01vfrrider

oops, double post

Thanks again, im good to go.

Thanks again, im good to go.

It just seems there are probably a lot of processes I dont need to have running, on idle I'm using over 1.6 gigs of memory, cpu usage is not too high, throttles up and down but hovers around 5%. I should go to a ssd so I dont have to listen to my hd's constant disk access, it bugs me.

I used the startup lite, the only one it suggested I change was the SunJava update, which I disabled

Uninstalled Comodo, installed Microsoft Security Essentials. Not having the fail to connect to internet anymore. Still running over 60 processes, but if thats normal I'll live with it. Followed your instructions from you next to last post, and I think I'm good from here on out. Of course, thank you for your time, I did have a good infection a couple of years ago and a volunteer on one of these forums got me through that mess. I appreciate all of your help.

and comodo wont initialize properly still. Comodo is out, I'm going with another AV/Firewall

just updated windows, and again it took almost 10 minutes to allow internet access. Comodo defense+ alert is giving a bunch of popups again of programs " modifying the protected registry key" and other warnings. Dont know why comodo is going nuts, i've run it for a couple of years without issues. For example "taskeng.exe is trying to execute googleupdate.exe". Another is "trustedinstaller.exe is about to obtain restore privelidge" and also "trustedinstaller.exe is trying to create a new fille or directory in C:windows\logs\cbs\filterlist.log" I dont know if I should ignore these and allow them or is there still something amiss. I'm still getting tons of disk access after startup, and the long delay till full program loading is complete and I can get on the internet. Also getting "trustedinstaller.exe wants to create C:\windows\temp\outofProcReport1998418.txt" No Idea whats different and why this is up. I'm assuming trustedinstaller.exe is a windows file, perhaps this is related to the windows updates I installed?

Yes I also noted that this problem seems to be common with other comodo users. I went into the services.msc and when I looked under the general tab it said the service was running. Yet Comodo still reported it not running. Went into directory and tried launching cmdagent.exe, and it blinked for a second, but comodo still reported it not running. Quit Comodo, restarted it and it immediately reported all systems are active and running. Its like comodo was not recognizing cmdagent was running. This happened once before also. I may just go with one of your other recommendations for a AV/Firewall option if this continues. I did regain use of the internet, it just started working, no Idea why it was reporting no network issues yet I could not open webpages. Another odd thing is my Internet Explorer is working again, it has not been working for some time, only the 64Bit Internet Explorer was working. The regular internet explorer would never launch. Now after our work here its working again. So all seems to be in order. A look at windows update shows 14 optional updates, 13 are updates for windows7x64 systems and one is IE9 for Win7x64. Should I run the updates yet?

All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_USERS\S-1-5-21-1388937940-463591034-3759548561-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found. Registry value HKEY_USERS\S-1-5-21-1388937940-463591034-3759548561-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Dad\Desktop\cmd.bat deleted successfully. C:\Users\Dad\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Dad ->Temp folder emptied: 1115506 bytes ->Temporary Internet Files folder emptied: 36682969 bytes ->Java cache emptied: 25034105 bytes ->FireFox cache emptied: 51112774 bytes ->Google Chrome cache emptied: 232934865 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 2407 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56504 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: installer ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 76312119 bytes ->Google Chrome cache emptied: 235450215 bytes ->Flash cache emptied: 63750 bytes User: Owner ->Temp folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 200704 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 6522 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 96688 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 629.00 mb OTL by OldTimer - Version 3.2.42.0 log created on 04252012_181820 Files\Folders moved on Reboot... C:\Users\Dad\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... Java taken care of also. As far as how its running, ok except on this reboot I did not have internet access for about 10 minutes. My network status indicator in the lower right screenbar showed I had internet access on Network 2, I could not open any pages. And my fresh install of Comodo Internet Security is not working, it says Comodo Application Agent is not running (antivirus off). A self diagnostic scan showed no problems with the install..

