"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes\View Logs.url"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\CisConfigs\2\HIPS\Policy\1\Rules\0\Allowed\5]
"DeviceName"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Configurations\2\HIPS\Policy\1\Rules\0\Allowed\1]
"DeviceName"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes\Uninstall Covenant Eyes.lnk"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Configurations\2\HIPS\Policy\1\Rules\0\Allowed\2]
"DeviceName"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes\Restart Covenant Eyes.lnk"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Configurations\2\HIPS\Policy\1\Rules\0\Allowed\3]
"DeviceName"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes\Advanced Configuration.lnk"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Configurations\2\HIPS\Policy\1\Rules\0\Allowed\4]
"DeviceName"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes\View Logs.url"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Configurations\2\HIPS\Policy\1\Rules\0\Allowed\5]
"DeviceName"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CovenantEyesCommService]
"Description"="Communicates between Covenant Eyes processes and servers."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\cmdAgent\CisConfigs\2\HIPS\Policy\1\Rules\0\Allowed\1]
"DeviceName"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes\Uninstall Covenant Eyes.lnk"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\cmdAgent\CisConfigs\2\HIPS\Policy\1\Rules\0\Allowed\2]
"DeviceName"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes\Restart Covenant Eyes.lnk"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\cmdAgent\CisConfigs\2\HIPS\Policy\1\Rules\0\Allowed\3]
"DeviceName"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes\Advanced Configuration.lnk"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\cmdAgent\CisConfigs\2\HIPS\Policy\1\Rules\0\Allowed\4]
"DeviceName"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes\View Logs.url"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\cmdAgent\CisConfigs\2\HIPS\Policy\1\Rules\0\Allowed\5]
"DeviceName"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\cmdAgent\Mode\Configurations\2\HIPS\Policy\1\Rules\0\Allowed\1]
"DeviceName"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes\Uninstall Covenant Eyes.lnk"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\cmdAgent\Mode\Configurations\2\HIPS\Policy\1\Rules\0\Allowed\2]
"DeviceName"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes\Restart Covenant Eyes.lnk"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\cmdAgent\Mode\Configurations\2\HIPS\Policy\1\Rules\0\Allowed\3]
"DeviceName"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes\Advanced Configuration.lnk"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\cmdAgent\Mode\Configurations\2\HIPS\Policy\1\Rules\0\Allowed\4]
"DeviceName"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes\View Logs.url"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\cmdAgent\Mode\Configurations\2\HIPS\Policy\1\Rules\0\Allowed\5]
"DeviceName"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\CovenantEyesCommService]
"Description"="Communicates between Covenant Eyes processes and servers."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\CisConfigs\2\HIPS\Policy\1\Rules\0\Allowed\1]
"DeviceName"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes\Uninstall Covenant Eyes.lnk"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\CisConfigs\2\HIPS\Policy\1\Rules\0\Allowed\2]
"DeviceName"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes\Restart Covenant Eyes.lnk"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\CisConfigs\2\HIPS\Policy\1\Rules\0\Allowed\3]
"DeviceName"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes\Advanced Configuration.lnk"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\CisConfigs\2\HIPS\Policy\1\Rules\0\Allowed\4]
"DeviceName"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes\View Logs.url"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\CisConfigs\2\HIPS\Policy\1\Rules\0\Allowed\5]
"DeviceName"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Configurations\2\HIPS\Policy\1\Rules\0\Allowed\1]
"DeviceName"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes\Uninstall Covenant Eyes.lnk"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Configurations\2\HIPS\Policy\1\Rules\0\Allowed\2]
"DeviceName"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes\Restart Covenant Eyes.lnk"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Configurations\2\HIPS\Policy\1\Rules\0\Allowed\3]
"DeviceName"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes\Advanced Configuration.lnk"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Configurations\2\HIPS\Policy\1\Rules\0\Allowed\4]
"DeviceName"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes\View Logs.url"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Configurations\2\HIPS\Policy\1\Rules\0\Allowed\5]
"DeviceName"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covenant Eyes"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CovenantEyesCommService]
"Description"="Communicates between Covenant Eyes processes and servers."

