Jump to content

A mess


Recommended Posts

Merged Post

We look for post with 0 replies

Could use some help. I'm pretty sure I'm infected, happened 2 or so years ago, seems to be same symptoms, tons of disk access, I can't save any files, multiple svchost processes now running, computer wants to update windows with every shutdown, memory is hogged, computer changed behavior overnight. Comodo is giving me multiple warnings of unsigned programs wanting access and control. I tried to do as the pinned post states and run the dds program, but I cannot save it to desktop or anywhere else. I do have an old copy of hijack this on my desktop. Malwarebytes, Comodo, all say all is clear but something is wrong. Suggestions welcome.

in addition. I have 16 svchost.exe files running, unsecapp.exe running which I've never seen run before and plenty of other unfamiliar processes now running. I get the feeling a trojan has jacked me for remote access and keylogging

Link to post
Share on other sites

  • Staff

Hi,

Please do the following:

Please download DDS from either of these links

LINK 1

LINK 2

and save it to your desktop.

  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Attach.txt.

NEXT

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

NEXT

Please download TDSSKiller.zip

  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • As we are only looking for a log of what is on the machine right now > choose to skip whatever is found
    • Then click Continue > Reboot now

    [*]Copy and paste the log in your next reply

    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Link to post
Share on other sites

I cannot do the first step. I cannot save or run the DDS file. I get this message.. "File Access Denied" the text box says "You need permission to perform this action" "You require permission from Den\Dad to make changes to this file"

So I cannot save or run the dds program as asked in your first step.

Link to post
Share on other sites

I was able to save the file to a thumbdrive on another computer and then copy to desktop on my infected computer. When I run the program (dds.com) I get the following error message.. "The version of this file is not compatible with the version of Windows you're running. Check your computer's system information to see whether you need an x86 (32-bit) or x64 (64-bit version of the program, then then contact the software publisher."

I have Windows 7 Home Premium 64 bit operating system.

Link to post
Share on other sites

  • Staff

ok,

disregard the initial instructions and do this instead:

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to the disclaimer.

[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there

[*]Press Scan button.

[*]type exit and reboot the computer normally

[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool Version: 22-04-2012

Ran by SYSTEM at 22-04-2012 15:31:54

Running from F:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd [8126464 2009-06-09] (C-Media Corporation)

HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9569096 2012-03-11] (COMODO)

HKLM\...\Run: [bbPrintMonitor] C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe [201376 2010-11-30] (Bluebeam Software, Inc.)

HKLM\...\Run: [bbInstallUser] D:\Program Files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe [x]

HKLM-x32\...\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [311296 2010-05-04] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-10-25] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)

HKLM-x32\...\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul [661080 2012-04-13] (Webroot)

HKU\Dad\...\Run: [steam] "D:\Program Files (x86)\Steam\steam.exe" -silent [x]

HKU\Dad\...\Run: [Google Update] "C:\Users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-04-10] (Google Inc.)

HKU\Dad\...\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4785536 2012-04-15] (SUPERAntiSpyware.com)

HKU\Dad\...\Policies\system: [DisableCMD] 0

HKU\Dad\...\Policies\system: [NoDispAppearancePage] 0

HKU\Dad\...\Policies\system: [NoDispBackgroundPage] 0

HKU\Dad\...\Policies\system: [NoDispSettingsPage] 0

HKU\installer\...\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

AppInit_DLLs: C:\Windows\system32\guard64.dll

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)

2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [249648 2011-10-13] (Microsoft Corporation)

2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)

2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [2815496 2012-03-11] (COMODO)

2 FlipShare Service; "C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe" [460144 2011-05-06] ()

2 FlipShareServer; "C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe" [1085440 2011-05-06] ()

3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation)

2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-12-12] ()

2 WRSVC; "C:\Program Files\Webroot\WRSA.exe" -service [661080 2012-04-13] (Webroot)

========================== Drivers (Whitelisted) =============

1 cmderd; C:\Windows\System32\Drivers\cmderd.sys [22696 2012-03-11] (COMODO)

1 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [577824 2012-03-11] (COMODO)

1 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [43248 2012-03-11] (COMODO)

3 cmudaxp; C:\Windows\System32\Drivers\cmudaxp.sys [1447424 2009-06-09] (C-Media Inc)

3 ENTECH64; C:\Windows\System32\Drivers\ENTECH64.sys [12744 2008-09-17] (EnTech Taiwan)

3 FTDIBUS; C:\Windows\System32\Drivers\FTDIBUS.sys [69320 2009-11-11] (FTDI Ltd.)

3 gdrv; \??\C:\Windows\gdrv.sys [24072 2010-01-07] (Windows ® Server 2003 DDK provider)

1 inspect; C:\Windows\System32\Drivers\inspect.sys [93200 2011-12-19] (COMODO)

1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

2 SSPORT; C:\Windows\System32\Drivers\SSPORT.sys [11576 2010-06-09] (Samsung Electronics)

0 WRkrn; C:\Windows\System32\Drivers\WRkrn.sys [112168 2012-04-13] (Webroot)

3 cpuz130; \??\C:\Users\Dad\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-22 15:31 - 2009-09-24 12:12 - 0000000 ____D C:\FRST

2012-04-22 11:08 - 2012-04-22 11:01 - 0004096 ___AH C:\Users\Dad\Desktop\._dds.scr

2012-04-22 11:02 - - 0004096 ___AH C:\Users\Dad\Desktop\._dds.com

2012-04-22 10:52 - 2004-03-26 12:47 - 0045073 ____A C:\Users\Dad\Desktop\shot.jpg

2012-04-19 05:13 - 2012-04-13 16:06 - 0008270 ____A C:\Users\Dad\Desktop\hijackthis.log

2012-04-17 20:38 - 2012-01-02 12:03 - 0000000 ____A C:\Users\Dad\Downloads\dds.scr

2012-04-17 20:10 - 2011-10-25 13:42 - 0000000 ____D C:\Program Files (x86)\ESET

2012-04-17 20:02 - 2010-01-14 19:45 - 0000000 ____A C:\Users\Dad\Downloads\esetsmartinstaller_enu(2).exe

2012-04-17 14:40 - 2012-04-22 11:08 - 0000000 ____A C:\Windows\setuperr.log

2012-04-17 14:40 - 2009-07-13 20:45 - 0001868 ____A C:\Windows\setupact.log

2012-04-15 19:57 - 2010-07-21 09:49 - 0000000 ____D C:\2851d1b17679edb604

2012-04-15 19:56 - 2010-01-18 10:13 - 6970110 ____A C:\Users\Dad\Downloads\Windows6.1-KB2679255-v2-x64.msu

2012-04-15 19:56 - 2010-01-16 16:39 - 1528184 ____A (Microsoft Corporation) C:\Users\Dad\Downloads\GenuineCheck.exe

2012-04-15 19:56 - 2009-07-13 21:08 - 0000000 ____D C:\Users\All Users\Windows Genuine Advantage

2012-04-15 19:56 - 2009-07-13 21:08 - 0000000 ____D C:\ProgramData\Windows Genuine Advantage

2012-04-15 17:39 - 2010-01-06 11:58 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr

2012-04-15 17:39 - 2009-07-13 17:03 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe

2012-04-15 12:41 - 2009-07-13 20:54 - 0559614 ____A C:\Windows\WindowsUpdate.log

2012-04-15 07:00 - 2011-09-11 16:51 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com

2012-04-15 07:00 - 2011-09-11 16:51 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com

2012-04-15 07:00 - 2010-01-07 14:29 - 0000000 ____D C:\Users\Dad\AppData\Roaming\SUPERAntiSpyware.com

2012-04-15 07:00 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\SUPERAntiSpyware

2012-04-15 07:00 - 2009-06-02 09:57 - 0001852 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

2012-04-15 06:59 - 2009-12-17 04:35 - 12903112 ____A (SUPERAntiSpyware.com) C:\Users\Dad\Downloads\SUPERAntiSpyware.exe

2012-04-13 18:38 - 2012-04-10 19:58 - 0000000 ____D C:\Users\Dad\AppData\Local\Focus Home Interactive

2012-04-13 16:56 - 2010-02-20 11:50 - 0000000 ____D C:\Users\All Users\Lavasoft

2012-04-13 16:56 - 2010-02-20 11:50 - 0000000 ____D C:\ProgramData\Lavasoft

2012-04-13 16:25 - 2012-04-15 19:56 - 0000000 ____D C:\Users\All Users\WRData

2012-04-13 16:25 - 2012-04-15 19:56 - 0000000 ____D C:\ProgramData\WRData

2012-04-13 16:25 - 2010-04-27 10:03 - 0112168 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys

2012-04-13 16:25 - 2009-07-13 21:09 - 0000000 ____D C:\Program Files\Webroot

2012-04-13 16:25 - 2009-07-13 17:39 - 0098224 ____A (Webroot) C:\Windows\System32\WRusr.dll

2012-04-13 16:25 - 2009-07-13 17:14 - 0146104 ____A (Webroot) C:\Windows\SysWOW64\WRusr.dll

2012-04-13 16:24 - 2011-09-14 11:06 - 0655872 ____A (Webroot) C:\Users\Dad\Downloads\wsacnetav.exe

2012-04-13 16:06 - 2011-12-26 13:37 - 0002093 ____A C:\Users\installer\Desktop\HijackThis.lnk

2012-04-13 16:03 - 2011-11-24 17:12 - 0000000 ____D C:\Users\All Users\AVAST Software

2012-04-13 16:03 - 2011-11-24 17:12 - 0000000 ____D C:\ProgramData\AVAST Software

2012-04-13 16:03 - 2011-11-24 17:11 - 0000000 ____D C:\Program Files\AVAST Software

2012-04-13 16:01 - 2012-01-14 09:13 - 74761776 ____A C:\Users\Dad\Downloads\avast_free_antivirus_setup.exe

2012-04-10 20:00 - 2012-04-22 11:20 - 0000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1388937940-463591034-3759548561-1001Core.job

2012-04-10 20:00 - 2012-04-19 20:14 - 0000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1388937940-463591034-3759548561-1001UA.job

2012-04-10 20:00 - 2010-02-18 17:59 - 0002382 ____A C:\Users\Dad\Desktop\Google Chrome.lnk

2012-04-10 13:07 - 2009-08-05 20:24 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys

2012-04-10 13:07 - 2009-07-13 17:41 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll

2012-04-10 13:07 - 2009-07-13 17:38 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll

2012-04-10 13:07 - 2009-07-13 17:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll

2012-04-10 13:07 - 2009-07-13 17:16 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2012-04-10 13:07 - 2009-07-13 17:14 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll

2012-04-10 13:07 - 2009-07-13 17:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll

2012-04-10 11:26 - 2012-02-27 22:39 - 1494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-04-10 11:26 - 2012-02-27 22:36 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-04-10 11:26 - 2012-02-27 21:38 - 1231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-04-10 11:26 - 2012-02-27 21:35 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-04-10 11:26 - 2012-02-27 20:31 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-04-10 11:26 - 2012-02-27 19:52 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-04-10 11:26 - 2011-02-18 02:54 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-04-10 11:26 - 2011-02-17 21:41 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-04-10 11:26 - 2010-11-20 05:27 - 1188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-04-10 11:26 - 2010-11-20 05:26 - 12264448 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-04-10 11:26 - 2010-11-20 04:21 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-04-10 11:26 - 2010-11-20 04:19 - 10992640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-04-10 11:26 - 2010-11-20 04:19 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-04-10 11:26 - 2009-07-13 17:41 - 2453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-04-10 11:26 - 2009-07-13 17:41 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-04-10 11:26 - 2009-07-13 17:41 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-04-10 11:26 - 2009-07-13 17:39 - 9020928 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-04-10 11:26 - 2009-07-13 17:16 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-04-10 11:26 - 2009-07-13 17:15 - 2073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-04-10 11:26 - 2009-07-13 17:15 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-04-10 11:26 - 2009-07-13 17:14 - 5998080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-04-10 11:26 - 2009-07-13 12:49 - 0702464 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

============ 3 Months Modified Files and Folders =============

2012-04-22 15:32 - 2012-04-22 15:31 - 0000000 ____D C:\FRST

2012-04-22 11:26 - 2012-04-15 12:41 - 0559614 ____A C:\Windows\WindowsUpdate.log

2012-04-22 11:25 - 2010-01-07 06:02 - 1474832 ____A C:\Windows\System32\Drivers\sfi.dat

2012-04-22 11:20 - 2010-01-20 16:13 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-04-22 11:13 - 2009-07-13 20:45 - 0015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-04-22 11:13 - 2009-07-13 20:45 - 0015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-04-22 11:09 - 2009-07-13 21:13 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI

2012-04-22 11:08 - 2012-04-22 11:08 - 0004096 ___AH C:\Users\Dad\Desktop\._dds.scr

2012-04-22 11:08 - 2012-04-17 14:40 - 0001868 ____A C:\Windows\setupact.log

2012-04-22 11:05 - 2012-04-10 20:00 - 0000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1388937940-463591034-3759548561-1001UA.job

2012-04-22 11:01 - 2012-04-22 11:02 - 0004096 ___AH C:\Users\Dad\Desktop\._dds.com

2012-04-22 10:52 - 2012-04-22 10:52 - 0045073 ____A C:\Users\Dad\Desktop\shot.jpg

2012-04-22 10:46 - 2012-04-13 16:25 - 0000000 ____D C:\Users\All Users\WRData

2012-04-22 10:46 - 2012-04-13 16:25 - 0000000 ____D C:\ProgramData\WRData

2012-04-22 10:36 - 2010-01-20 16:13 - 0000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-04-22 10:36 - 2009-12-04 21:34 - 3220037632 __ASH C:\hiberfil.sys

2012-04-22 10:36 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT

2012-04-19 20:14 - 2012-04-10 20:00 - 0000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1388937940-463591034-3759548561-1001Core.job

2012-04-19 20:10 - 2012-04-15 07:00 - 0001852 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

2012-04-19 20:10 - 2012-01-17 17:37 - 0000866 ____A C:\Users\Public\Desktop\CCleaner.lnk

2012-04-19 05:13 - 2012-04-19 05:13 - 0008270 ____A C:\Users\Dad\Desktop\hijackthis.log

2012-04-17 20:38 - 2012-04-17 20:38 - 0000000 ____A C:\Users\Dad\Downloads\dds.scr