OTL TEXT OTL logfile created on: 4/25/2012 12:15:25 AM - Run 1 OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Dad\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.83 Gb Available Physical Memory | 70.73% Memory free 8.00 Gb Paging File | 6.48 Gb Available in Paging File | 81.01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 139.73 Gb Total Space | 18.51 Gb Free Space | 13.25% Space Free | Partition Type: NTFS Drive D: | 931.51 Gb Total Space | 624.57 Gb Free Space | 67.05% Space Free | Partition Type: NTFS Drive E: | 4.14 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: DEN | User Name: Dad | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/04/25 00:13:27 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe PRC - [2011/12/13 01:16:49 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011/08/02 15:22:59 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Program Files (x86)\Steam\steam.exe PRC - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe PRC - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe PRC - [2007/03/21 19:50:00 | 000,163,840 | ---- | M] (Syntek Ltd.) -- C:\Windows\STK02N\STK02NM.exe ========== Modules (No Company Name) ========== MOD - [2012/04/22 19:08:16 | 020,297,512 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2012/04/22 19:08:16 | 001,099,576 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2012/04/22 19:08:16 | 000,907,048 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\chromehtml.dll MOD - [2012/04/22 19:08:16 | 000,190,776 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2012/04/22 19:08:16 | 000,123,192 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/03/11 21:13:24 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV:64bit: - [2011/10/25 22:00:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2011/12/13 01:16:49 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service) SRV - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer) SRV - [2011/04/16 08:04:46 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2006/10/18 20:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/11 21:13:40 | 000,022,696 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/25 23:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011/10/25 23:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/10/25 21:21:58 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/06/06 18:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 09:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 09:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/06/09 07:02:47 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT) DRV:64bit: - [2010/04/27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:64bit: - [2010/04/27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV:64bit: - [2010/04/27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:64bit: - [2010/04/27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter) DRV:64bit: - [2009/11/11 16:58:58 | 000,069,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:64bit: - [2009/09/30 10:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009/08/06 00:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/09 09:50:00 | 001,447,424 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp) DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2008/09/17 15:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64) DRV - [2010/01/07 10:53:57 | 000,024,072 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www9.eleadcrm.com/evo2/fresh/login.asp IE - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/home.html" FF - prefs.js..network.proxy.ftp: ":0" FF - prefs.js..network.proxy.gopher: ":0" FF - prefs.js..network.proxy.http: ":0" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: ":0" FF - prefs.js..network.proxy.ssl: ":0" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dad\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dad\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/13 01:18:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/11 20:50:27 | 000,000,000 | ---D | M] [2010/06/18 23:16:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Extensions [2010/06/19 12:13:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\muycw2az.default\extensions [2011/12/13 01:18:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011/11/24 21:13:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011/12/13 01:18:24 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011/10/30 18:54:39 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/12/13 01:18:24 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Live Search (Enabled) CHR - default_search_provider: search_url = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC CHR - default_search_provider: suggest_url = CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Dad\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dad\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dad\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: YouTube = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Gmail = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/04/22 20:04:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4:64bit: - HKLM..\Run: [bbInstallUser] D:\Program Files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe (Bluebeam Software, Inc.) O4:64bit: - HKLM..\Run: [bbPrintMonitor] C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe (Bluebeam Software, Inc.) O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation) O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001..\Run: [steam] D:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0 O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0 O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0 O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0 O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0 O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0 O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0 O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\..Trusted Domains: eset.com ([www] https in Trusted sites) O15 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\..Trusted Domains: eset.eu ([www] https in Trusted sites) O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67AECB70-88D1-4342-9B34-831D7322FCF8}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - File not found O29:64bit: - HKLM SecurityProviders - (digest.dll) - File not found O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - File not found O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found O29 - HKLM SecurityProviders - (digest.dll) - File not found O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/04/25 00:13:39 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe [2012/04/24 22:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO [2012/04/24 22:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo [2012/04/24 22:35:33 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO [2012/04/24 22:34:35 | 091,767,744 | ---- | C] (COMODO) -- C:\Users\Dad\Desktop\cispremium_installer.exe [2012/04/24 19:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/04/23 14:04:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/04/22 20:07:34 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/04/22 19:31:35 | 000,000,000 | ---D | C] -- C:\FRST [2012/04/22 19:30:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/04/22 19:30:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/04/22 19:30:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/04/22 19:30:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/04/22 19:30:08 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/04/22 19:29:02 | 004,472,002 | R--- | C] (Swearware) -- C:\Users\Dad\Desktop\ComboFix.exe [2012/04/15 23:57:06 | 000,000,000 | ---D | C] -- C:\2851d1b17679edb604 [2012/04/15 23:56:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage [2012/04/15 21:39:14 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012/04/15 21:39:13 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012/04/15 11:00:26 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\SUPERAntiSpyware.com [2012/04/15 11:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012/04/13 22:38:40 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\Focus Home Interactive [2012/04/13 20:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2012/04/13 20:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis [2012/04/13 20:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012/04/13 20:03:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012/04/11 00:00:53 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/04/25 00:20:04 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/25 00:14:03 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat [2012/04/25 00:13:27 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe [2012/04/25 00:05:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1388937940-463591034-3759548561-1001UA.job [2012/04/25 00:05:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1388937940-463591034-3759548561-1001Core.job [2012/04/24 23:03:16 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/24 23:03:16 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/24 23:00:09 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/04/24 23:00:09 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/04/24 23:00:09 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/04/24 22:54:30 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/04/24 22:54:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/24 22:54:05 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2012/04/24 22:35:41 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk [2012/04/24 22:34:35 | 091,767,744 | ---- | M] (COMODO) -- C:\Users\Dad\Desktop\cispremium_installer.exe [2012/04/22 20:04:40 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/04/22 19:29:04 | 004,472,002 | R--- | M] (Swearware) -- C:\Users\Dad\Desktop\ComboFix.exe [2012/04/22 14:52:16 | 000,045,073 | ---- | M] () -- C:\Users\Dad\Desktop\shot.jpg [2012/04/20 00:10:01 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/04/16 22:06:43 | 000,002,382 | ---- | M] () -- C:\Users\Dad\Desktop\Google Chrome.lnk [2012/04/13 20:06:19 | 000,002,093 | ---- | M] () -- C:\Users\Dad\Desktop\HijackThis.lnk [2012/04/10 20:48:53 | 000,000,787 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/04/24 22:35:41 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk [2012/04/22 19:30:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/04/22 19:30:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/04/22 19:30:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/04/22 19:30:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/04/22 19:30:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/04/22 14:52:16 | 000,045,073 | ---- | C] () -- C:\Users\Dad\Desktop\shot.jpg [2012/04/11 00:00:55 | 000,002,382 | ---- | C] () -- C:\Users\Dad\Desktop\Google Chrome.lnk [2012/04/11 00:00:33 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1388937940-463591034-3759548561-1001UA.job [2012/04/11 00:00:32 | 000,000,848 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1388937940-463591034-3759548561-1001Core.job [2011/10/25 22:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011/10/25 21:38:38 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011/10/25 21:38:38 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011/09/29 12:46:29 