[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\Covenant Eyes]

====== End Of Search ======
boondoc
Regular Member
 
Posts: 40
Joined: November 15th, 2012, 9:02 pm

Re: Again Cannot connect to Secure Sites

Unread postby Gary R » October 28th, 2014, 9:35 am

OK, before we start removing these remnants, I need you to create a System Restore point for me that we can restore to if there are any problems. I don't expect that there will be, however better safe than sorry.

  • Click Start and in the Search programs and files box type create
  • From the list of items found, click on create a restore point which should be near the top of the list.
  • This will open a System Properties window.
    • Click on Create.
    • Enter Restore from Reg Changes to the description box, then click Create.
    • A new Restore Point will be created, when it has finished being created, click Close to exit.
    • Exit out of the System Properties window.

Next ...

Once you've created the Restore Point ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad. (do not include Code: Select all)
Code: Select all
C:\Program Files (x86)\CE
C:\Program Files\CE
HKLM-x32\...\Run: [Covenant Eyes] => C:\Program Files (x86)\CE\CovenantEyes.exe [7104504 2014-01-28] ()
HKU\S-1-5-21-586848840-3213021952-4089556407-1000\...\MountPoints2: {65f8c295-b93d-11e0-bc09-806e6f6e6963} - F:\Setup.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM-x32\...\Run: [Covenant Eyes] => C:\Program Files (x86)\CE\CovenantEyes.exe [7104504 2014-01-28] ()
R2 CovenantEyesCommService; C:\Program Files (x86)\CE\CovenantEyesCommService.exe [4533240 2014-01-28] ()
R2 CovenantEyesProxy; C:\Program Files\CE\CovenantEyesProxy.exe [5346296 2014-01-28] (CovenantEyes)
R1 cewd64f; C:\windows\system32\Drivers\cewd64f.sys [31736 2014-01-28] () [File not signed]
R1 cewd64r; C:\windows\system32\Drivers\cewd64r.sys [45048 2014-01-28] () [File not signed]
2014-10-28 06:58 - 2014-10-28 06:58 - 00010664 _____ () C:\windows\system32\CovenantEyesProxy.ini
2014-10-28 06:58 - 2014-10-28 06:58 - 00002296 _____ () C:\windows\SysWOW64\CovenantEyesProxyOff.ini
2014-10-28 06:58 - 2014-10-28 06:58 - 00002296 _____ () C:\windows\system32\CovenantEyesProxyOff.ini
2014-10-28 06:58 - 2014-01-28 17:43 - 00031736 _____ () C:\windows\system32\Drivers\cewd64f.sys
2014-10-28 06:57 - 2014-10-28 06:57 - 00000000 ____D () C:\ProgramData\CovenantEyes
2014-10-27 08:25 - 2014-10-27 20:01 - 00000000 ____D () C:\Program Files\CE
2014-10-27 08:25 - 2014-10-27 20:01 - 00000000 ____D () C:\Program Files (x86)\CE
2014-10-27 08:24 - 2014-10-27 20:01 - 00000444 _____ () C:\ceInstall.log
2014-10-27 08:25 - 2014-01-28 17:43 - 04533240 _____ () C:\Program Files (x86)\CE\CovenantEyesCommService.exe
2014-10-27 08:25 - 2014-01-28 17:45 - 02941944 _____ () C:\Program Files\CE\nmsvc64.dll
2014-10-27 08:25 - 2014-01-28 17:44 - 00087544 _____ () C:\Program Files\CE\nmsvTree64.dll
2014-10-27 08:25 - 2014-01-28 17:43 - 07104504 _____ () C:\Program Files (x86)\CE\CovenantEyes.exe
2014-10-27 08:25 - 2014-01-28 17:44 - 05695992 _____ () C:\Program Files (x86)\CE\CovenantEyesHelper.exe
2014-10-27 08:25 - 2014-01-28 17:45 - 02298872 _____ () C:\Program Files (x86)\CE\nmsvc.dll
2014-10-27 08:25 - 2014-01-28 17:44 - 00076280 _____ () C:\Program Files (x86)\CE\nmsvTree.dll
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Covenant Eyes, Inc." /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" /v "Covenant Eyes" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\CisConfigs\2\HIPS\Policy\1\Rules\0\Allowed\1" /v "DeviceName" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\CisConfigs\2\HIPS\Policy\1\Rules\0\Allowed\2" /v "DeviceName" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\CisConfigs\2\HIPS\Policy\1\Rules\0\Allowed\3" /v "DeviceName" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\CisConfigs\2\HIPS\Policy\1\Rules\0\Allowed\4" /v "DeviceName" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\CisConfigs\2\HIPS\Policy\1\Rules\0\Allowed\5" /v "DeviceName" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Configurations\2\HIPS\Policy\1\Rules\0\Allowed\1" /v "DeviceName" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Configurations\2\HIPS\Policy\1\Rules\0\Allowed\2" /v "DeviceName" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Configurations\2\HIPS\Policy\1\Rules\0\Allowed\3" /v "DeviceName" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Configurations\2\HIPS\Policy\1\Rules\0\Allowed\4" /v "DeviceName" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Configurations\2\HIPS\Policy\1\Rules\0\Allowed\5" /v "DeviceName" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CovenantEyesCommService" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\Covenant Eyes" /f
EmptyTemp:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Again Cannot connect to Secure Sites