2012-04-17 20:11 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files

2012-04-17 20:10 - 2012-04-17 20:10 - 0000000 ____D C:\Program Files (x86)\ESET

2012-04-17 20:09 - 2009-12-04 18:52 - 0000000 ____D C:\users\Dad

2012-04-17 20:02 - 2012-04-17 20:02 - 0000000 ____A C:\Users\Dad\Downloads\esetsmartinstaller_enu(2).exe

2012-04-17 19:53 - 2010-06-18 19:15 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox

2012-04-17 14:40 - 2012-04-17 14:40 - 0000000 ____A C:\Windows\setuperr.log

2012-04-16 18:06 - 2012-04-10 20:00 - 0002382 ____A C:\Users\Dad\Desktop\Google Chrome.lnk

2012-04-15 19:57 - 2012-04-15 19:57 - 0000000 ____D C:\2851d1b17679edb604

2012-04-15 19:57 - 2012-04-15 19:56 - 6970110 ____A C:\Users\Dad\Downloads\Windows6.1-KB2679255-v2-x64.msu

2012-04-15 19:56 - 2012-04-15 19:56 - 1528184 ____A (Microsoft Corporation) C:\Users\Dad\Downloads\GenuineCheck.exe

2012-04-15 19:56 - 2012-04-15 19:56 - 0000000 ____D C:\Users\All Users\Windows Genuine Advantage

2012-04-15 19:56 - 2012-04-15 19:56 - 0000000 ____D C:\ProgramData\Windows Genuine Advantage

2012-04-15 17:39 - 2012-04-13 16:03 - 0000000 ____D C:\Users\All Users\AVAST Software

2012-04-15 17:39 - 2012-04-13 16:03 - 0000000 ____D C:\ProgramData\AVAST Software

2012-04-15 17:39 - 2012-04-13 16:03 - 0000000 ____D C:\Program Files\AVAST Software

2012-04-15 14:01 - 2012-04-15 07:00 - 0000000 ____D C:\Program Files\SUPERAntiSpyware

2012-04-15 12:39 - 2012-01-19 15:15 - 0000000 ____D C:\Users\Dad\Desktop\Clarkdale

2012-04-15 07:00 - 2012-04-15 07:00 - 0000000 ____D C:\Users\Dad\AppData\Roaming\SUPERAntiSpyware.com

2012-04-15 07:00 - 2012-04-15 07:00 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com

2012-04-15 07:00 - 2012-04-15 07:00 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com

2012-04-15 06:59 - 2012-04-15 06:59 - 12903112 ____A (SUPERAntiSpyware.com) C:\Users\Dad\Downloads\SUPERAntiSpyware.exe

2012-04-13 18:38 - 2012-04-13 18:38 - 0000000 ____D C:\Users\Dad\AppData\Local\Focus Home Interactive

2012-04-13 16:56 - 2012-04-13 16:56 - 0000000 ____D C:\Users\All Users\Lavasoft

2012-04-13 16:56 - 2012-04-13 16:56 - 0000000 ____D C:\ProgramData\Lavasoft

2012-04-13 16:30 - 2012-04-13 16:25 - 0146104 ____A (Webroot) C:\Windows\SysWOW64\WRusr.dll

2012-04-13 16:30 - 2012-04-13 16:25 - 0112168 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys

2012-04-13 16:30 - 2012-04-13 16:25 - 0098224 ____A (Webroot) C:\Windows\System32\WRusr.dll

2012-04-13 16:30 - 2012-04-13 16:25 - 0000000 ____D C:\Program Files\Webroot

2012-04-13 16:24 - 2012-04-13 16:24 - 0655872 ____A (Webroot) C:\Users\Dad\Downloads\wsacnetav.exe

2012-04-13 16:06 - 2012-04-13 16:06 - 0002093 ____A C:\Users\installer\Desktop\HijackThis.lnk

2012-04-13 16:06 - 2009-02-07 21:06 - 0002093 ____A C:\Users\Dad\Desktop\HijackThis.lnk

2012-04-13 16:02 - 2012-04-13 16:01 - 74761776 ____A C:\Users\Dad\Downloads\avast_free_antivirus_setup.exe

2012-04-10 20:00 - 2011-04-25 12:48 - 0000000 ____D C:\Users\Dad\AppData\Local\Deployment

2012-04-10 20:00 - 2010-01-20 16:13 - 0000000 ____D C:\Users\Dad\AppData\Local\Google

2012-04-10 19:59 - 2007-05-14 08:36 - 0000000 ____D C:\Program Files (x86)\Google

2012-04-10 19:58 - 2010-01-07 14:40 - 0000000 ____D C:\Users\Dad\AppData\Local\ElevatedDiagnostics

2012-04-10 16:48 - 2012-01-17 23:02 - 0000787 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-04-10 13:07 - 2009-12-04 23:00 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-04-04 11:56 - 2010-05-21 09:14 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-03-14 06:30 - 2009-07-13 20:45 - 0273200 ____A C:\Windows\System32\FNTCACHE.DAT

2012-03-11 19:28 - 2009-12-04 21:33 - 0000000 ____D C:\Windows\Panther

2012-03-11 13:13 - 2011-12-19 15:59 - 0577824 ____A (COMODO) C:\Windows\System32\Drivers\cmdGuard.sys

2012-03-11 13:13 - 2011-12-19 15:59 - 0043248 ____A (COMODO) C:\Windows\System32\Drivers\cmdhlp.sys

2012-03-11 13:13 - 2011-12-19 15:59 - 0022696 ____A (COMODO) C:\Windows\System32\Drivers\cmderd.sys

2012-03-11 13:13 - 2011-12-19 15:58 - 0389840 ____A (COMODO) C:\Windows\System32\guard64.dll

2012-03-11 13:13 - 2011-12-19 15:58 - 0301224 ____A (COMODO) C:\Windows\SysWOW64\guard32.dll

2012-03-11 13:13 - 2011-12-19 15:58 - 0041200 ____A (COMODO) C:\Windows\System32\cmdcsr.dll

2012-03-06 15:15 - 2012-04-15 17:39 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe

2012-03-06 15:15 - 2012-04-15 17:39 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr

2012-03-06 11:53 - 2009-12-04 23:13 - 0000000 ____D C:\Program Files (x86)\Windows Live

2012-03-05 18:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache

2012-03-02 20:32 - 2012-03-02 20:32 - 0640540 ____A C:\Users\Dad\Desktop\user_certificate.pdf

2012-03-01 14:56 - 2010-07-21 09:50 - 0000000 ____D C:\Users\installer\AppData\Roaming\Apple Computer

2012-02-29 22:46 - 2012-04-10 13:07 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys

2012-02-29 22:38 - 2012-04-10 13:07 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll

2012-02-29 22:33 - 2012-04-10 13:07 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll

2012-02-29 22:28 - 2012-04-10 13:07 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll

2012-02-29 21:37 - 2012-04-10 13:07 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2012-02-29 21:33 - 2012-04-10 13:07 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll

2012-02-29 21:29 - 2012-04-10 13:07 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll

2012-02-27 22:39 - 2012-04-10 11:26 - 1494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-02-27 22:39 - 2012-04-10 11:26 - 1188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-02-27 22:39 - 2012-04-10 11:26 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-02-27 22:36 - 2012-04-10 11:26 - 9020928 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-02-27 22:36 - 2012-04-10 11:26 - 0702464 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-02-27 22:36 - 2012-04-10 11:26 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-02-27 22:35 - 2012-04-10 11:26 - 2453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-02-27 22:35 - 2012-04-10 11:26 - 12264448 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-02-27 22:35 - 2012-04-10 11:26 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-02-27 22:35 - 2012-04-10 11:26 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-02-27 21:38 - 2012-04-10 11:26 - 1231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-02-27 21:38 - 2012-04-10 11:26 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-02-27 21:38 - 2012-04-10 11:26 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-02-27 21:35 - 2012-04-10 11:26 - 5998080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-02-27 21:35 - 2012-04-10 11:26 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-02-27 21:35 - 2012-04-10 11:26 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-02-27 21:34 - 2012-04-10 11:26 - 2073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-02-27 21:34 - 2012-04-10 11:26 - 10992640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-02-27 21:34 - 2012-04-10 11:26 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-02-27 21:34 - 2012-04-10 11:26 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-02-27 20:31 - 2012-04-10 11:26 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-02-27 19:52 - 2012-04-10 11:26 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-02-23 06:18 - 2009-12-04 19:48 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2012-02-17 18:52 - 2012-02-17 18:52 - 0000000 ____D C:\Users\Dad\Downloads\zdl_92

2012-02-17 18:47 - 2012-02-17 18:47 - 0060742 ____A C:\Users\Dad\Downloads\zdl_92.zip

2012-02-16 22:38 - 2012-03-13 17:01 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll

2012-02-16 21:34 - 2012-03-13 17:01 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll

2012-02-16 20:58 - 2012-03-13 17:01 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2012-02-16 20:57 - 2012-03-13 17:01 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys

2012-02-16 15:52 - 2012-02-16 15:52 - 0350998 ____A C:\Users\Dad\Downloads\jeffvjim.pdf.pdf

2012-02-15 23:57 - 2009-12-04 22:05 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2012-02-13 19:47 - 2012-02-13 19:47 - 0002323 ____A C:\Users\Dad\Desktop\Lshaped stairs.txt

2012-02-09 22:36 - 2012-03-13 17:02 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2012-02-09 21:38 - 2012-03-13 17:02 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2012-02-07 10:30 - 2012-02-07 10:02 - 0002240 ____A C:\Users\Dad\Documents\Cover Letter Dealership.rtf

2012-02-07 09:28 - 2012-02-07 09:29 - 1035217 ____A C:\Users\Dad\Desktop\Dealer Resume.pdf

2012-02-07 09:28 - 2012-02-07 09:23 - 1035217 ____A C:\Users\Dad\Desktop\Resume.pdf

2012-02-06 21:22 - 2012-02-06 21:22 - 0002994 ____A C:\Users\Dad\Documents\cc_20120207_002220.reg

2012-02-05 07:01 - 2009-07-13 21:08 - 0032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-02-02 20:34 - 2012-03-13 17:02 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-01-29 17:44 - 2012-01-29 17:44 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2012-01-29 17:28 - 2009-12-06 10:25 - 0000000 ____D C:\Users\Dad\AppData\Roaming\Apple Computer

2012-01-29 17:23 - 2012-01-29 17:23 - 0001783 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-01-29 17:22 - 2012-01-29 17:22 - 0000000 ____D C:\Program Files\iTunes

2012-01-29 17:22 - 2012-01-29 17:22 - 0000000 ____D C:\Program Files\iPod

2012-01-29 17:22 - 2008-03-08 19:20 - 0000000 ____D C:\Program Files (x86)\iTunes

2012-01-29 17:20 - 2012-01-29 17:20 - 0000628 ____A C:\Windows\System32\mapisvc.inf

2012-01-29 17:20 - 2010-01-15 08:49 - 0000000 ____D C:\Program Files\Common Files\Apple

2012-01-29 17:19 - 2012-01-29 17:19 - 0000000 ____D C:\Program Files\Bonjour

2012-01-29 17:19 - 2008-03-08 19:20 - 0000000 ____D C:\Program Files (x86)\Bonjour

2012-01-29 17:17 - 2007-11-17 16:08 - 0000000 ____D C:\Program Files (x86)\Apple Software Update

2012-01-26 09:08 - 2012-01-17 22:44 - 0000000 ____D C:\Users\All Users\Comodo

2012-01-26 09:08 - 2012-01-17 22:44 - 0000000 ____D C:\ProgramData\Comodo

2012-01-24 22:38 - 2012-03-13 17:01 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll

2012-01-24 22:38 - 2012-03-13 17:01 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll

2012-01-24 22:33 - 2012-03-13 17:01 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%

Total physical RAM: 4094.49 MB

Available physical RAM: 3515.63 MB

Total Pagefile: 4092.64 MB

Available Pagefile: 3498.47 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:139.73 GB) (Free:18.69 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]

2 Drive d: ( ) (Fixed) (Total:931.51 GB) (Free:623.99 GB) NTFS

3 Drive e: (empire_disc2) (CDROM) (Total:4.14 GB) (Free:0 GB) CDFS

4 Drive f: (LEXAR) (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT32

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 139 GB 8 MB

Disk 1 Online 931 GB 0 B

Disk 2 Online 495 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 139 GB 31 KB

======================================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C NTFS Partition 139 GB Healthy

======================================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 931 GB 1024 KB

======================================================================================================

Disk: 1

Partition 1

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 D NTFS Partition 931 GB Healthy

======================================================================================================

Partitions of Disk 2:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 495 MB 16 KB

======================================================================================================

Disk: 2

Partition 1

Type : 0B

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F LEXAR FAT32 Removable 495 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-18 20:19

======================= End Of Log ==========================

Link to post
Share on other sites

  • Staff

I'm not seeing any malware in that log at all,

I suspect you are having conflicts between all your security programs, you may have leftovers from uninstalls that are causing issues.

Please totally uninstall Comodo, Avast and Super Anti Spyware, (you can re-install once all the issues are resolved)

are you using the AV componant of Comodo or just the firewall componant?

Delete DDS from your desktop

I see you have CC Cleaner on board

please use it to delete all your temp files, then do a defrag (do not use the Registry cleaner componant of CC Cleaner)

First open an elevated Command Prompt

  • Go to Start > All Programs > Accessories
  • right click on the Command Prompt and choose “Run as administrator”
  • Type the following see how much your hard drive is fragmented (in this example, your C:\ drive):
  • defrag c: -a (be patient, this can take a while)
  • The resulting analysis will tell you a “Percent file fragmentation” and at the bottom, if you need to defragment the drive or not.
  • To fully defragment your C:\ drive type the following:
  • defrag c: -w
  • Give it time to run (it can take a while, best to leave the computer alone) and then you’re done!

NEXT

Refer to the ComboFix User's Guide

  1. Download ComboFix from one of these locations:
    Link 1
    Link 2
    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Please do not surf while your security programs are uninstalled.

(we will re-install them when we are done)

Link to post
Share on other sites

ComboFix 12-04-22.02 - Dad 04/22/2012 19:31:26.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2803 [GMT -4:00]

Running from: c:\users\Dad\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Dad\AppData\Roaming\Roaming

c:\users\Dad\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst

c:\users\Dad\Desktop\Setup.exe

c:\users\Dad\WINDOWS

c:\windows\TEMP\WRusr.dll-161149-1.tmp

D:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 )))))))))))))))))))))))))))))))

.