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011/09/19 12:20:48 | 000,003,584 | ---- | C] () -- C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/07/28 17:55:44 | 015,079,936 | R--- | C] () -- C:\Windows\SysWow64\BGP901.dll [2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010/11/08 13:31:42 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ealtest.exe [2010/11/06 01:02:18 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\FileOut.cns [2010/11/06 01:02:18 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\FileIn.cns [2010/09/24 10:15:46 | 000,678,912 | R--- | C] () -- C:\Windows\SysWow64\Bluebeam Javascript Library.dll [2010/09/24 10:15:42 | 000,246,272 | R--- | C] () -- C:\Windows\SysWow64\Bluebeam JPX Library.dll [2010/07/21 13:22:30 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat [2010/06/18 23:16:05 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat ========== LOP Check ========== [2012/01/17 21:42:54 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\BitTorrent [2012/01/19 19:23:41 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Canon [2010/01/07 09:52:01 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\CheckPoint [2011/01/20 21:13:44 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2011/09/19 12:20:32 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Flip Video [2009/12/26 00:44:32 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Foxit [2010/01/28 14:52:22 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Foxit Software [2011/10/25 17:39:53 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Origin [2012/01/02 01:13:14 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Quest3D [2011/05/03 22:48:06 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\The Creative Assembly [2011/09/14 16:35:50 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\wargaming.net [2011/09/29 15:28:12 | 000,000,000 | ---D | M] -- C:\Users\installer\AppData\Roaming\Origin [2012/02/05 11:01:16 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE > [2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: SVCHOST.EXE > [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe < MD5 for: USERINIT.EXE > [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe [2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe [2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < %systemroot%\*. /rp /s > ========== Drive Information ========== Physical Drives --------------- Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media Interface type: IDE Media Type: Fixed hard disk media Model: WDC WD1500ADFD-00NLR1 ATA Device Partitions: 1 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media Interface type: IDE Media Type: Fixed hard disk media Model: WDC WD1001FALS-00J7B0 ATA Device Partitions: 1 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 140.00GB Starting Offset: 32256 Hidden sectors: 0 DeviceID: Disk #1, Partition #0 PartitionType: Installable File System Bootable: False BootPartition: False PrimaryPartition: True Size: 932.00GB Starting Offset: 1048576 Hidden sectors: 0 ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction [C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction [C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction [C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction [C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction [C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction [C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction [C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction [C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction [C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction [C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction [C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction [C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction [C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction [C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction [C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction [C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction [C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction [C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction [C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction [C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction [C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction [C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction [C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction [C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction [C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction [C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction [C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction [C:\Windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction [C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction < End of report > EXTRAS TXT OTL Extras logfile created on: 4/25/2012 12:15:25 AM - Run 1 OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Dad\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.83 Gb Available Physical Memory | 70.73% Memory free 8.00 Gb Paging File | 6.48 Gb Available in Paging File | 81.01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 139.73 Gb Total Space | 18.51 Gb Free Space | 13.25% Space Free | Partition Type: NTFS Drive D: | 931.51 Gb Total Space | 624.57 Gb Free Space | 67.05% Space Free | Partition Type: NTFS Drive E: | 4.14 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: DEN | User Name: Dad | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = internetshortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-19\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-20\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "FirewallOverride" = 0 "AntivirusOverride" = 0 "AntiSpywareDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}" = Canon MP830 "{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4BE9F0B8-FF3D-5CAA-9BF2-CB6F3DF75D3B}" = ccc-utility64 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{52FB2985-F3AD-DAA7-7645-4E38A5B96E17}" = AMD Catalyst Install Manager "{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6A9B5F9E-CAF3-2264-9DA0-E374F9A34279}" = AMD Drag and Drop Transcoding "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{7AF56904-5FDC-4D67-87FE-C21E6659668D}" = Bluebeam PDF Revu Standard x64 v9.5.0 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP) "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud "{D675AFB3-E32E-0935-3C1F-58D5D05A77A6}" = ATI AVIVO64 Codecs "{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F7513E19-6224-485E-988D-9BF45BE64B53}" = Windows Live Family Safety "{FA54C4B1-98E3-AEFA-7254-C4038DC739AF}" = AMD Media Foundation Decoders "405C837EDDEC53ADABD0D214AEB9094C9D21DB1A" = Windows Driver Package - Superchips, Inc. USB CDM Driver Package (11/12/2009 2.06.00) "6455F36EFE99712B85F18A1CC930511C155814E9" = Windows Driver Package - Superchips, Inc. USB Programmer Drivers (11/12/2009 2.06.00) "CCleaner" = CCleaner "C-Media Oxygen HD Audio Driver" = HT OMEGA CLARO "DCS A-10C_is1" = DCS A-10C "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "WinRAR archiver" = WinRAR 4.01 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis® "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{053A7E07-3D44-4CDB-B79C-EE8755BFD7D6}" = Class_50_Content_Update "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding "{1BF4CB15-6055-452A-8487-021AE2D91208}" = Crysis® 2 Demo "{1BF82343-8EE6-8B76-90CF-31059B9D1842}" = CCC Help English "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.6 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{25A1E6A4-2DBD-4AC0-8650-8EA9A45B1848}" = Supreme Commander Demo "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 29 "{28ACABF5-34E8-45CE-B4B3-47A5FA38E875}" = Superchips Easy Update "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64) "{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{45C8D17D-B5E0-4e93-8370-4329AB16D2A0}" = Battlefield 3™ Open Beta "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{566664F6-B34E-41A6-AD1D-4ED22DA334AE}" = Crysis ModSDK "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package "{70C3CC75-9E14-D215-8FAD-5ABEAE3125D9}" = Catalyst Control Center "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7E4B7FD9-4ECE-4298-A910-3160B7918059}" = CryEngine®2 Sandbox2 "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X "{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration "{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar "{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BF7C1B99-A250-45EF-B186-0C33B7308F95}" = SD40-2_Content_Update "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3 "{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3 "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E42E07F5-5A90-4BA9-B55A-79FCF9EAF9B5}" = STK02N 2.3 "{E9A1960E-7756-2299-C700-DC7CA6EDD6E4}" = Catalyst Control Center InstallProxy "{E9D98510-A8B6-E39C-B8BA-BA9A511E040C}" = Catalyst Control Center Graphics Previews Common "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Battlelog Web Plugins" = Battlelog Web Plugins "BitTorrent" = BitTorrent "Classic PDF Editor_is1" = Classic PDF Editor 12.0 "C-Media Oxygen HD Sound" = HT OMEGA CLARO "ComcastHSI" = Comcast High-Speed Internet Install Wizard "ESET Online Scanner" = ESET Online Scanner v3 "f1mustang_FSX" = Flight1 Citation Mustang "Fleet Command" = Jane's Fleet Command "FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration "FMOD Designer" = FMOD Designer "Foxit Reader" = Foxit Reader "FSFDT FSCopilot" = FSFDT FSCopilot "FSFDT FSInn" = FSFDT FSInn "HijackThis" = HijackThis 2.0.2 "InstallShield_{7AF56904-5FDC-4D67-87FE-C21E6659668D}" = Bluebeam PDF Revu Standard x64 v9.5.0 "InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X "KeyFinder_is1" = Magical Jelly Bean KeyFinder "KMOD Nations at War" = KMOD Nations at War "KMOD NaW ~ Diagnostic Tool" = KMOD NaW ~ Diagnostic Tool "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package "Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US) "OpenAL" = OpenAL "Origin" = Origin "PunkBusterSvc" = PunkBuster Services "RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X "SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X Service Pack 1 "Steam App 10500" = Empire: Total War "Steam App 107400" = ARMA 2: Free "Steam App 1600" = Dangerous Waters "Steam App 201760" = Cities XL 2012 "Steam App 204050" = Take on Helicopters Demo "Steam App 21940" = World in Conflict - Demo "Steam App 24600" = Trainz 2009: Railroad Simulator "Steam App 3130" = Men of War: Red Tide "Steam App 34330" = Total War: SHOGUN 2 "Steam App 40100" = Supreme Commander 2 "Steam App 47890" = The Sims 3 "Steam App 48810" = Ship Simulator Extremes Demo "Steam App 61010" = Digital Combat Simulator: A-10C Warthog "Steam App 64000" = Men of War: Assault Squad "Steam App 7830" = Men of War "Steam App 91200" = Anomaly Warzone Earth "Train Simulator 1.0" = Microsoft Train Simulator "v1.1.0" = v1.1.0 of A Proper Empire: Terra Incognita "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > The computer seems to be running normal now, I havent tried to run windows update yet, going to do that after I get the all clear. Don't know what caused this, my son was playing a steam game and after he shut it down and I turned it back on was when it got all goofy. He reports nothing unusual happened that he saw. Dunno.