Unread postby boondoc » October 28th, 2014, 9:15 pm

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-10-2014 01
Ran by Palmer at 2014-10-28 20:23:17 Run:1
Running from C:\Users\Palmer\Desktop
Loaded Profile: Palmer (Available profiles: Palmer)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\CE
C:\Program Files\CE
HKLM-x32\...\Run: [Covenant Eyes] => C:\Program Files (x86)\CE\CovenantEyes.exe [7104504 2014-01-28] ()
HKU\S-1-5-21-586848840-3213021952-4089556407-1000\...\MountPoints2: {65f8c295-b93d-11e0-bc09-806e6f6e6963} - F:\Setup.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM-x32\...\Run: [Covenant Eyes] => C:\Program Files (x86)\CE\CovenantEyes.exe [7104504 2014-01-28] ()
R2 CovenantEyesCommService; C:\Program Files (x86)\CE\CovenantEyesCommService.exe [4533240 2014-01-28] ()
R2 CovenantEyesProxy; C:\Program Files\CE\CovenantEyesProxy.exe [5346296 2014-01-28] (CovenantEyes)
R1 cewd64f; C:\windows\system32\Drivers\cewd64f.sys [31736 2014-01-28] () [File not signed]
R1 cewd64r; C:\windows\system32\Drivers\cewd64r.sys [45048 2014-01-28] () [File not signed]
2014-10-28 06:58 - 2014-10-28 06:58 - 00010664 _____ () C:\windows\system32\CovenantEyesProxy.ini
2014-10-28 06:58 - 2014-10-28 06:58 - 00002296 _____ () C:\windows\SysWOW64\CovenantEyesProxyOff.ini
2014-10-28 06:58 - 2014-10-28 06:58 - 00002296 _____ () C:\windows\system32\CovenantEyesProxyOff.ini
2014-10-28 06:58 - 2014-01-28 17:43 - 00031736 _____ () C:\windows\system32\Drivers\cewd64f.sys
2014-10-28 06:57 - 2014-10-28 06:57 - 00000000 ____D () C:\ProgramData\CovenantEyes
2014-10-27 08:25 - 2014-10-27 20:01 - 00000000 ____D () C:\Program Files\CE
2014-10-27 08:25 - 2014-10-27 20:01 - 00000000 ____D () C:\Program Files (x86)\CE
2014-10-27 08:24 - 2014-10-27 20:01 - 00000444 _____ () C:\ceInstall.log
2014-10-27 08:25 - 2014-01-28 17:43 - 04533240 _____ () C:\Program Files (x86)\CE\CovenantEyesCommService.exe
2014-10-27 08:25 - 2014-01-28 17:45 - 02941944 _____ () C:\Program Files\CE\nmsvc64.dll
2014-10-27 08:25 - 2014-01-28 17:44 - 00087544 _____ () C:\Program Files\CE\nmsvTree64.dll
2014-10-27 08:25 - 2014-01-28 17:43 - 07104504 _____ () C:\Program Files (x86)\CE\CovenantEyes.exe
2014-10-27 08:25 - 2014-01-28 17:44 - 05695992 _____ () C:\Program Files (x86)\CE\CovenantEyesHelper.exe
2014-10-27 08:25 - 2014-01-28 17:45 - 02298872 _____ () C:\Program Files (x86)\CE\nmsvc.dll
2014-10-27 08:25 - 2014-01-28 17:44 - 00076280 _____ () C:\Program Files (x86)\CE\nmsvTree.dll
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Covenant Eyes, Inc." /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" /v "Covenant Eyes" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\CisConfigs\2\HIPS\Policy\1\Rules\0\Allowed\1" /v "DeviceName" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\CisConfigs\2\HIPS\Policy\1\Rules\0\Allowed\2" /v "DeviceName" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\CisConfigs\2\HIPS\Policy\1\Rules\0\Allowed\3" /v "DeviceName" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\CisConfigs\2\HIPS\Policy\1\Rules\0\Allowed\4" /v "DeviceName" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\CisConfigs\2\HIPS\Policy\1\Rules\0\Allowed\5" /v "DeviceName" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Configurations\2\HIPS\Policy\1\Rules\0\Allowed\1" /v "DeviceName" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Configurations\2\HIPS\Policy\1\Rules\0\Allowed\2" /v "DeviceName" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Configurations\2\HIPS\Policy\1\Rules\0\Allowed\3" /v "DeviceName" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Configurations\2\HIPS\Policy\1\Rules\0\Allowed\4" /v "DeviceName" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Configurations\2\HIPS\Policy\1\Rules\0\Allowed\5" /v "DeviceName" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CovenantEyesCommService" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\Covenant Eyes" /f
EmptyTemp:
*****************