.

2012-04-22 23:36 . 2012-04-22 23:36 -------- d-----w- c:\users\installer\AppData\Local\temp

2012-04-22 23:12 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{812F36A1-A4E1-402B-91B7-0FFC79CE9CD8}\mpengine.dll

2012-04-16 03:57 . 2012-04-16 03:57 -------- d-----w- C:\2851d1b17679edb604

2012-04-16 01:39 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr

2012-04-16 01:39 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-04-15 15:00 . 2012-04-15 15:00 -------- d-----w- c:\users\Dad\AppData\Roaming\SUPERAntiSpyware.com

2012-04-15 15:00 . 2012-04-22 23:04 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-04-14 02:38 . 2012-04-14 02:38 -------- d-----w- c:\users\Dad\AppData\Local\Focus Home Interactive

2012-04-14 00:56 . 2012-04-14 00:56 -------- d-----w- c:\programdata\Lavasoft

2012-04-14 00:03 . 2012-04-16 01:39 -------- d-----w- c:\programdata\AVAST Software

2012-04-14 00:03 . 2012-04-16 01:39 -------- d-----w- c:\program files\AVAST Software

2012-04-10 21:07 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-10 21:07 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-10 21:07 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-10 21:07 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-10 21:07 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-10 21:07 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-10 21:07 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 19:56 . 2010-05-21 17:14 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-23 14:18 . 2009-12-05 03:48 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-17 06:38 . 2012-03-14 01:01 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-14 01:01 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-14 01:01 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-14 01:01 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 06:36 . 2012-03-14 01:02 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-14 01:02 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-03 04:34 . 2012-03-14 01:02 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-01-25 06:38 . 2012-03-14 01:01 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-01-25 06:38 . 2012-03-14 01:01 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-01-25 06:33 . 2012-03-14 01:01 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="d:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

STK02N 2.3 PNP Monitor.lnk - c:\windows\STK02N\STK02NM.exe [2011-12-6 163840]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoDevMgrUpdate"= 0 (0x0)

"NoDFSTab"= 0 (0x0)

"NoEncryptOnMove"= 0 (0x0)

"NoResolveTrack"= 0 (0x0)

"NoStartMenuSubFolders"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDevMgrUpdate"= 0 (0x0)

"NoDFSTab"= 0 (0x0)

"NoEncryptOnMove"= 0 (0x0)

"NoResolveTrack"= 0 (0x0)

"NoStartMenuSubFolders"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"DisableLocalMachineRun"= 0 (0x0)

"DisableLocalMachineRunOnce"= 0 (0x0)

"DisableCurrentUserRun"= 0 (0x0)

"DisableCurrentUserRunOnce"= 0 (0x0)

"NoFile"= 0 (0x0)

"HideClock"= 0 (0x0)

"NoDevMgrUpdate"= 0 (0x0)

"NoDFSTab"= 0 (0x0)

"NoEncryptOnMove"= 0 (0x0)

"NoResolveTrack"= 0 (0x0)

"NoStartMenuSubFolders"= 0 (0x0)

.

R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-15 133104]

R3 cpuz130;cpuz130;c:\users\Dad\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]

R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-15 133104]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 cmudaxp;HTO CLARO Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-15 15:21]

.

2012-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-15 15:21]

.

2012-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1388937940-463591034-3759548561-1001Core.job

- c:\users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-11 04:00]

.

2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1388937940-463591034-3759548561-1001UA.job

- c:\users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-11 04:00]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2009-06-09 8126464]

"BbPrintMonitor"="c:\program files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe" [2010-11-30 201376]

"BbInstallUser"="d:\program files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe" [2011-08-12 38560]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www9.eleadcrm.com/evo2/fresh/login.asp

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

Trusted Zone: eset.com\www

Trusted Zone: eset.eu\www

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\muycw2az.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/home.html

.

.

------- File Associations -------

.

inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*

txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1388937940-463591034-3759548561-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:0f,40,49,da,f0,a6,f7,a0,cc,75,9c,08,95,48,7b,06,84,9b,ac,9d,a2,8a,0a,

89,e8,aa,7f,f8,d2,f6,1c,25,1b,f1,31,1e,8d,34,16,44,38,67,c8,2c,23,88,d3,9c,\

"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f

.

[HKEY_USERS\S-1-5-21-1388937940-463591034-3759548561-1001\Software\SecuROM\License information*]

"datasecu"=hex:3d,bf,bc,bc,43,48,eb,85,d3,e7,41,f6,fd,d9,fc,fe,7c,e7,82,12,64,

f7,d3,55,1f,96,93,aa,17,78,27,91,0b,58,78,47,8d,33,02,32,6c,52,80,67,fd,41,\

"rkeysecu"=hex:fc,c0,7e,17,05,7d,fc,b5,1a,af,54,29,89,3b,60,32

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\windows\SysWOW64\rundll32.exe

.

**************************************************************************

.

Completion time: 2012-04-22 20:07:32 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-23 00:07

.

Pre-Run: 20,677,472,256 bytes free

Post-Run: 20,300,832,768 bytes free

.

- - End Of File - - 9633C65C6C4C4B46835CDD847F0ED216

Link to post
Share on other sites

  • Staff

looking better,

please run the following

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

NEXT

when you have completed the scans, please re-install only one antivirus product of your choice (and one firewall if you so choose)

if you would like my recommendation please ask

Link to post
Share on other sites

MALWAREBYTES

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.24.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Dad :: DEN [administrator]

4/24/2012 6:56:31 PM

mbam-log-2012-04-24 (18-56-31).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 231959

Time elapsed: 2 minute(s), 3 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

ESET

C:\Users\Dad\Downloads\KeyFinderInstaller.exe Win32/OpenCandy application

Thanks for your help up to this point, and I have been using Comodo, but I would welcome your recommendation for an antivirus/firewall

Link to post
Share on other sites

  • Staff

Comodo has a good reputation, so if you like it, use it.

If you wanted a recommendation for a free antivirus when your subscription to Comodo Expires, then I would recommend Microsoft Security Essentials. Avast and Avira Antivir are very good free products also.

For paid products, ESET, Kaspersky and Emisoft make excellent Antivirus products as well. It really comes down to the product that works best with your systems configuration. Unfortunately there isn't an antivirus product that can detect everything, so safe browsing habits are the best defence.

But remember to only use one Antivirus and one firewall, you can add an antimalware product as well (MalwareBytes).

Please run the following so I can make certain you are clean. How is your computer running now? Are there any outsranding issues?