MALWAREBYTES Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.24.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Dad :: DEN [administrator] 4/24/2012 6:56:31 PM mbam-log-2012-04-24 (18-56-31).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 231959 Time elapsed: 2 minute(s), 3 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ESET C:\Users\Dad\Downloads\KeyFinderInstaller.exe Win32/OpenCandy application Thanks for your help up to this point, and I have been using Comodo, but I would welcome your recommendation for an antivirus/firewall

ComboFix 12-04-22.02 - Dad 04/22/2012 19:31:26.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2803 [GMT -4:00] Running from: c:\users\Dad\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Dad\AppData\Roaming\Roaming c:\users\Dad\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst c:\users\Dad\Desktop\Setup.exe c:\users\Dad\WINDOWS c:\windows\TEMP\WRusr.dll-161149-1.tmp D:\install.exe . . ((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 ))))))))))))))))))))))))))))))) . . 2012-04-22 23:36 . 2012-04-22 23:36 -------- d-----w- c:\users\installer\AppData\Local\temp 2012-04-22 23:12 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{812F36A1-A4E1-402B-91B7-0FFC79CE9CD8}\mpengine.dll 2012-04-16 03:57 . 2012-04-16 03:57 -------- d-----w- C:\2851d1b17679edb604 2012-04-16 01:39 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr 2012-04-16 01:39 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-04-15 15:00 . 2012-04-15 15:00 -------- d-----w- c:\users\Dad\AppData\Roaming\SUPERAntiSpyware.com 2012-04-15 15:00 . 2012-04-22 23:04 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-04-14 02:38 . 2012-04-14 02:38 -------- d-----w- c:\users\Dad\AppData\Local\Focus Home Interactive 2012-04-14 00:56 . 2012-04-14 00:56 -------- d-----w- c:\programdata\Lavasoft 2012-04-14 00:03 . 2012-04-16 01:39 -------- d-----w- c:\programdata\AVAST Software 2012-04-14 00:03 . 2012-04-16 01:39 -------- d-----w- c:\program files\AVAST Software 2012-04-10 21:07 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-10 21:07 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-10 21:07 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-04-10 21:07 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-04-10 21:07 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-10 21:07 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-04-10 21:07 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-04 19:56 . 2010-05-21 17:14 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-23 14:18 . 2009-12-05 03:48 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-02-17 06:38 . 2012-03-14 01:01 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 05:34 . 2012-03-14 01:01 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-02-17 04:58 . 2012-03-14 01:01 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:57 . 2012-03-14 01:01 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-10 06:36 . 2012-03-14 01:02 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-02-10 05:38 . 2012-03-14 01:02 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-02-03 04:34 . 2012-03-14 01:02 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-01-25 06:38 . 2012-03-14 01:01 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-01-25 06:38 . 2012-03-14 01:01 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-01-25 06:33 . 2012-03-14 01:01 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="d:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ STK02N 2.3 PNP Monitor.lnk - c:\windows\STK02N\STK02NM.exe [2011-12-6 163840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "DisableLocalMachineRun"= 0 (0x0) "DisableLocalMachineRunOnce"= 0 (0x0) "DisableCurrentUserRun"= 0 (0x0) "DisableCurrentUserRunOnce"= 0 (0x0) "NoFile"= 0 (0x0) "HideClock"= 0 (0x0) "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-15 133104] R3 cpuz130;cpuz130;c:\users\Dad\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x] R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-15 133104] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648] S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 cmudaxp;HTO CLARO Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-15 15:21] . 2012-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-15 15:21] . 2012-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1388937940-463591034-3759548561-1001Core.job - c:\users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-11 04:00] . 2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1388937940-463591034-3759548561-1001UA.job - c:\users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-11 04:00] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2009-06-09 8126464] "BbPrintMonitor"="c:\program files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe" [2010-11-30 201376] "BbInstallUser"="d:\program files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe" [2011-08-12 38560] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www9.eleadcrm.com/evo2/fresh/login.asp mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local Trusted Zone: eset.com\www Trusted Zone: eset.eu\www TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\muycw2az.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/home.html . . ------- File Associations ------- . inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %* txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1388937940-463591034-3759548561-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:0f,40,49,da,f0,a6,f7,a0,cc,75,9c,08,95,48,7b,06,84,9b,ac,9d,a2,8a,0a, 89,e8,aa,7f,f8,d2,f6,1c,25,1b,f1,31,1e,8d,34,16,44,38,67,c8,2c,23,88,d3,9c,\ "??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f . [HKEY_USERS\S-1-5-21-1388937940-463591034-3759548561-1001\Software\SecuROM\License information*] "datasecu"=hex:3d,bf,bc,bc,43,48,eb,85,d3,e7,41,f6,fd,d9,fc,fe,7c,e7,82,12,64, f7,d3,55,1f,96,93,aa,17,78,27,91,0b,58,78,47,8d,33,02,32,6c,52,80,67,fd,41,\ "rkeysecu"=hex:fc,c0,7e,17,05,7d,fc,b5,1a,af,54,29,89,3b,60,32 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe c:\windows\SysWOW64\PnkBstrA.exe c:\windows\SysWOW64\rundll32.exe . ************************************************************************** . Completion time: 2012-04-22 20:07:32 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-23 00:07 . Pre-Run: 20,677,472,256 bytes free Post-Run: 20,300,832,768 bytes free . - - End Of File - - 9633C65C6C4C4B46835CDD847F0ED216