C:\Program Files (x86)\CE => Moved successfully.
C:\Program Files\CE => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Covenant Eyes => value deleted successfully.
"HKU\S-1-5-21-586848840-3213021952-4089556407-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65f8c295-b93d-11e0-bc09-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{65f8c295-b93d-11e0-bc09-806e6f6e6963}" => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Covenant Eyes => Value not found.
CovenantEyesCommService => Unable to stop service
CovenantEyesCommService => Service deleted successfully.
CovenantEyesProxy => Unable to stop service
CovenantEyesProxy => Error deleting Service
cewd64f => Unable to stop service
cewd64f => Error deleting Service
cewd64r => Unable to stop service
cewd64r => Error deleting Service
C:\windows\system32\CovenantEyesProxy.ini => Moved successfully.
C:\windows\SysWOW64\CovenantEyesProxyOff.ini => Moved successfully.
C:\windows\system32\CovenantEyesProxyOff.ini => Moved successfully.
Could not move "C:\windows\system32\Drivers\cewd64f.sys" => Scheduled to move on reboot.
C:\ProgramData\CovenantEyes => Moved successfully.
"C:\Program Files\CE" => File/Directory not found.
"C:\Program Files (x86)\CE" => File/Directory not found.
C:\ceInstall.log => Moved successfully.
"C:\Program Files (x86)\CE\CovenantEyesCommService.exe" => File/Directory not found.
"C:\Program Files\CE\nmsvc64.dll" => File/Directory not found.
"C:\Program Files\CE\nmsvTree64.dll" => File/Directory not found.
"C:\Program Files (x86)\CE\CovenantEyes.exe" => File/Directory not found.
"C:\Program Files (x86)\CE\CovenantEyesHelper.exe" => File/Directory not found.
"C:\Program Files (x86)\CE\nmsvc.dll" => File/Directory not found.
"C:\Program Files (x86)\CE\nmsvTree.dll" => File/Directory not found.

========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Covenant Eyes, Inc." /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" /v "Covenant Eyes" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\CisConfigs\2\HIPS\Policy\1\Rules\0\Allowed\1" /v "DeviceName" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\CisConfigs\2\HIPS\Policy\1\Rules\0\Allowed\2" /v "DeviceName" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\CisConfigs\2\HIPS\Policy\1\Rules\0\Allowed\3" /v "DeviceName" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\CisConfigs\2\HIPS\Policy\1\Rules\0\Allowed\4" /v "DeviceName" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\CisConfigs\2\HIPS\Policy\1\Rules\0\Allowed\5" /v "DeviceName" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Configurations\2\HIPS\Policy\1\Rules\0\Allowed\1" /v "DeviceName" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Configurations\2\HIPS\Policy\1\Rules\0\Allowed\2" /v "DeviceName" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Configurations\2\HIPS\Policy\1\Rules\0\Allowed\3" /v "DeviceName" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Configurations\2\HIPS\Policy\1\Rules\0\Allowed\4" /v "DeviceName" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Configurations\2\HIPS\Policy\1\Rules\0\Allowed\5" /v "DeviceName" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CovenantEyesCommService" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\Covenant Eyes" /f =========

The operation completed successfully.