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs

Link to post
Share on other sites

OTL TEXT

OTL logfile created on: 4/25/2012 12:15:25 AM - Run 1

OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Dad\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.83 Gb Available Physical Memory | 70.73% Memory free

8.00 Gb Paging File | 6.48 Gb Available in Paging File | 81.01% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 139.73 Gb Total Space | 18.51 Gb Free Space | 13.25% Space Free | Partition Type: NTFS

Drive D: | 931.51 Gb Total Space | 624.57 Gb Free Space | 67.05% Space Free | Partition Type: NTFS

Drive E: | 4.14 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DEN | User Name: Dad | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/25 00:13:27 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe

PRC - [2011/12/13 01:16:49 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

PRC - [2011/08/02 15:22:59 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Program Files (x86)\Steam\steam.exe

PRC - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe

PRC - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe

PRC - [2007/03/21 19:50:00 | 000,163,840 | ---- | M] (Syntek Ltd.) -- C:\Windows\STK02N\STK02NM.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/22 19:08:16 | 020,297,512 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\libcef.dll

MOD - [2012/04/22 19:08:16 | 001,099,576 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\avcodec-53.dll

MOD - [2012/04/22 19:08:16 | 000,907,048 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\chromehtml.dll

MOD - [2012/04/22 19:08:16 | 000,190,776 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\avformat-53.dll

MOD - [2012/04/22 19:08:16 | 000,123,192 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\avutil-51.dll

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/11 21:13:24 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)

SRV:64bit: - [2011/10/25 22:00:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2011/12/13 01:16:49 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)

SRV - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)

SRV - [2011/04/16 08:04:46 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2006/10/18 20:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/11 21:13:40 | 000,022,696 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/10/25 23:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2011/10/25 23:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/10/25 21:21:58 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/06/06 18:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 09:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 09:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/06/09 07:02:47 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)

DRV:64bit: - [2010/04/27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)

DRV:64bit: - [2010/04/27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)

DRV:64bit: - [2010/04/27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)

DRV:64bit: - [2010/04/27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)

DRV:64bit: - [2009/11/11 16:58:58 | 000,069,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)

DRV:64bit: - [2009/09/30 10:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009/08/06 00:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/09 09:50:00 | 001,447,424 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)

DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2008/09/17 15:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)

DRV - [2010/01/07 10:53:57 | 000,024,072 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www9.eleadcrm.com/evo2/fresh/login.asp

IE - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/home.html"

FF - prefs.js..network.proxy.ftp: ":0"

FF - prefs.js..network.proxy.gopher: ":0"

FF - prefs.js..network.proxy.http: ":0"

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: ":0"

FF - prefs.js..network.proxy.ssl: ":0"

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dad\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dad\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/13 01:18:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/11 20:50:27 | 000,000,000 | ---D | M]

[2010/06/18 23:16:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Extensions

[2010/06/19 12:13:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\muycw2az.default\extensions

[2011/12/13 01:18:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/11/24 21:13:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2011/12/13 01:18:24 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011/10/30 18:54:39 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/12/13 01:18:24 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Live Search (Enabled)

CHR - default_search_provider: search_url = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

CHR - default_search_provider: suggest_url =

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Dad\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dad\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dad\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll

CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll

CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - Extension: YouTube = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Gmail = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/22 20:04:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

O4:64bit: - HKLM..\Run: [bbInstallUser] D:\Program Files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe (Bluebeam Software, Inc.)

O4:64bit: - HKLM..\Run: [bbPrintMonitor] C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe (Bluebeam Software, Inc.)

O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)

O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001..\Run: [steam] D:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0

O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0

O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0

O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0

O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0

O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0

O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0

O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0

O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0

O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0

O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0

O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0

O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\..Trusted Domains: eset.com ([www] https in Trusted sites)

O15 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\..Trusted Domains: eset.eu ([www] https in Trusted sites)

O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67AECB70-88D1-4342-9B34-831D7322FCF8}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - File not found

O29:64bit: - HKLM SecurityProviders - (digest.dll) - File not found

O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - File not found

O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found

O29 - HKLM SecurityProviders - (digest.dll) - File not found

O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/25 00:13:39 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe

[2012/04/24 22:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO

[2012/04/24 22:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo

[2012/04/24 22:35:33 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO

[2012/04/24 22:34:35 | 091,767,744 | ---- | C] (COMODO) -- C:\Users\Dad\Desktop\cispremium_installer.exe

[2012/04/24 19:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/04/23 14:04:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/04/22 20:07:34 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/04/22 19:31:35 | 000,000,000 | ---D | C] -- C:\FRST

[2012/04/22 19:30:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/04/22 19:30:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/04/22 19:30:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/04/22 19:30:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/04/22 19:30:08 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/04/22 19:29:02 | 004,472,002 | R--- | C] (Swearware) -- C:\Users\Dad\Desktop\ComboFix.exe

[2012/04/15 23:57:06 | 000,000,000 | ---D | C] -- C:\2851d1b17679edb604

[2012/04/15 23:56:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage

[2012/04/15 21:39:14 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2012/04/15 21:39:13 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2012/04/15 11:00:26 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\SUPERAntiSpyware.com

[2012/04/15 11:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012/04/13 22:38:40 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\Focus Home Interactive

[2012/04/13 20:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

[2012/04/13 20:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis

[2012/04/13 20:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2012/04/13 20:03:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2012/04/11 00:00:53 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/25 00:20:04 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/04/25 00:14:03 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat

[2012/04/25 00:13:27 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe

[2012/04/25 00:05:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1388937940-463591034-3759548561-1001UA.job

[2012/04/25 00:05:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1388937940-463591034-3759548561-1001Core.job

[2012/04/24 23:03:16 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/04/24 23:03:16 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/04/24 23:00:09 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/04/24 23:00:09 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/04/24 23:00:09 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/04/24 22:54:30 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/04/24 22:54:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/04/24 22:54:05 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/24 22:35:41 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk

[2012/04/24 22:34:35 | 091,767,744 | ---- | M] (COMODO) -- C:\Users\Dad\Desktop\cispremium_installer.exe

[2012/04/22 20:04:40 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/04/22 19:29:04 | 004,472,002 | R--- | M] (Swearware) -- C:\Users\Dad\Desktop\ComboFix.exe

[2012/04/22 14:52:16 | 000,045,073 | ---- | M] () -- C:\Users\Dad\Desktop\shot.jpg

[2012/04/20 00:10:01 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/04/16 22:06:43 | 000,002,382 | ---- | M] () -- C:\Users\Dad\Desktop\Google Chrome.lnk

[2012/04/13 20:06:19 | 000,002,093 | ---- | M] () -- C:\Users\Dad\Desktop\HijackThis.lnk

[2012/04/10 20:48:53 | 000,000,787 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/24 22:35:41 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk

[2012/04/22 19:30:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/04/22 19:30:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/04/22 19:30:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/04/22 19:30:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/04/22 19:30:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/04/22 14:52:16 | 000,045,073 | ---- | C] () -- C:\Users\Dad\Desktop\shot.jpg

[2012/04/11 00:00:55 | 000,002,382 | ---- | C] () -- C:\Users\Dad\Desktop\Google Chrome.lnk

[2012/04/11 00:00:33 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1388937940-463591034-3759548561-1001UA.job

[2012/04/11 00:00:32 | 000,000,848 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1388937940-463591034-3759548561-1001Core.job

[2011/10/25 22:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll

[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll

[2011/10/25 21:38:38 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2011/10/25 21:38:38 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2011/09/29 12:46:29 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011/09/19 12:20:48 | 000,003,584 | ---- | C] () -- C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/07/28 17:55:44 | 015,079,936 | R--- | C] () -- C:\Windows\SysWow64\BGP901.dll

[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2010/11/08 13:31:42 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ealtest.exe

[2010/11/06 01:02:18 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\FileOut.cns

[2010/11/06 01:02:18 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\FileIn.cns