Scan result of Farbar Recovery Scan Tool Version: 22-04-2012 Ran by SYSTEM at 22-04-2012 15:31:54 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd [8126464 2009-06-09] (C-Media Corporation) HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9569096 2012-03-11] (COMODO) HKLM\...\Run: [bbPrintMonitor] C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe [201376 2010-11-30] (Bluebeam Software, Inc.) HKLM\...\Run: [bbInstallUser] D:\Program Files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe [x] HKLM-x32\...\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [311296 2010-05-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-10-25] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.) HKLM-x32\...\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul [661080 2012-04-13] (Webroot) HKU\Dad\...\Run: [steam] "D:\Program Files (x86)\Steam\steam.exe" -silent [x] HKU\Dad\...\Run: [Google Update] "C:\Users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-04-10] (Google Inc.) HKU\Dad\...\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4785536 2012-04-15] (SUPERAntiSpyware.com) HKU\Dad\...\Policies\system: [DisableCMD] 0 HKU\Dad\...\Policies\system: [NoDispAppearancePage] 0 HKU\Dad\...\Policies\system: [NoDispBackgroundPage] 0 HKU\Dad\...\Policies\system: [NoDispSettingsPage] 0 HKU\installer\...\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x] Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 AppInit_DLLs: C:\Windows\system32\guard64.dll ==================== Services (Whitelisted) ====== 2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com) 2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [249648 2011-10-13] (Microsoft Corporation) 2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.) 2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [2815496 2012-03-11] (COMODO) 2 FlipShare Service; "C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe" [460144 2011-05-06] () 2 FlipShareServer; "C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe" [1085440 2011-05-06] () 3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation) 2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-12-12] () 2 WRSVC; "C:\Program Files\Webroot\WRSA.exe" -service [661080 2012-04-13] (Webroot) ========================== Drivers (Whitelisted) ============= 1 cmderd; C:\Windows\System32\Drivers\cmderd.sys [22696 2012-03-11] (COMODO) 1 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [577824 2012-03-11] (COMODO) 1 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [43248 2012-03-11] (COMODO) 3 cmudaxp; C:\Windows\System32\Drivers\cmudaxp.sys [1447424 2009-06-09] (C-Media Inc) 3 ENTECH64; C:\Windows\System32\Drivers\ENTECH64.sys [12744 2008-09-17] (EnTech Taiwan) 3 FTDIBUS; C:\Windows\System32\Drivers\FTDIBUS.sys [69320 2009-11-11] (FTDI Ltd.) 3 gdrv; \??\C:\Windows\gdrv.sys [24072 2010-01-07] (Windows ® Server 2003 DDK provider) 1 inspect; C:\Windows\System32\Drivers\inspect.sys [93200 2011-12-19] (COMODO) 1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) 1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) 2 SSPORT; C:\Windows\System32\Drivers\SSPORT.sys [11576 2010-06-09] (Samsung Electronics) 0 WRkrn; C:\Windows\System32\Drivers\WRkrn.sys [112168 2012-04-13] (Webroot) 3 cpuz130; \??\C:\Users\Dad\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-04-22 15:31 - 2009-09-24 12:12 - 0000000 ____D C:\FRST 2012-04-22 11:08 - 2012-04-22 11:01 - 0004096 ___AH C:\Users\Dad\Desktop\._dds.scr 2012-04-22 11:02 - - 0004096 ___AH C:\Users\Dad\Desktop\._dds.com 2012-04-22 10:52 - 2004-03-26 12:47 - 0045073 ____A C:\Users\Dad\Desktop\shot.jpg 2012-04-19 05:13 - 2012-04-13 16:06 - 0008270 ____A C:\Users\Dad\Desktop\hijackthis.log 2012-04-17 20:38 - 2012-01-02 12:03 - 0000000 ____A C:\Users\Dad\Downloads\dds.scr 2012-04-17 20:10 - 2011-10-25 13:42 - 0000000 ____D C:\Program Files (x86)\ESET 2012-04-17 20:02 - 2010-01-14 19:45 - 0000000 ____A C:\Users\Dad\Downloads\esetsmartinstaller_enu(2).exe 2012-04-17 14:40 - 2012-04-22 11:08 - 0000000 ____A C:\Windows\setuperr.log 2012-04-17 14:40 - 2009-07-13 20:45 - 0001868 ____A C:\Windows\setupact.log 2012-04-15 19:57 - 2010-07-21 09:49 - 0000000 ____D C:\2851d1b17679edb604 2012-04-15 19:56 - 2010-01-18 10:13 - 6970110 ____A C:\Users\Dad\Downloads\Windows6.1-KB2679255-v2-x64.msu 2012-04-15 19:56 - 2010-01-16 16:39 - 1528184 ____A (Microsoft Corporation) C:\Users\Dad\Downloads\GenuineCheck.exe 2012-04-15 19:56 - 2009-07-13 21:08 - 0000000 ____D C:\Users\All Users\Windows Genuine Advantage 2012-04-15 19:56 - 2009-07-13 21:08 - 0000000 ____D C:\ProgramData\Windows Genuine Advantage 2012-04-15 17:39 - 2010-01-06 11:58 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr 2012-04-15 17:39 - 2009-07-13 17:03 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe 2012-04-15 12:41 - 2009-07-13 20:54 - 0559614 ____A C:\Windows\WindowsUpdate.log 2012-04-15 07:00 - 2011-09-11 16:51 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com 2012-04-15 07:00 - 2011-09-11 16:51 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2012-04-15 07:00 - 2010-01-07 14:29 - 0000000 ____D C:\Users\Dad\AppData\Roaming\SUPERAntiSpyware.com 2012-04-15 07:00 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\SUPERAntiSpyware 2012-04-15 07:00 - 2009-06-02 09:57 - 0001852 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2012-04-15 06:59 - 2009-12-17 04:35 - 12903112 ____A (SUPERAntiSpyware.com) C:\Users\Dad\Downloads\SUPERAntiSpyware.exe 2012-04-13 18:38 - 2012-04-10 19:58 - 0000000 ____D C:\Users\Dad\AppData\Local\Focus Home Interactive 2012-04-13 16:56 - 2010-02-20 11:50 - 0000000 ____D C:\Users\All Users\Lavasoft 2012-04-13 16:56 - 2010-02-20 11:50 - 0000000 ____D C:\ProgramData\Lavasoft 2012-04-13 16:25 - 2012-04-15 19:56 - 0000000 ____D C:\Users\All Users\WRData 2012-04-13 16:25 - 2012-04-15 19:56 - 0000000 ____D C:\ProgramData\WRData 2012-04-13 16:25 - 2010-04-27 10:03 - 0112168 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys 2012-04-13 16:25 - 2009-07-13 21:09 - 0000000 ____D C:\Program Files\Webroot 2012-04-13 16:25 - 2009-07-13 17:39 - 