========= End of Reg: =========
boondoc
Regular Member
 
Posts: 40
Joined: November 15th, 2012, 9:02 pm

Re: Again Cannot connect to Secure Sites

Unread postby Gary R » October 29th, 2014, 2:07 am

OK, there's a question as to whether one or two items were actually removed, so I may need to check whether they're still present on your computer.

First though, how are things now, are you able to connect to secure sites again ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Again Cannot connect to Secure Sites

Unread postby boondoc » October 29th, 2014, 9:52 pm

When I ran the script above, a Covenant Eyes dialog box popped up and said it was trying to restart, so I closed it. FRST didn't appear to complete after nearly an hour but it ran the log anyway so I just posted the log it put out and shut it down because it became unresponsive. I don't know if it got it all either. I don't think so because I still can't get secure sites with Comodo Dragon or Chrome based browsers.

Do I need to run FRST again?
boondoc
Regular Member
 
Posts: 40
Joined: November 15th, 2012, 9:02 pm

Re: Again Cannot connect to Secure Sites

Unread postby Gary R » October 30th, 2014, 2:32 am

Yes please, no need to do a search, just run a "standard" scan with FRST like you did last time. It will just produce one log (FRST.txt) this time, so please post that.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Again Cannot connect to Secure Sites

Unread postby boondoc » October 30th, 2014, 8:14 am

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014
Ran by Palmer (administrator) on PALMER-PC on 30-10-2014 08:03:19
Running from C:\Users\Palmer\Desktop
Loaded Profile: Palmer (Available profiles: Palmer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files\CE\CovenantEyesProxy.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Moonchild Productions) C:\Program Files (x86)\Pale Moon\palemoon.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Mozilla Corporation) C:\Program Files (x86)\Pale Moon\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdupd.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-15] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2011-07-28] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-07-28] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2011-07-28] (Lenovo)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-586848840-3213021952-4089556407-1000\...\Run: [Best Buy pc app] => C:\Users\Palmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
HKU\S-1-5-21-586848840-3213021952-4089556407-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-586848840-3213021952-4089556407-1000\...\RunOnce: [WebMatrix] => "C:\Program Files (x86)\Microsoft WebMatrix\WebMatrix.exe" "C:\Users\Palmer\Desktop\Greenville Spine and Sport\Website\themeforest-164366-alyeska-responsive-wordpress-theme\documentation\index.html" " (the data entry has 78 more characters).
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain ... &bmod=LENN
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Palmer\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 Auth Service; C:\windows\SysWOW64\authServer.exe [4446712 2014-01-28] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] ()
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62379184 2014-07-10] (Microsoft Corporation)
R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\my.ini [8913 2012-09-08] () [File not signed]
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [442536 2014-07-10] (Microsoft Corporation)
R2 CovenantEyesProxy; C:\Program Files\CE\CovenantEyesProxy.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 cewd64f; C:\windows\system32\Drivers\cewd64f.sys [31736 2014-01-28] () [File not signed]