[2010/09/24 10:15:46 | 000,678,912 | R--- | C] () -- C:\Windows\SysWow64\Bluebeam Javascript Library.dll

[2010/09/24 10:15:42 | 000,246,272 | R--- | C] () -- C:\Windows\SysWow64\Bluebeam JPX Library.dll

[2010/07/21 13:22:30 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat

[2010/06/18 23:16:05 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

========== LOP Check ==========

[2012/01/17 21:42:54 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\BitTorrent

[2012/01/19 19:23:41 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Canon

[2010/01/07 09:52:01 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\CheckPoint

[2011/01/20 21:13:44 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Command & Conquer 3 Tiberium Wars

[2011/09/19 12:20:32 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Flip Video

[2009/12/26 00:44:32 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Foxit

[2010/01/28 14:52:22 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Foxit Software

[2011/10/25 17:39:53 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Origin

[2012/01/02 01:13:14 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Quest3D

[2011/05/03 22:48:06 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\The Creative Assembly

[2011/09/14 16:35:50 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\wargaming.net

[2011/09/29 15:28:12 | 000,000,000 | ---D | M] -- C:\Users\installer\AppData\Roaming\Origin

[2012/02/05 11:01:16 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >

[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe

[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe

[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe

[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe

[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >

[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe

[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe

[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe

[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe

[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >

[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe

[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe

[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >

[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe

[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /rp /s >

========== Drive Information ==========

Physical Drives

---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media

Interface type: IDE

Media Type: Fixed hard disk media

Model: WDC WD1500ADFD-00NLR1 ATA Device

Partitions: 1

Status: OK

Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media

Interface type: IDE

Media Type: Fixed hard disk media

Model: WDC WD1001FALS-00J7B0 ATA Device

Partitions: 1

Status: OK

Status Info: 0

Partitions

---------------

DeviceID: Disk #0, Partition #0

PartitionType: Installable File System

Bootable: True

BootPartition: True

PrimaryPartition: True

Size: 140.00GB

Starting Offset: 32256

Hidden sectors: 0

DeviceID: Disk #1, Partition #0

PartitionType: Installable File System

Bootable: False

BootPartition: False

PrimaryPartition: True

Size: 932.00GB

Starting Offset: 1048576

Hidden sectors: 0

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction

[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction

[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction

[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction

[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction

[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction

[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction

[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction

[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction

[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction

[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction

[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction

[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction

[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction

[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction

[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction

[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction

[C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction

[C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction

[C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction

[C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction

[C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction

[C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction

[C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction

[C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction

[C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction

[C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction

[C:\Windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction

[C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

< End of report >

EXTRAS TXT

OTL Extras logfile created on: 4/25/2012 12:15:25 AM - Run 1

OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Dad\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.83 Gb Available Physical Memory | 70.73% Memory free

8.00 Gb Paging File | 6.48 Gb Available in Paging File | 81.01% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 139.73 Gb Total Space | 18.51 Gb Free Space | 13.25% Space Free | Partition Type: NTFS

Drive D: | 931.51 Gb Total Space | 624.57 Gb Free Space | 67.05% Space Free | Partition Type: NTFS

Drive E: | 4.14 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DEN | User Name: Dad | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = internetshortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-19\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-20\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"FirewallOverride" = 0

"AntivirusOverride" = 0

"AntiSpywareDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}" = Canon MP830

"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4BE9F0B8-FF3D-5CAA-9BF2-CB6F3DF75D3B}" = ccc-utility64

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{52FB2985-F3AD-DAA7-7645-4E38A5B96E17}" = AMD Catalyst Install Manager

"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6A9B5F9E-CAF3-2264-9DA0-E374F9A34279}" = AMD Drag and Drop Transcoding

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support

"{7AF56904-5FDC-4D67-87FE-C21E6659668D}" = Bluebeam PDF Revu Standard x64 v9.5.0

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant

"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud

"{D675AFB3-E32E-0935-3C1F-58D5D05A77A6}" = ATI AVIVO64 Codecs

"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F7513E19-6224-485E-988D-9BF45BE64B53}" = Windows Live Family Safety

"{FA54C4B1-98E3-AEFA-7254-C4038DC739AF}" = AMD Media Foundation Decoders

"405C837EDDEC53ADABD0D214AEB9094C9D21DB1A" = Windows Driver Package - Superchips, Inc. USB CDM Driver Package (11/12/2009 2.06.00)

"6455F36EFE99712B85F18A1CC930511C155814E9" = Windows Driver Package - Superchips, Inc. USB Programmer Drivers (11/12/2009 2.06.00)

"CCleaner" = CCleaner

"C-Media Oxygen HD Audio Driver" = HT OMEGA CLARO

"DCS A-10C_is1" = DCS A-10C

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{053A7E07-3D44-4CDB-B79C-EE8755BFD7D6}" = Class_50_Content_Update

"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding

"{1BF4CB15-6055-452A-8487-021AE2D91208}" = Crysis® 2 Demo

"{1BF82343-8EE6-8B76-90CF-31059B9D1842}" = CCC Help English

"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.6

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B1848}" = Supreme Commander Demo

"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 29

"{28ACABF5-34E8-45CE-B4B3-47A5FA38E875}" = Superchips Easy Update

"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)

"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker

"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime

"{45C8D17D-B5E0-4e93-8370-4329AB16D2A0}" = Battlefield 3™ Open Beta

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{566664F6-B34E-41A6-AD1D-4ED22DA334AE}" = Crysis ModSDK

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package

"{70C3CC75-9E14-D215-8FAD-5ABEAE3125D9}" = Catalyst Control Center

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7E4B7FD9-4ECE-4298-A910-3160B7918059}" = CryEngine®2 Sandbox2

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003

"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer

"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X

"{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration

"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar

"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BF7C1B99-A250-45EF-B186-0C33B7308F95}" = SD40-2_Content_Update

"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3

"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E42E07F5-5A90-4BA9-B55A-79FCF9EAF9B5}" = STK02N 2.3

"{E9A1960E-7756-2299-C700-DC7CA6EDD6E4}" = Catalyst Control Center InstallProxy

"{E9D98510-A8B6-E39C-B8BA-BA9A511E040C}" = Catalyst Control Center Graphics Previews Common

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Battlelog Web Plugins" = Battlelog Web Plugins

"BitTorrent" = BitTorrent

"Classic PDF Editor_is1" = Classic PDF Editor 12.0

"C-Media Oxygen HD Sound" = HT OMEGA CLARO

"ComcastHSI" = Comcast High-Speed Internet Install Wizard

"ESET Online Scanner" = ESET Online Scanner v3

"f1mustang_FSX" = Flight1 Citation Mustang

"Fleet Command" = Jane's Fleet Command

"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration

"FMOD Designer" = FMOD Designer

"Foxit Reader" = Foxit Reader

"FSFDT FSCopilot" = FSFDT FSCopilot

"FSFDT FSInn" = FSFDT FSInn

"HijackThis" = HijackThis 2.0.2

"InstallShield_{7AF56904-5FDC-4D67-87FE-C21E6659668D}" = Bluebeam PDF Revu Standard x64 v9.5.0