0098224 ____A (Webroot) C:\Windows\System32\WRusr.dll 2012-04-13 16:25 - 2009-07-13 17:14 - 0146104 ____A (Webroot) C:\Windows\SysWOW64\WRusr.dll 2012-04-13 16:24 - 2011-09-14 11:06 - 0655872 ____A (Webroot) C:\Users\Dad\Downloads\wsacnetav.exe 2012-04-13 16:06 - 2011-12-26 13:37 - 0002093 ____A C:\Users\installer\Desktop\HijackThis.lnk 2012-04-13 16:03 - 2011-11-24 17:12 - 0000000 ____D C:\Users\All Users\AVAST Software 2012-04-13 16:03 - 2011-11-24 17:12 - 0000000 ____D C:\ProgramData\AVAST Software 2012-04-13 16:03 - 2011-11-24 17:11 - 0000000 ____D C:\Program Files\AVAST Software 2012-04-13 16:01 - 2012-01-14 09:13 - 74761776 ____A C:\Users\Dad\Downloads\avast_free_antivirus_setup.exe 2012-04-10 20:00 - 2012-04-22 11:20 - 0000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1388937940-463591034-3759548561-1001Core.job 2012-04-10 20:00 - 2012-04-19 20:14 - 0000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1388937940-463591034-3759548561-1001UA.job 2012-04-10 20:00 - 2010-02-18 17:59 - 0002382 ____A C:\Users\Dad\Desktop\Google Chrome.lnk 2012-04-10 13:07 - 2009-08-05 20:24 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys 2012-04-10 13:07 - 2009-07-13 17:41 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll 2012-04-10 13:07 - 2009-07-13 17:38 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll 2012-04-10 13:07 - 2009-07-13 17:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll 2012-04-10 13:07 - 2009-07-13 17:16 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2012-04-10 13:07 - 2009-07-13 17:14 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2012-04-10 13:07 - 2009-07-13 17:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll 2012-04-10 11:26 - 2012-02-27 22:39 - 1494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-04-10 11:26 - 2012-02-27 22:36 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-04-10 11:26 - 2012-02-27 21:38 - 1231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-04-10 11:26 - 2012-02-27 21:35 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-04-10 11:26 - 2012-02-27 20:31 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-04-10 11:26 - 2012-02-27 19:52 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-04-10 11:26 - 2011-02-18 02:54 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-04-10 11:26 - 2011-02-17 21:41 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-04-10 11:26 - 2010-11-20 05:27 - 1188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-04-10 11:26 - 2010-11-20 05:26 - 12264448 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-04-10 11:26 - 2010-11-20 04:21 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-04-10 11:26 - 2010-11-20 04:19 - 10992640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-04-10 11:26 - 2010-11-20 04:19 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-04-10 11:26 - 2009-07-13 17:41 - 2453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-04-10 11:26 - 2009-07-13 17:41 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-04-10 11:26 - 2009-07-13 17:41 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-04-10 11:26 - 2009-07-13 17:39 - 9020928 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-04-10 11:26 - 2009-07-13 17:16 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-04-10 11:26 - 2009-07-13 17:15 - 2073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-04-10 11:26 - 2009-07-13 17:15 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-04-10 11:26 - 2009-07-13 17:14 - 5998080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-04-10 11:26 - 2009-07-13 12:49 - 0702464 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll ============ 3 Months Modified Files and Folders ============= 2012-04-22 15:32 - 2012-04-22 15:31 - 0000000 ____D C:\FRST 2012-04-22 11:26 - 2012-04-15 12:41 - 0559614 ____A C:\Windows\WindowsUpdate.log 2012-04-22 11:25 - 2010-01-07 06:02 - 1474832 ____A C:\Windows\System32\Drivers\sfi.dat 2012-04-22 11:20 - 2010-01-20 16:13 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-04-22 11:13 - 2009-07-13 20:45 - 0015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-04-22 11:13 - 2009-07-13 20:45 - 0015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-04-22 11:09 - 2009-07-13 21:13 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI 2012-04-22 11:08 - 2012-04-22 11:08 - 0004096 ___AH C:\Users\Dad\Desktop\._dds.scr 2012-04-22 11:08 - 2012-04-17 14:40 - 0001868 ____A C:\Windows\setupact.log 2012-04-22 11:05 - 2012-04-10 20:00 - 0000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1388937940-463591034-3759548561-1001UA.job 2012-04-22 11:01 - 2012-04-22 11:02 - 0004096 ___AH C:\Users\Dad\Desktop\._dds.com 2012-04-22 10:52 - 2012-04-22 10:52 - 0045073 ____A C:\Users\Dad\Desktop\shot.jpg 2012-04-22 10:46 - 2012-04-13 16:25 - 0000000 ____D C:\Users\All Users\WRData 2012-04-22 10:46 - 2012-04-13 16:25 - 0000000 ____D C:\ProgramData\WRData 2012-04-22 10:36 - 2010-01-20 16:13 - 0000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-04-22 10:36 - 2009-12-04 21:34 - 3220037632 __ASH C:\hiberfil.sys 2012-04-22 10:36 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT 2012-04-19 20:14 - 2012-04-10 20:00 - 0000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1388937940-463591034-3759548561-1001Core.job 2012-04-19 20:10 - 2012-04-15 07:00 - 0001852 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2012-04-19 20:10 - 2012-01-17 17:37 - 0000866 ____A C:\Users\Public\Desktop\CCleaner.lnk 2012-04-19 05:13 - 2012-04-19 05:13 - 0008270 ____A C:\Users\Dad\Desktop\hijackthis.log 2012-04-17 20:38 - 2012-04-17 20:38 - 0000000 ____A C:\Users\Dad\Downloads\dds.scr 2012-04-17 20:11 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files 2012-04-17 20:10 - 2012-04-17 20:10 - 0000000 ____D C:\Program Files (x86)\ESET 2012-04-17 20:09 - 2009-12-04 18:52 - 0000000 ____D C:\users\Dad 2012-04-17 20:02 - 2012-04-17 20:02 - 0000000 ____A C:\Users\Dad\Downloads\esetsmartinstaller_enu(2).exe 2012-04-17 19:53 - 2010-06-18 19:15 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox 2012-04-17 14:40 - 2012-04-17 14:40 - 