R1 cewd64r; C:\windows\system32\Drivers\cewd64r.sys [45048 2014-01-28] () [File not signed]
S1 CFRMD; C:\Windows\SysWOW64\DRIVERS\CFRMD.sys [37976 2012-09-03] (Windows (R) Win 7 DDK provider) [File not signed]
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-04-16] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-16] (COMODO)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-27] (Malwarebytes Corporation)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2014-07-10] (Microsoft Corporation)
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
U2 DriverService; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
S3 S6000KNT; System32\Drivers\S6000KNT.sys [X]
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-30 08:03 - 2014-10-30 08:06 - 00015462 _____ () C:\Users\Palmer\Desktop\FRST.txt
2014-10-30 08:00 - 2014-10-30 08:00 - 00000000 ____D () C:\Users\Palmer\Desktop\FRST-OlderVersion
2014-10-28 20:22 - 2014-10-28 20:22 - 00004217 _____ () C:\Users\Palmer\Desktop\fixlist.txt
2014-10-28 07:55 - 2014-10-28 07:55 - 00007568 _____ () C:\Users\Palmer\Desktop\Search.txt
2014-10-28 07:15 - 2014-10-30 08:04 - 00000000 ____D () C:\FRST
2014-10-28 07:12 - 2014-10-30 08:00 - 02113536 _____ (Farbar) C:\Users\Palmer\Desktop\FRST64.exe
2014-10-28 06:58 - 2014-01-28 17:43 - 00031736 _____ () C:\windows\system32\Drivers\cewd64f.sys
2014-10-27 21:19 - 2014-10-27 21:19 - 00014650 _____ () C:\Users\Palmer\Desktop\attach.txt
2014-10-27 21:19 - 2014-10-27 21:18 - 00013552 _____ () C:\Users\Palmer\Desktop\dds.txt
2014-10-27 20:48 - 2014-10-27 20:48 - 00000000 _____ () C:\Users\Palmer\AppData\Local\{0AB88CEE-714B-4A12-B36A-4724D7D10DC8}
2014-10-27 20:43 - 2014-10-30 07:55 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-27 20:43 - 2014-10-29 21:44 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-27 20:43 - 2014-10-27 20:43 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-27 20:43 - 2014-10-27 20:43 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-27 08:25 - 2014-01-28 17:45 - 04446712 _____ () C:\windows\SysWOW64\authServer.exe
2014-10-26 21:42 - 2014-10-26 21:42 - 00001801 _____ () C:\Users\Palmer\Desktop\iTunes.lnk
2014-10-26 21:24 - 2014-10-26 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-26 21:23 - 2014-10-26 21:24 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-26 21:23 - 2014-10-26 21:24 - 00000000 ____D () C:\Program Files\iTunes
2014-10-26 21:23 - 2014-10-26 21:24 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-26 21:23 - 2014-10-26 21:23 - 00000000 ____D () C:\Program Files\iPod
2014-10-21 22:52 - 2014-10-21 22:51 - 00688992 ____R (Swearware) C:\Users\Palmer\Desktop\dds.scr
2014-10-21 22:29 - 2014-10-21 22:29 - 00602112 _____ (OldTimer Tools) C:\Users\Palmer\Downloads\4893.tmp
2014-10-21 22:28 - 2014-10-21 22:28 - 00688992 _____ (Swearware) C:\Users\Palmer\Downloads\ACDE.tmp
2014-10-21 22:28 - 2014-10-21 22:28 - 00602112 _____ (OldTimer Tools) C:\Users\Palmer\Downloads\4306.tmp
2014-10-21 22:27 - 2014-10-21 22:27 - 00688992 _____ (Swearware) C:\Users\Palmer\Downloads\D802.tmp
2014-10-21 22:15 - 2014-10-21 22:15 - 00688992 _____ (Swearware) C:\Users\Palmer\Downloads\Unconfirmed 269592.crdownload
2014-10-21 21:28 - 2014-10-21 21:28 - 00379392 _____ () C:\Users\Palmer\Downloads\Unconfirmed 944556.crdownload
2014-10-21 10:04 - 2014-10-21 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-10-05 16:16 - 2014-10-05 16:16 - 00050827 _____ () C:\Users\Palmer\Documents\patdata_full.txt
2014-10-05 16:16 - 2014-10-05 16:16 - 00050827 _____ () C:\Users\Palmer\Documents\patdata_all.txt