"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X

"KeyFinder_is1" = Magical Jelly Bean KeyFinder

"KMOD Nations at War" = KMOD Nations at War

"KMOD NaW ~ Diagnostic Tool" = KMOD NaW ~ Diagnostic Tool

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package

"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)

"OpenAL" = OpenAL

"Origin" = Origin

"PunkBusterSvc" = PunkBuster Services

"RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X

"SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X Service Pack 1

"Steam App 10500" = Empire: Total War

"Steam App 107400" = ARMA 2: Free

"Steam App 1600" = Dangerous Waters

"Steam App 201760" = Cities XL 2012

"Steam App 204050" = Take on Helicopters Demo

"Steam App 21940" = World in Conflict - Demo

"Steam App 24600" = Trainz 2009: Railroad Simulator

"Steam App 3130" = Men of War: Red Tide

"Steam App 34330" = Total War: SHOGUN 2

"Steam App 40100" = Supreme Commander 2

"Steam App 47890" = The Sims 3

"Steam App 48810" = Ship Simulator Extremes Demo

"Steam App 61010" = Digital Combat Simulator: A-10C Warthog

"Steam App 64000" = Men of War: Assault Squad

"Steam App 7830" = Men of War

"Steam App 91200" = Anomaly Warzone Earth

"Train Simulator 1.0" = Microsoft Train Simulator

"v1.1.0" = v1.1.0 of A Proper Empire: Terra Incognita

"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

The computer seems to be running normal now, I havent tried to run windows update yet, going to do that after I get the all clear. Don't know what caused this, my son was playing a steam game and after he shut it down and I turned it back on was when it got all goofy. He reports nothing unusual happened that he saw. Dunno.

Link to post
Share on other sites

  • Staff

Hi,

Please do the following:

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

    :Files
    ipconfig /flushdns /c

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log

NEXT

javaicon.jpgYour Java is out of date.

Java™ 6 Update 29 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.

An update should begin; > follow the prompts.

NEXT

Please advise how the computer is running now and if there are any outstanding issues

Link to post
Share on other sites

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1388937940-463591034-3759548561-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.

Registry value HKEY_USERS\S-1-5-21-1388937940-463591034-3759548561-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Dad\Desktop\cmd.bat deleted successfully.

C:\Users\Dad\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Dad

->Temp folder emptied: 1115506 bytes

->Temporary Internet Files folder emptied: 36682969 bytes

->Java cache emptied: 25034105 bytes

->FireFox cache emptied: 51112774 bytes

->Google Chrome cache emptied: 232934865 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 2407 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56504 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: installer

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 76312119 bytes

->Google Chrome cache emptied: 235450215 bytes

->Flash cache emptied: 63750 bytes

User: Owner

->Temp folder emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 200704 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 6522 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 96688 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 629.00 mb

OTL by OldTimer - Version 3.2.42.0 log created on 04252012_181820

Files\Folders moved on Reboot...

C:\Users\Dad\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Java taken care of also.

As far as how its running, ok except on this reboot I did not have internet access for about 10 minutes. My network status indicator in the lower right screenbar showed I had internet access on Network 2, I could not open any pages. And my fresh install of Comodo Internet Security is not working, it says Comodo Application Agent is not running (antivirus off). A self diagnostic scan showed no problems with the install..

Link to post
Share on other sites

  • Staff

looking through the Comodo Forum, that seems to be a common problem with Comodo,

try this:

1. Run services.msc

2. Right click on "COMODO Firewall Pro Helper Service" and choose properties

3. Select "logon" tab and enable the service for the hardware profile

4. Select the general tab and start the service

5. Go to directory "C:\program files\COMODO\Firewall" and run cmdagent.exe

6. Close CFP on tray and start it again

other users uninstalled, then re-installed again and that seemed to fix the problem, have a look at some of the responses here

Did you regain use of the internet?

I suspect that may have had something to do with a setting in Comodo as well.

Let me know if Comodo was able to be started

Link to post
Share on other sites

Yes I also noted that this problem seems to be common with other comodo users. I went into the services.msc and when I looked under the general tab it said the service was running. Yet Comodo still reported it not running. Went into directory and tried launching cmdagent.exe, and it blinked for a second, but comodo still reported it not running. Quit Comodo, restarted it and it immediately reported all systems are active and running. Its like comodo was not recognizing cmdagent was running. This happened once before also. I may just go with one of your other recommendations for a AV/Firewall option if this continues. I did regain use of the internet, it just started working, no Idea why it was reporting no network issues yet I could not open webpages. Another odd thing is my Internet Explorer is working again, it has not been working for some time, only the 64Bit Internet Explorer was working. The regular internet explorer would never launch. Now after our work here its working again. So all seems to be in order.

A look at windows update shows 14 optional updates, 13 are updates for windows7x64 systems and one is IE9 for Win7x64. Should I run the updates yet?

Link to post
Share on other sites

  • Staff

Yes, run the updates now, we are ready to clean up our tools, I am glad to hear everything is working as it should.

please do the following:

You can delete the FRST, TDSSKiller, DDS and aswMBR logs and programs from your desktop.

NEXT

Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Combofix_uninstall_image.jpg

NEXT

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If there are any logs/tools remaining on your desktop > right click and delete them.

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    [*]Download TFC to your desktop

    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean

    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

    [*]WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    • Green to go
    • Yellow for caution
    • Red to stop

    WOT has an addon available for both Firefox and IE

    [*]Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

    [*]ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

    [*]In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:

    PC Safety and Security--What Do I Need?.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Link to post
Share on other sites

just updated windows, and again it took almost 10 minutes to allow internet access. Comodo defense+ alert is giving a bunch of popups again of programs " modifying the protected registry key" and other warnings. Dont know why comodo is going nuts, i've run it for a couple of years without issues. For example "taskeng.exe is trying to execute googleupdate.exe". Another is "trustedinstaller.exe is about to obtain restore privelidge" and also "trustedinstaller.exe is trying to create a new fille or directory in C:windows\logs\cbs\filterlist.log"

I dont know if I should ignore these and allow them or is there still something amiss. I'm still getting tons of disk access after startup, and the long delay till full program loading is complete and I can get on the internet.

Also getting "trustedinstaller.exe wants to create C:\windows\temp\outofProcReport1998418.txt"

No Idea whats different and why this is up. I'm assuming trustedinstaller.exe is a windows file, perhaps this is related to the windows updates I installed?

Link to post
Share on other sites

  • Staff

yes, those programs would have been related to the windows updates

Comodo can be difficult to 'train', it may just not be suited to your system.

Let me know if switching it for alternate products resolves any outstanding issues and speeds up your connection.

Link to post
Share on other sites

Uninstalled Comodo, installed Microsoft Security Essentials. Not having the fail to connect to internet anymore. Still running over 60 processes, but if thats normal I'll live with it. Followed your instructions from you next to last post, and I think I'm good from here on out. Of course, thank you for your time, I did have a good infection a couple of years ago and a volunteer on one of these forums got me through that mess. I appreciate all of your help.

Link to post
Share on other sites

  • Staff

Have a look at this topic here

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve performance.

Link to post
Share on other sites

It just seems there are probably a lot of processes I dont need to have running, on idle I'm using over 1.6 gigs of memory, cpu usage is not too high, throttles up and down but hovers around 5%. I should go to a ssd so I dont have to listen to my hd's constant disk access, it bugs me.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.