0000000 ____A C:\Windows\setuperr.log 2012-04-16 18:06 - 2012-04-10 20:00 - 0002382 ____A C:\Users\Dad\Desktop\Google Chrome.lnk 2012-04-15 19:57 - 2012-04-15 19:57 - 0000000 ____D C:\2851d1b17679edb604 2012-04-15 19:57 - 2012-04-15 19:56 - 6970110 ____A C:\Users\Dad\Downloads\Windows6.1-KB2679255-v2-x64.msu 2012-04-15 19:56 - 2012-04-15 19:56 - 1528184 ____A (Microsoft Corporation) C:\Users\Dad\Downloads\GenuineCheck.exe 2012-04-15 19:56 - 2012-04-15 19:56 - 0000000 ____D C:\Users\All Users\Windows Genuine Advantage 2012-04-15 19:56 - 2012-04-15 19:56 - 0000000 ____D C:\ProgramData\Windows Genuine Advantage 2012-04-15 17:39 - 2012-04-13 16:03 - 0000000 ____D C:\Users\All Users\AVAST Software 2012-04-15 17:39 - 2012-04-13 16:03 - 0000000 ____D C:\ProgramData\AVAST Software 2012-04-15 17:39 - 2012-04-13 16:03 - 0000000 ____D C:\Program Files\AVAST Software 2012-04-15 14:01 - 2012-04-15 07:00 - 0000000 ____D C:\Program Files\SUPERAntiSpyware 2012-04-15 12:39 - 2012-01-19 15:15 - 0000000 ____D C:\Users\Dad\Desktop\Clarkdale 2012-04-15 07:00 - 2012-04-15 07:00 - 0000000 ____D C:\Users\Dad\AppData\Roaming\SUPERAntiSpyware.com 2012-04-15 07:00 - 2012-04-15 07:00 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com 2012-04-15 07:00 - 2012-04-15 07:00 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2012-04-15 06:59 - 2012-04-15 06:59 - 12903112 ____A (SUPERAntiSpyware.com) C:\Users\Dad\Downloads\SUPERAntiSpyware.exe 2012-04-13 18:38 - 2012-04-13 18:38 - 0000000 ____D C:\Users\Dad\AppData\Local\Focus Home Interactive 2012-04-13 16:56 - 2012-04-13 16:56 - 0000000 ____D C:\Users\All Users\Lavasoft 2012-04-13 16:56 - 2012-04-13 16:56 - 0000000 ____D C:\ProgramData\Lavasoft 2012-04-13 16:30 - 2012-04-13 16:25 - 0146104 ____A (Webroot) C:\Windows\SysWOW64\WRusr.dll 2012-04-13 16:30 - 2012-04-13 16:25 - 0112168 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys 2012-04-13 16:30 - 2012-04-13 16:25 - 0098224 ____A (Webroot) C:\Windows\System32\WRusr.dll 2012-04-13 16:30 - 2012-04-13 16:25 - 0000000 ____D C:\Program Files\Webroot 2012-04-13 16:24 - 2012-04-13 16:24 - 0655872 ____A (Webroot) C:\Users\Dad\Downloads\wsacnetav.exe 2012-04-13 16:06 - 2012-04-13 16:06 - 0002093 ____A C:\Users\installer\Desktop\HijackThis.lnk 2012-04-13 16:06 - 2009-02-07 21:06 - 0002093 ____A C:\Users\Dad\Desktop\HijackThis.lnk 2012-04-13 16:02 - 2012-04-13 16:01 - 74761776 ____A C:\Users\Dad\Downloads\avast_free_antivirus_setup.exe 2012-04-10 20:00 - 2011-04-25 12:48 - 0000000 ____D C:\Users\Dad\AppData\Local\Deployment 2012-04-10 20:00 - 2010-01-20 16:13 - 0000000 ____D C:\Users\Dad\AppData\Local\Google 2012-04-10 19:59 - 2007-05-14 08:36 - 0000000 ____D C:\Program Files (x86)\Google 2012-04-10 19:58 - 2010-01-07 14:40 - 0000000 ____D C:\Users\Dad\AppData\Local\ElevatedDiagnostics 2012-04-10 16:48 - 2012-01-17 23:02 - 0000787 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-04-10 13:07 - 2009-12-04 23:00 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-04-04 11:56 - 2010-05-21 09:14 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-03-14 06:30 - 2009-07-13 20:45 - 0273200 ____A C:\Windows\System32\FNTCACHE.DAT 2012-03-11 19:28 - 2009-12-04 21:33 - 0000000 ____D C:\Windows\Panther 2012-03-11 13:13 - 2011-12-19 15:59 - 0577824 ____A (COMODO) C:\Windows\System32\Drivers\cmdGuard.sys 2012-03-11 13:13 - 2011-12-19 15:59 - 0043248 ____A (COMODO) C:\Windows\System32\Drivers\cmdhlp.sys 2012-03-11 13:13 - 2011-12-19 15:59 - 0022696 ____A (COMODO) C:\Windows\System32\Drivers\cmderd.sys 2012-03-11 13:13 - 2011-12-19 15:58 - 0389840 ____A (COMODO) C:\Windows\System32\guard64.dll 2012-03-11 13:13 - 2011-12-19 15:58 - 0301224 ____A (COMODO) C:\Windows\SysWOW64\guard32.dll 2012-03-11 13:13 - 2011-12-19 15:58 - 0041200 ____A (COMODO) C:\Windows\System32\cmdcsr.dll 2012-03-06 15:15 - 2012-04-15 17:39 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe 2012-03-06 15:15 - 2012-04-15 17:39 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr 2012-03-06 11:53 - 2009-12-04 23:13 - 0000000 ____D C:\Program Files (x86)\Windows Live 2012-03-05 18:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache 2012-03-02 20:32 - 2012-03-02 20:32 - 0640540 ____A C:\Users\Dad\Desktop\user_certificate.pdf 2012-03-01 14:56 - 2010-07-21 09:50 - 0000000 ____D C:\Users\installer\AppData\Roaming\Apple Computer 2012-02-29 22:46 - 2012-04-10 13:07 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys 2012-02-29 22:38 - 2012-04-10 13:07 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll 2012-02-29 22:33 - 2012-04-10 13:07 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll 2012-02-29 22:28 - 2012-04-10 13:07 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll 2012-02-29 21:37 - 2012-04-10 13:07 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2012-02-29 21:33 - 2012-04-10 13:07 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2012-02-29 21:29 - 2012-04-10 13:07 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll 2012-02-27 22:39 - 2012-04-10 11:26 - 1494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-02-27 22:39 - 2012-04-10 11:26 - 1188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-02-27 22:39 - 2012-04-10 11:26 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-02-27 22:36 - 2012-04-10 11:26 - 9020928 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-02-27 22:36 - 2012-04-10 11:26 - 0702464 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-02-27 22:36 - 2012-04-10 11:26 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-02-27 22:35 - 2012-04-10 11:26 - 2453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-02-27 22:35 - 2012-04-10 11:26 - 12264448 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-02-27 22:35 - 2012-04-10 11:26 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-02-27 22:35 - 2012-04-10 11:26 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-02-27 21:38 - 2012-04-10 11:26 - 1231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-02-27 21:38 - 2012-04-10 11:26 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-02-27 21:38 - 2012-04-10 11:26 