2014-10-05 16:16 - 2014-10-05 16:16 - 00043429 _____ () C:\Users\Palmer\Documents\patdata_jt.txt
2014-10-05 16:16 - 2014-10-05 16:16 - 00007398 _____ () C:\Users\Palmer\Documents\patdata_apm.txt
2014-10-02 06:39 - 2014-10-02 06:39 - 00017644 _____ () C:\Users\Palmer\Documents\CisReport_x64_v7.0.317799.4142_20141002-063921.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-30 08:05 - 2012-05-10 22:22 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-30 08:05 - 2011-07-28 12:44 - 01420244 _____ () C:\windows\WindowsUpdate.log
2014-10-30 08:04 - 2012-11-20 21:57 - 01474832 _____ () C:\windows\system32\Drivers\sfi.dat
2014-10-30 07:59 - 2013-08-08 08:35 - 00007086 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-28 07:05 - 2009-07-14 00:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-28 07:05 - 2009-07-14 00:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-28 06:58 - 2011-07-28 13:54 - 00098016 _____ () C:\windows\system32\fastboot.set
2014-10-28 06:56 - 2010-11-20 23:47 - 00584398 _____ () C:\windows\PFRO.log
2014-10-28 06:56 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-28 06:56 - 2009-07-14 00:51 - 00060090 _____ () C:\windows\setupact.log
2014-10-27 22:11 - 2013-02-10 16:35 - 00000000 ____D () C:\Users\Palmer\Documents\Greenville Spine and Sport
2014-10-27 21:38 - 2014-06-29 15:00 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-27 21:38 - 2014-06-29 14:58 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-27 21:38 - 2014-06-29 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-27 21:38 - 2014-06-29 14:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-27 20:42 - 2011-07-28 13:47 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-27 08:25 - 2011-07-28 13:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-26 21:23 - 2012-03-11 11:03 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-26 21:22 - 2014-05-13 21:03 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-26 19:51 - 2014-02-16 21:17 - 00000000 ____D () C:\Users\Palmer\AppData\Roaming\Dropbox
2014-10-25 08:21 - 2014-05-28 19:44 - 00000000 ____D () C:\Program Files (x86)\Pale Moon
2014-10-24 19:34 - 2014-02-16 21:21 - 00000000 ___RD () C:\Users\Palmer\Dropbox
2014-10-21 21:23 - 2014-07-29 22:12 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-21 21:23 - 2012-01-29 23:32 - 00000000 ____D () C:\ProgramData\Skype
2014-10-21 21:17 - 2011-11-10 20:35 - 00000000 ____D () C:\Users\Palmer\Desktop\CID Reviews
2014-10-21 21:11 - 2014-07-16 20:38 - 00000000 ____D () C:\Users\Palmer\Documents\Chirotrust
2014-10-21 21:11 - 2012-01-29 23:32 - 00000000 ____D () C:\Users\Palmer\AppData\Roaming\Skype
2014-10-07 21:35 - 2014-08-20 22:19 - 00000000 ____D () C:\Users\Palmer\AppData\Roaming\Systweak
2014-10-01 11:11 - 2014-06-29 14:58 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-01 11:11 - 2014-06-29 14:58 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-01 11:11 - 2012-03-05 09:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\Palmer\AppData\Local\Temp\certutil.exe
C:\Users\Palmer\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpegqfxn.dll
C:\Users\Palmer\AppData\Local\Temp\msvcr71.dll
C:\Users\Palmer\AppData\Local\Temp\nspr4.dll
C:\Users\Palmer\AppData\Local\Temp\nss3.dll
C:\Users\Palmer\AppData\Local\Temp\plc4.dll
C:\Users\Palmer\AppData\Local\Temp\plds4.dll
C:\Users\Palmer\AppData\Local\Temp\smime3.dll
C:\Users\Palmer\AppData\Local\Temp\softokn3.dll
C:\Users\Palmer\AppData\Local\Temp\SpOrder.dll
C:\Users\Palmer\AppData\Local\Temp\WebMatrix.3f.3f.3faccepteula.26upgrade.26sqm.26new.exe
C:\Users\Palmer\AppData\Local\Temp\WebMatrix.3f.3f.3faccepteula.26upgrade.26sqm.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 11:02