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-02-27 21:35 - 2012-04-10 11:26 - 5998080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-02-27 21:35 - 2012-04-10 11:26 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-02-27 21:35 - 2012-04-10 11:26 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-02-27 21:34 - 2012-04-10 11:26 - 2073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-02-27 21:34 - 2012-04-10 11:26 - 10992640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-02-27 21:34 - 2012-04-10 11:26 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-02-27 21:34 - 2012-04-10 11:26 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-02-27 20:31 - 2012-04-10 11:26 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-02-27 19:52 - 2012-04-10 11:26 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-02-23 06:18 - 2009-12-04 19:48 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2012-02-17 18:52 - 2012-02-17 18:52 - 0000000 ____D C:\Users\Dad\Downloads\zdl_92 2012-02-17 18:47 - 2012-02-17 18:47 - 0060742 ____A C:\Users\Dad\Downloads\zdl_92.zip 2012-02-16 22:38 - 2012-03-13 17:01 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll 2012-02-16 21:34 - 2012-03-13 17:01 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll 2012-02-16 20:58 - 2012-03-13 17:01 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-02-16 20:57 - 2012-03-13 17:01 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys 2012-02-16 15:52 - 2012-02-16 15:52 - 0350998 ____A C:\Users\Dad\Downloads\jeffvjim.pdf.pdf 2012-02-15 23:57 - 2009-12-04 22:05 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2012-02-13 19:47 - 2012-02-13 19:47 - 0002323 ____A C:\Users\Dad\Desktop\Lshaped stairs.txt 2012-02-09 22:36 - 2012-03-13 17:02 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2012-02-09 21:38 - 2012-03-13 17:02 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2012-02-07 10:30 - 2012-02-07 10:02 - 0002240 ____A C:\Users\Dad\Documents\Cover Letter Dealership.rtf 2012-02-07 09:28 - 2012-02-07 09:29 - 1035217 ____A C:\Users\Dad\Desktop\Dealer Resume.pdf 2012-02-07 09:28 - 2012-02-07 09:23 - 1035217 ____A C:\Users\Dad\Desktop\Resume.pdf 2012-02-06 21:22 - 2012-02-06 21:22 - 0002994 ____A C:\Users\Dad\Documents\cc_20120207_002220.reg 2012-02-05 07:01 - 2009-07-13 21:08 - 0032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-02-02 20:34 - 2012-03-13 17:02 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-01-29 17:44 - 2012-01-29 17:44 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2012-01-29 17:28 - 2009-12-06 10:25 - 0000000 ____D C:\Users\Dad\AppData\Roaming\Apple Computer 2012-01-29 17:23 - 2012-01-29 17:23 - 0001783 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-01-29 17:22 - 2012-01-29 17:22 - 0000000 ____D C:\Program Files\iTunes 2012-01-29 17:22 - 2012-01-29 17:22 - 0000000 ____D C:\Program Files\iPod 2012-01-29 17:22 - 2008-03-08 19:20 - 0000000 ____D C:\Program Files (x86)\iTunes 2012-01-29 17:20 - 2012-01-29 17:20 - 0000628 ____A C:\Windows\System32\mapisvc.inf 2012-01-29 17:20 - 2010-01-15 08:49 - 0000000 ____D C:\Program Files\Common Files\Apple 2012-01-29 17:19 - 2012-01-29 17:19 - 0000000 ____D C:\Program Files\Bonjour 2012-01-29 17:19 - 2008-03-08 19:20 - 0000000 ____D C:\Program Files (x86)\Bonjour 2012-01-29 17:17 - 2007-11-17 16:08 - 0000000 ____D C:\Program Files (x86)\Apple Software Update 2012-01-26 09:08 - 2012-01-17 22:44 - 0000000 ____D C:\Users\All Users\Comodo 2012-01-26 09:08 - 2012-01-17 22:44 - 0000000 ____D C:\ProgramData\Comodo 2012-01-24 22:38 - 2012-03-13 17:01 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll 2012-01-24 22:38 - 2012-03-13 17:01 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll 2012-01-24 22:33 - 2012-03-13 17:01 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ========================= Memory info ====================== Percentage of memory in use: 14% Total physical RAM: 4094.49 MB Available physical RAM: 3515.63 MB Total Pagefile: 4092.64 MB Available Pagefile: 3498.47 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:139.73 GB) (Free:18.69 GB) NTFS ==>[Drive with boot components (obtanied from BCD)] 2 Drive d: ( ) (Fixed) (Total:931.51 GB) (Free:623.99 GB) NTFS 3 Drive e: (empire_disc2) (CDROM) (Total:4.14 GB) (Free:0 GB) CDFS 4 Drive f: (LEXAR) (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT32 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 139 GB 8 MB Disk 1 Online 931 GB 0 B Disk 2 Online 495 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 139 GB 31 KB ====================================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C NTFS Partition 139 GB Healthy ====================================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 931 GB 1024 KB ====================================================================================================== Disk: 1 Partition 1 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D NTFS Partition 931 GB Healthy ====================================================================================================== Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 495 MB 16 KB ====================================================================================================== Disk: 2 Partition 1 Type : 0B Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F LEXAR FAT32 Removable 495 MB Healthy ====================================================================================================== ========================================================== Last Boot: 2012-04-18 20:19 ======================= End Of Log ==========================

I was able to save the file to a thumbdrive on another computer and then copy to desktop on my infected computer. When I run the program (dds.com) I get the following error message.. "The version of this file is not compatible with the version of Windows you're running. Check your computer's system information to see whether you need an x86 (32-bit) or x64 (64-bit version of the program, then then contact the software publisher." I have Windows 7 Home Premium 64 bit operating system.