==================== End Of Log ============================
boondoc
Regular Member
 
Posts: 40
Joined: November 15th, 2012, 9:02 pm

Re: Again Cannot connect to Secure Sites

Unread postby Gary R » October 30th, 2014, 10:27 am

OK, lets have another go ....

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
CloseProcesses:
S2 Auth Service; C:\windows\SysWOW64\authServer.exe [4446712 2014-01-28] ()
R2 CovenantEyesProxy; C:\Program Files\CE\CovenantEyesProxy.exe [X]
R1 cewd64f; C:\windows\system32\Drivers\cewd64f.sys [31736 2014-01-28] () [File not signed]
R1 cewd64r; C:\windows\system32\Drivers\cewd64r.sys [45048 2014-01-28] () [File not signed]
C:\windows\system32\Drivers\cewd64r.sys
C:\windows\system32\Drivers\cewd64f.sys
C:\Program Files\CE\CovenantEyesProxy.exe
C:\Program Files\CE
EmptyTemp:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Please let me know if you still can't access HTTPS sites.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Again Cannot connect to Secure Sites

Unread postby boondoc » October 31st, 2014, 12:31 pm

It appears that I can access secure sites again with Comodo Dragon. However, I did scan through the log below and it looks like something failed? Here's the log:


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2014
Ran by Palmer at 2014-10-31 12:02:50 Run:2
Running from C:\Users\Palmer\Desktop
Loaded Profile: Palmer (Available profiles: Palmer)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
S2 Auth Service; C:\windows\SysWOW64\authServer.exe [4446712 2014-01-28] ()
R2 CovenantEyesProxy; C:\Program Files\CE\CovenantEyesProxy.exe [X]
R1 cewd64f; C:\windows\system32\Drivers\cewd64f.sys [31736 2014-01-28] () [File not signed]
R1 cewd64r; C:\windows\system32\Drivers\cewd64r.sys [45048 2014-01-28] () [File not signed]
C:\windows\system32\Drivers\cewd64r.sys
C:\windows\system32\Drivers\cewd64f.sys
C:\Program Files\CE\CovenantEyesProxy.exe
C:\Program Files\CE
EmptyTemp:
*****************

Processes closed successfully.
Auth Service => Service deleted successfully.
CovenantEyesProxy => Unable to stop service
CovenantEyesProxy => Error deleting Service
cewd64f => Unable to stop service
cewd64f => Error deleting Service
cewd64r => Unable to stop service
cewd64r => Error deleting Service
Could not move "C:\windows\system32\Drivers\cewd64r.sys" => Scheduled to move on reboot.
Could not move "C:\windows\system32\Drivers\cewd64f.sys" => Scheduled to move on reboot.
"C:\Program Files\CE\CovenantEyesProxy.exe" => File/Directory not found.
"C:\Program Files\CE" => File/Directory not found.
EmptyTemp: => Removed 1.1 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-31 12:12:25)<=

"C:\windows\system32\Drivers\cewd64r.sys" => File could not move.
"C:\windows\system32\Drivers\cewd64f.sys" => File could not move.

==== End of Fixlog ====
boondoc
Regular Member
 
Posts: 40
Joined: November 15th, 2012, 9:02 pm

Re: Again Cannot connect to Secure Sites

Unread postby Gary R » October 31st, 2014, 2:05 pm

OK, lets try something different to see if we can remove the remaining stubborn items.

Download Avenger by Swandog and unzip it to your Desktop.

Note: This program must be run from an account with Administrator priviledges.

  • Open the Avenger folder and double click Avenger.exe to launch the program.
  • Copy the text in the code box below (don't include Code: Select all) and Paste it into the Input script here: box.
Code: Select all
Drivers to delete:
CovenantEyesProxy
cewd64f
cewd64r

Files to delete:
C:\windows\system32\Drivers\cewd64r.sys
C:\windows\system32\Drivers\cewd64f.sys
C:\Program Files\CE\CovenantEyesProxy.exe


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

  • Ensure the following:
    • Scan for Rootkits is checked.
    • Automatically disable any rootkits found is Unchecked.
  • Press the Execute key.
  • Avenger will now process the script you've pasted (this may involve more than one re-boot), when finished it will produce a log file.
  • Post the log back here please. (it can also be found at C:\avenger.txt)
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Again Cannot connect to Secure Sites

Unread postby boondoc » October 31st, 2014, 3:30 pm

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.1 (build 7601, Service Pack 1)
Fri Oct 31 15:21:12 2014

15:21:12: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////
boondoc
Regular Member
 
Posts: 40
Joined: November 15th, 2012, 9:02 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 56 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware