01vfrrider Posted April 18, 2012 ID:543686 Share Posted April 18, 2012 Merged PostWe look for post with 0 repliesCould use some help. I'm pretty sure I'm infected, happened 2 or so years ago, seems to be same symptoms, tons of disk access, I can't save any files, multiple svchost processes now running, computer wants to update windows with every shutdown, memory is hogged, computer changed behavior overnight. Comodo is giving me multiple warnings of unsigned programs wanting access and control. I tried to do as the pinned post states and run the dds program, but I cannot save it to desktop or anywhere else. I do have an old copy of hijack this on my desktop. Malwarebytes, Comodo, all say all is clear but something is wrong. Suggestions welcome.in addition. I have 16 svchost.exe files running, unsecapp.exe running which I've never seen run before and plenty of other unfamiliar processes now running. I get the feeling a trojan has jacked me for remote access and keylogging Link to post Share on other sites More sharing options...
Staff CatByte Posted April 20, 2012 Staff ID:544514 Share Posted April 20, 2012 Hi,Please do the following:Please download DDS from either of these linksLINK 1 LINK 2and save it to your desktop.Disable any script blocking protection Double click dds to run the tool. When done, two DDS.txt's will open. Save both reports to your desktop.---------------------------------------------------Please include the contents of the following in your next reply:DDS.txtAttach.txt. NEXTPlease download aswMBR to your desktop.Double click the aswMBR.exe icon to run itWhen asked if you want to download Avast's virus definitions please select Yes.Click the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as wellNEXTPlease download TDSSKiller.zipExtract it to your desktopDouble click TDSSKiller.exewhen the window opens, click on Change Parametersunder ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”click OK Press Start ScanAs we are only looking for a log of what is on the machine right now > choose to skip whatever is foundThen click Continue > Reboot now[*]Copy and paste the log in your next replyA copy of the log will be saved automatically to the root of the drive (typically C:\) Link to post Share on other sites More sharing options...
01vfrrider Posted April 22, 2012 Author ID:544991 Share Posted April 22, 2012 I cannot do the first step. I cannot save or run the DDS file. I get this message.. "File Access Denied" the text box says "You need permission to perform this action" "You require permission from Den\Dad to make changes to this file"So I cannot save or run the dds program as asked in your first step. Link to post Share on other sites More sharing options...
01vfrrider Posted April 22, 2012 Author ID:544995 Share Posted April 22, 2012 I was able to save the file to a thumbdrive on another computer and then copy to desktop on my infected computer. When I run the program (dds.com) I get the following error message.. "The version of this file is not compatible with the version of Windows you're running. Check your computer's system information to see whether you need an x86 (32-bit) or x64 (64-bit version of the program, then then contact the software publisher."I have Windows 7 Home Premium 64 bit operating system. Link to post Share on other sites More sharing options...
Staff CatByte Posted April 22, 2012 Staff ID:544997 Share Posted April 22, 2012 ok,disregard the initial instructions and do this instead:For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to the disclaimer.[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there[*]Press Scan button.[*]type exit and reboot the computer normally[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply. Link to post Share on other sites More sharing options...
01vfrrider Posted April 22, 2012 Author ID:545003 Share Posted April 22, 2012 Scan result of Farbar Recovery Scan Tool Version: 22-04-2012Ran by SYSTEM at 22-04-2012 15:31:54Running from F:\Windows 7 Home Premium (X64) OS Language: English(US)The current controlset is ControlSet001========================== Registry (Whitelisted) =============HKLM\...\Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd [8126464 2009-06-09] (C-Media Corporation)HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9569096 2012-03-11] (COMODO)HKLM\...\Run: [bbPrintMonitor] C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe [201376 2010-11-30] (Bluebeam Software, Inc.)HKLM\...\Run: [bbInstallUser] D:\Program Files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe [x]HKLM-x32\...\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [311296 2010-05-04] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-10-25] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)HKLM-x32\...\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul [661080 2012-04-13] (Webroot)HKU\Dad\...\Run: [steam] "D:\Program Files (x86)\Steam\steam.exe" -silent [x]HKU\Dad\...\Run: [Google Update] "C:\Users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-04-10] (Google Inc.)HKU\Dad\...\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4785536 2012-04-15] (SUPERAntiSpyware.com)HKU\Dad\...\Policies\system: [DisableCMD] 0HKU\Dad\...\Policies\system: [NoDispAppearancePage] 0HKU\Dad\...\Policies\system: [NoDispBackgroundPage] 0HKU\Dad\...\Policies\system: [NoDispSettingsPage] 0HKU\installer\...\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]Tcpip\Parameters: [DhcpNameServer] 192.168.1.1AppInit_DLLs: C:\Windows\system32\guard64.dll==================== Services (Whitelisted) ======2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [249648 2011-10-13] (Microsoft Corporation)2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [2815496 2012-03-11] (COMODO)2 FlipShare Service; "C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe" [460144 2011-05-06] ()2 FlipShareServer; "C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe" [1085440 2011-05-06] ()3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation)2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-12-12] ()2 WRSVC; "C:\Program Files\Webroot\WRSA.exe" -service [661080 2012-04-13] (Webroot)========================== Drivers (Whitelisted) =============1 cmderd; C:\Windows\System32\Drivers\cmderd.sys [22696 2012-03-11] (COMODO)1 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [577824 2012-03-11] (COMODO)1 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [43248 2012-03-11] (COMODO)3 cmudaxp; C:\Windows\System32\Drivers\cmudaxp.sys [1447424 2009-06-09] (C-Media Inc)3 ENTECH64; C:\Windows\System32\Drivers\ENTECH64.sys [12744 2008-09-17] (EnTech Taiwan)3 FTDIBUS; C:\Windows\System32\Drivers\FTDIBUS.sys [69320 2009-11-11] (FTDI Ltd.)3 gdrv; \??\C:\Windows\gdrv.sys [24072 2010-01-07] (Windows ® Server 2003 DDK provider)1 inspect; C:\Windows\System32\Drivers\inspect.sys [93200 2011-12-19] (COMODO)1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)2 SSPORT; C:\Windows\System32\Drivers\SSPORT.sys [11576 2010-06-09] (Samsung Electronics)0 WRkrn; C:\Windows\System32\Drivers\WRkrn.sys [112168 2012-04-13] (Webroot)3 cpuz130; \??\C:\Users\Dad\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]========================== NetSvcs (Whitelisted) ======================= One Month Created Files and Folders ==============2012-04-22 15:31 - 2009-09-24 12:12 - 0000000 ____D C:\FRST2012-04-22 11:08 - 2012-04-22 11:01 - 0004096 ___AH C:\Users\Dad\Desktop\._dds.scr2012-04-22 11:02 - - 0004096 ___AH C:\Users\Dad\Desktop\._dds.com2012-04-22 10:52 - 2004-03-26 12:47 - 0045073 ____A C:\Users\Dad\Desktop\shot.jpg2012-04-19 05:13 - 2012-04-13 16:06 - 0008270 ____A C:\Users\Dad\Desktop\hijackthis.log2012-04-17 20:38 - 2012-01-02 12:03 - 0000000 ____A C:\Users\Dad\Downloads\dds.scr2012-04-17 20:10 - 2011-10-25 13:42 - 0000000 ____D C:\Program Files (x86)\ESET2012-04-17 20:02 - 2010-01-14 19:45 - 0000000 ____A C:\Users\Dad\Downloads\esetsmartinstaller_enu(2).exe2012-04-17 14:40 - 2012-04-22 11:08 - 0000000 ____A C:\Windows\setuperr.log2012-04-17 14:40 - 2009-07-13 20:45 - 0001868 ____A C:\Windows\setupact.log2012-04-15 19:57 - 2010-07-21 09:49 - 0000000 ____D C:\2851d1b17679edb6042012-04-15 19:56 - 2010-01-18 10:13 - 6970110 ____A C:\Users\Dad\Downloads\Windows6.1-KB2679255-v2-x64.msu2012-04-15 19:56 - 2010-01-16 16:39 - 1528184 ____A (Microsoft Corporation) C:\Users\Dad\Downloads\GenuineCheck.exe2012-04-15 19:56 - 2009-07-13 21:08 - 0000000 ____D C:\Users\All Users\Windows Genuine Advantage2012-04-15 19:56 - 2009-07-13 21:08 - 0000000 ____D C:\ProgramData\Windows Genuine Advantage2012-04-15 17:39 - 2010-01-06 11:58 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr2012-04-15 17:39 - 2009-07-13 17:03 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe2012-04-15 12:41 - 2009-07-13 20:54 - 0559614 ____A C:\Windows\WindowsUpdate.log2012-04-15 07:00 - 2011-09-11 16:51 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com2012-04-15 07:00 - 2011-09-11 16:51 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com2012-04-15 07:00 - 2010-01-07 14:29 - 0000000 ____D C:\Users\Dad\AppData\Roaming\SUPERAntiSpyware.com2012-04-15 07:00 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\SUPERAntiSpyware2012-04-15 07:00 - 2009-06-02 09:57 - 0001852 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk2012-04-15 06:59 - 2009-12-17 04:35 - 12903112 ____A (SUPERAntiSpyware.com) C:\Users\Dad\Downloads\SUPERAntiSpyware.exe2012-04-13 18:38 - 2012-04-10 19:58 - 0000000 ____D C:\Users\Dad\AppData\Local\Focus Home Interactive2012-04-13 16:56 - 2010-02-20 11:50 - 0000000 ____D C:\Users\All Users\Lavasoft2012-04-13 16:56 - 2010-02-20 11:50 - 0000000 ____D C:\ProgramData\Lavasoft2012-04-13 16:25 - 2012-04-15 19:56 - 0000000 ____D C:\Users\All Users\WRData2012-04-13 16:25 - 2012-04-15 19:56 - 0000000 ____D C:\ProgramData\WRData2012-04-13 16:25 - 2010-04-27 10:03 - 0112168 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys2012-04-13 16:25 - 2009-07-13 21:09 - 0000000 ____D C:\Program Files\Webroot2012-04-13 16:25 - 2009-07-13 17:39 - 0098224 ____A (Webroot) C:\Windows\System32\WRusr.dll2012-04-13 16:25 - 2009-07-13 17:14 - 0146104 ____A (Webroot) C:\Windows\SysWOW64\WRusr.dll2012-04-13 16:24 - 2011-09-14 11:06 - 0655872 ____A (Webroot) C:\Users\Dad\Downloads\wsacnetav.exe2012-04-13 16:06 - 2011-12-26 13:37 - 0002093 ____A C:\Users\installer\Desktop\HijackThis.lnk2012-04-13 16:03 - 2011-11-24 17:12 - 0000000 ____D C:\Users\All Users\AVAST Software2012-04-13 16:03 - 2011-11-24 17:12 - 0000000 ____D C:\ProgramData\AVAST Software2012-04-13 16:03 - 2011-11-24 17:11 - 0000000 ____D C:\Program Files\AVAST Software2012-04-13 16:01 - 2012-01-14 09:13 - 74761776 ____A C:\Users\Dad\Downloads\avast_free_antivirus_setup.exe2012-04-10 20:00 - 2012-04-22 11:20 - 0000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1388937940-463591034-3759548561-1001Core.job2012-04-10 20:00 - 2012-04-19 20:14 - 0000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1388937940-463591034-3759548561-1001UA.job2012-04-10 20:00 - 2010-02-18 17:59 - 0002382 ____A C:\Users\Dad\Desktop\Google Chrome.lnk2012-04-10 13:07 - 2009-08-05 20:24 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys2012-04-10 13:07 - 2009-07-13 17:41 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll2012-04-10 13:07 - 2009-07-13 17:38 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll2012-04-10 13:07 - 2009-07-13 17:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll2012-04-10 13:07 - 2009-07-13 17:16 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll2012-04-10 13:07 - 2009-07-13 17:14 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll2012-04-10 13:07 - 2009-07-13 17:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll2012-04-10 11:26 - 2012-02-27 22:39 - 1494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2012-04-10 11:26 - 2012-02-27 22:36 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2012-04-10 11:26 - 2012-02-27 21:38 - 1231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2012-04-10 11:26 - 2012-02-27 21:35 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2012-04-10 11:26 - 2012-02-27 20:31 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2012-04-10 11:26 - 2012-02-27 19:52 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2012-04-10 11:26 - 2011-02-18 02:54 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2012-04-10 11:26 - 2011-02-17 21:41 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2012-04-10 11:26 - 2010-11-20 05:27 - 1188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2012-04-10 11:26 - 2010-11-20 05:26 - 12264448 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2012-04-10 11:26 - 2010-11-20 04:21 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2012-04-10 11:26 - 2010-11-20 04:19 - 10992640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2012-04-10 11:26 - 2010-11-20 04:19 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2012-04-10 11:26 - 2009-07-13 17:41 - 2453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2012-04-10 11:26 - 2009-07-13 17:41 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2012-04-10 11:26 - 2009-07-13 17:41 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2012-04-10 11:26 - 2009-07-13 17:39 - 9020928 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2012-04-10 11:26 - 2009-07-13 17:16 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2012-04-10 11:26 - 2009-07-13 17:15 - 2073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2012-04-10 11:26 - 2009-07-13 17:15 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2012-04-10 11:26 - 2009-07-13 17:14 - 5998080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2012-04-10 11:26 - 2009-07-13 12:49 - 0702464 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll============ 3 Months Modified Files and Folders =============2012-04-22 15:32 - 2012-04-22 15:31 - 0000000 ____D C:\FRST2012-04-22 11:26 - 2012-04-15 12:41 - 0559614 ____A C:\Windows\WindowsUpdate.log2012-04-22 11:25 - 2010-01-07 06:02 - 1474832 ____A C:\Windows\System32\Drivers\sfi.dat2012-04-22 11:20 - 2010-01-20 16:13 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2012-04-22 11:13 - 2009-07-13 20:45 - 0015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02012-04-22 11:13 - 2009-07-13 20:45 - 0015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02012-04-22 11:09 - 2009-07-13 21:13 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI2012-04-22 11:08 - 2012-04-22 11:08 - 0004096 ___AH C:\Users\Dad\Desktop\._dds.scr2012-04-22 11:08 - 2012-04-17 14:40 - 0001868 ____A C:\Windows\setupact.log2012-04-22 11:05 - 2012-04-10 20:00 - 0000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1388937940-463591034-3759548561-1001UA.job2012-04-22 11:01 - 2012-04-22 11:02 - 0004096 ___AH C:\Users\Dad\Desktop\._dds.com2012-04-22 10:52 - 2012-04-22 10:52 - 0045073 ____A C:\Users\Dad\Desktop\shot.jpg2012-04-22 10:46 - 2012-04-13 16:25 - 0000000 ____D C:\Users\All Users\WRData2012-04-22 10:46 - 2012-04-13 16:25 - 0000000 ____D C:\ProgramData\WRData2012-04-22 10:36 - 2010-01-20 16:13 - 0000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2012-04-22 10:36 - 2009-12-04 21:34 - 3220037632 __ASH C:\hiberfil.sys2012-04-22 10:36 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT2012-04-19 20:14 - 2012-04-10 20:00 - 0000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1388937940-463591034-3759548561-1001Core.job2012-04-19 20:10 - 2012-04-15 07:00 - 0001852 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk2012-04-19 20:10 - 2012-01-17 17:37 - 0000866 ____A C:\Users\Public\Desktop\CCleaner.lnk2012-04-19 05:13 - 2012-04-19 05:13 - 0008270 ____A C:\Users\Dad\Desktop\hijackthis.log2012-04-17 20:38 - 2012-04-17 20:38 - 0000000 ____A C:\Users\Dad\Downloads\dds.scr2012-04-17 20:11 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files2012-04-17 20:10 - 2012-04-17 20:10 - 0000000 ____D C:\Program Files (x86)\ESET2012-04-17 20:09 - 2009-12-04 18:52 - 0000000 ____D C:\users\Dad2012-04-17 20:02 - 2012-04-17 20:02 - 0000000 ____A C:\Users\Dad\Downloads\esetsmartinstaller_enu(2).exe2012-04-17 19:53 - 2010-06-18 19:15 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox2012-04-17 14:40 - 2012-04-17 14:40 - 0000000 ____A C:\Windows\setuperr.log2012-04-16 18:06 - 2012-04-10 20:00 - 0002382 ____A C:\Users\Dad\Desktop\Google Chrome.lnk2012-04-15 19:57 - 2012-04-15 19:57 - 0000000 ____D C:\2851d1b17679edb6042012-04-15 19:57 - 2012-04-15 19:56 - 6970110 ____A C:\Users\Dad\Downloads\Windows6.1-KB2679255-v2-x64.msu2012-04-15 19:56 - 2012-04-15 19:56 - 1528184 ____A (Microsoft Corporation) C:\Users\Dad\Downloads\GenuineCheck.exe2012-04-15 19:56 - 2012-04-15 19:56 - 0000000 ____D C:\Users\All Users\Windows Genuine Advantage2012-04-15 19:56 - 2012-04-15 19:56 - 0000000 ____D C:\ProgramData\Windows Genuine Advantage2012-04-15 17:39 - 2012-04-13 16:03 - 0000000 ____D C:\Users\All Users\AVAST Software2012-04-15 17:39 - 2012-04-13 16:03 - 0000000 ____D C:\ProgramData\AVAST Software2012-04-15 17:39 - 2012-04-13 16:03 - 0000000 ____D C:\Program Files\AVAST Software2012-04-15 14:01 - 2012-04-15 07:00 - 0000000 ____D C:\Program Files\SUPERAntiSpyware2012-04-15 12:39 - 2012-01-19 15:15 - 0000000 ____D C:\Users\Dad\Desktop\Clarkdale2012-04-15 07:00 - 2012-04-15 07:00 - 0000000 ____D C:\Users\Dad\AppData\Roaming\SUPERAntiSpyware.com2012-04-15 07:00 - 2012-04-15 07:00 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com2012-04-15 07:00 - 2012-04-15 07:00 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com2012-04-15 06:59 - 2012-04-15 06:59 - 12903112 ____A (SUPERAntiSpyware.com) C:\Users\Dad\Downloads\SUPERAntiSpyware.exe2012-04-13 18:38 - 2012-04-13 18:38 - 0000000 ____D C:\Users\Dad\AppData\Local\Focus Home Interactive2012-04-13 16:56 - 2012-04-13 16:56 - 0000000 ____D C:\Users\All Users\Lavasoft2012-04-13 16:56 - 2012-04-13 16:56 - 0000000 ____D C:\ProgramData\Lavasoft2012-04-13 16:30 - 2012-04-13 16:25 - 0146104 ____A (Webroot) C:\Windows\SysWOW64\WRusr.dll2012-04-13 16:30 - 2012-04-13 16:25 - 0112168 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys2012-04-13 16:30 - 2012-04-13 16:25 - 0098224 ____A (Webroot) C:\Windows\System32\WRusr.dll2012-04-13 16:30 - 2012-04-13 16:25 - 0000000 ____D C:\Program Files\Webroot2012-04-13 16:24 - 2012-04-13 16:24 - 0655872 ____A (Webroot) C:\Users\Dad\Downloads\wsacnetav.exe2012-04-13 16:06 - 2012-04-13 16:06 - 0002093 ____A C:\Users\installer\Desktop\HijackThis.lnk2012-04-13 16:06 - 2009-02-07 21:06 - 0002093 ____A C:\Users\Dad\Desktop\HijackThis.lnk2012-04-13 16:02 - 2012-04-13 16:01 - 74761776 ____A C:\Users\Dad\Downloads\avast_free_antivirus_setup.exe2012-04-10 20:00 - 2011-04-25 12:48 - 0000000 ____D C:\Users\Dad\AppData\Local\Deployment2012-04-10 20:00 - 2010-01-20 16:13 - 0000000 ____D C:\Users\Dad\AppData\Local\Google2012-04-10 19:59 - 2007-05-14 08:36 - 0000000 ____D C:\Program Files (x86)\Google2012-04-10 19:58 - 2010-01-07 14:40 - 0000000 ____D C:\Users\Dad\AppData\Local\ElevatedDiagnostics2012-04-10 16:48 - 2012-01-17 23:02 - 0000787 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2012-04-10 13:07 - 2009-12-04 23:00 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe2012-04-04 11:56 - 2010-05-21 09:14 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys2012-03-14 06:30 - 2009-07-13 20:45 - 0273200 ____A C:\Windows\System32\FNTCACHE.DAT2012-03-11 19:28 - 2009-12-04 21:33 - 0000000 ____D C:\Windows\Panther2012-03-11 13:13 - 2011-12-19 15:59 - 0577824 ____A (COMODO) C:\Windows\System32\Drivers\cmdGuard.sys2012-03-11 13:13 - 2011-12-19 15:59 - 0043248 ____A (COMODO) C:\Windows\System32\Drivers\cmdhlp.sys2012-03-11 13:13 - 2011-12-19 15:59 - 0022696 ____A (COMODO) C:\Windows\System32\Drivers\cmderd.sys2012-03-11 13:13 - 2011-12-19 15:58 - 0389840 ____A (COMODO) C:\Windows\System32\guard64.dll2012-03-11 13:13 - 2011-12-19 15:58 - 0301224 ____A (COMODO) C:\Windows\SysWOW64\guard32.dll2012-03-11 13:13 - 2011-12-19 15:58 - 0041200 ____A (COMODO) C:\Windows\System32\cmdcsr.dll2012-03-06 15:15 - 2012-04-15 17:39 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe2012-03-06 15:15 - 2012-04-15 17:39 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr2012-03-06 11:53 - 2009-12-04 23:13 - 0000000 ____D C:\Program Files (x86)\Windows Live2012-03-05 18:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache2012-03-02 20:32 - 2012-03-02 20:32 - 0640540 ____A C:\Users\Dad\Desktop\user_certificate.pdf2012-03-01 14:56 - 2010-07-21 09:50 - 0000000 ____D C:\Users\installer\AppData\Roaming\Apple Computer2012-02-29 22:46 - 2012-04-10 13:07 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys2012-02-29 22:38 - 2012-04-10 13:07 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll2012-02-29 22:33 - 2012-04-10 13:07 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll2012-02-29 22:28 - 2012-04-10 13:07 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll2012-02-29 21:37 - 2012-04-10 13:07 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll2012-02-29 21:33 - 2012-04-10 13:07 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll2012-02-29 21:29 - 2012-04-10 13:07 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll2012-02-27 22:39 - 2012-04-10 11:26 - 1494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2012-02-27 22:39 - 2012-04-10 11:26 - 1188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2012-02-27 22:39 - 2012-04-10 11:26 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2012-02-27 22:36 - 2012-04-10 11:26 - 9020928 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2012-02-27 22:36 - 2012-04-10 11:26 - 0702464 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2012-02-27 22:36 - 2012-04-10 11:26 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2012-02-27 22:35 - 2012-04-10 11:26 - 2453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2012-02-27 22:35 - 2012-04-10 11:26 - 12264448 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2012-02-27 22:35 - 2012-04-10 11:26 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2012-02-27 22:35 - 2012-04-10 11:26 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2012-02-27 21:38 - 2012-04-10 11:26 - 1231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2012-02-27 21:38 - 2012-04-10 11:26 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2012-02-27 21:38 - 2012-04-10 11:26 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2012-02-27 21:35 - 2012-04-10 11:26 - 5998080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2012-02-27 21:35 - 2012-04-10 11:26 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2012-02-27 21:35 - 2012-04-10 11:26 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2012-02-27 21:34 - 2012-04-10 11:26 - 2073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2012-02-27 21:34 - 2012-04-10 11:26 - 10992640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2012-02-27 21:34 - 2012-04-10 11:26 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2012-02-27 21:34 - 2012-04-10 11:26 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2012-02-27 20:31 - 2012-04-10 11:26 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2012-02-27 19:52 - 2012-04-10 11:26 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2012-02-23 06:18 - 2009-12-04 19:48 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe2012-02-17 18:52 - 2012-02-17 18:52 - 0000000 ____D C:\Users\Dad\Downloads\zdl_922012-02-17 18:47 - 2012-02-17 18:47 - 0060742 ____A C:\Users\Dad\Downloads\zdl_92.zip2012-02-16 22:38 - 2012-03-13 17:01 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll2012-02-16 21:34 - 2012-03-13 17:01 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll2012-02-16 20:58 - 2012-03-13 17:01 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys2012-02-16 20:57 - 2012-03-13 17:01 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys2012-02-16 15:52 - 2012-02-16 15:52 - 0350998 ____A C:\Users\Dad\Downloads\jeffvjim.pdf.pdf2012-02-15 23:57 - 2009-12-04 22:05 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight2012-02-13 19:47 - 2012-02-13 19:47 - 0002323 ____A C:\Users\Dad\Desktop\Lshaped stairs.txt2012-02-09 22:36 - 2012-03-13 17:02 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll2012-02-09 21:38 - 2012-03-13 17:02 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2012-02-07 10:30 - 2012-02-07 10:02 - 0002240 ____A C:\Users\Dad\Documents\Cover Letter Dealership.rtf2012-02-07 09:28 - 2012-02-07 09:29 - 1035217 ____A C:\Users\Dad\Desktop\Dealer Resume.pdf2012-02-07 09:28 - 2012-02-07 09:23 - 1035217 ____A C:\Users\Dad\Desktop\Resume.pdf2012-02-06 21:22 - 2012-02-06 21:22 - 0002994 ____A C:\Users\Dad\Documents\cc_20120207_002220.reg2012-02-05 07:01 - 2009-07-13 21:08 - 0032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT2012-02-02 20:34 - 2012-03-13 17:02 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys2012-01-29 17:44 - 2012-01-29 17:44 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf2012-01-29 17:28 - 2009-12-06 10:25 - 0000000 ____D C:\Users\Dad\AppData\Roaming\Apple Computer2012-01-29 17:23 - 2012-01-29 17:23 - 0001783 ____A C:\Users\Public\Desktop\iTunes.lnk2012-01-29 17:22 - 2012-01-29 17:22 - 0000000 ____D C:\Program Files\iTunes2012-01-29 17:22 - 2012-01-29 17:22 - 0000000 ____D C:\Program Files\iPod2012-01-29 17:22 - 2008-03-08 19:20 - 0000000 ____D C:\Program Files (x86)\iTunes2012-01-29 17:20 - 2012-01-29 17:20 - 0000628 ____A C:\Windows\System32\mapisvc.inf2012-01-29 17:20 - 2010-01-15 08:49 - 0000000 ____D C:\Program Files\Common Files\Apple2012-01-29 17:19 - 2012-01-29 17:19 - 0000000 ____D C:\Program Files\Bonjour2012-01-29 17:19 - 2008-03-08 19:20 - 0000000 ____D C:\Program Files (x86)\Bonjour2012-01-29 17:17 - 2007-11-17 16:08 - 0000000 ____D C:\Program Files (x86)\Apple Software Update2012-01-26 09:08 - 2012-01-17 22:44 - 0000000 ____D C:\Users\All Users\Comodo2012-01-26 09:08 - 2012-01-17 22:44 - 0000000 ____D C:\ProgramData\Comodo2012-01-24 22:38 - 2012-03-13 17:01 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll2012-01-24 22:38 - 2012-03-13 17:01 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll2012-01-24 22:33 - 2012-03-13 17:01 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe========================= Known DLLs (Whitelisted) ===================================== Bamital & volsnap Check ============C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit========================= Memory info ======================Percentage of memory in use: 14%Total physical RAM: 4094.49 MBAvailable physical RAM: 3515.63 MBTotal Pagefile: 4092.64 MBAvailable Pagefile: 3498.47 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.9 MB======================= Partitions =========================1 Drive c: () (Fixed) (Total:139.73 GB) (Free:18.69 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]2 Drive d: ( ) (Fixed) (Total:931.51 GB) (Free:623.99 GB) NTFS3 Drive e: (empire_disc2) (CDROM) (Total:4.14 GB) (Free:0 GB) CDFS4 Drive f: (LEXAR) (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT325 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 139 GB 8 MB Disk 1 Online 931 GB 0 B Disk 2 Online 495 MB 0 B Partitions of Disk 0:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 139 GB 31 KB======================================================================================================Disk: 0Partition 1Type : 07Hidden: NoActive: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 1 C NTFS Partition 139 GB Healthy ======================================================================================================Partitions of Disk 1:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 931 GB 1024 KB======================================================================================================Disk: 1Partition 1Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 2 D NTFS Partition 931 GB Healthy ======================================================================================================Partitions of Disk 2:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 495 MB 16 KB======================================================================================================Disk: 2Partition 1Type : 0BHidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 3 F LEXAR FAT32 Removable 495 MB Healthy ================================================================================================================================================================Last Boot: 2012-04-18 20:19======================= End Of Log ========================== Link to post Share on other sites More sharing options...
Staff CatByte Posted April 22, 2012 Staff ID:545006 Share Posted April 22, 2012 I'm not seeing any malware in that log at all,I suspect you are having conflicts between all your security programs, you may have leftovers from uninstalls that are causing issues.Please totally uninstall Comodo, Avast and Super Anti Spyware, (you can re-install once all the issues are resolved)are you using the AV componant of Comodo or just the firewall componant?Delete DDS from your desktopI see you have CC Cleaner on boardplease use it to delete all your temp files, then do a defrag (do not use the Registry cleaner componant of CC Cleaner)First open an elevated Command Prompt Go to Start > All Programs > Accessoriesright click on the Command Prompt and choose “Run as administrator” Type the following see how much your hard drive is fragmented (in this example, your C:\ drive):defrag c: -a (be patient, this can take a while)The resulting analysis will tell you a “Percent file fragmentation” and at the bottom, if you need to defragment the drive or not.To fully defragment your C:\ drive type the following:defrag c: -wGive it time to run (it can take a while, best to leave the computer alone) and then you’re done!NEXTRefer to the ComboFix User's Guide Download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Place ComboFix.exe on your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.You can get help on disabling your protection programs hereDouble click on ComboFix.exe & follow the prompts.Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next replyNote: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.---------------------------------------------------------------------------------------------Ensure your AntiVirus and AntiSpyware applications are re-enabled.---------------------------------------------------------------------------------------------NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.Please do not surf while your security programs are uninstalled.(we will re-install them when we are done) Link to post Share on other sites More sharing options...
01vfrrider Posted April 23, 2012 Author ID:545085 Share Posted April 23, 2012 ComboFix 12-04-22.02 - Dad 04/22/2012 19:31:26.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2803 [GMT -4:00]Running from: c:\users\Dad\Desktop\ComboFix.exeSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Dad\AppData\Roaming\Roamingc:\users\Dad\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lstc:\users\Dad\Desktop\Setup.exec:\users\Dad\WINDOWSc:\windows\TEMP\WRusr.dll-161149-1.tmpD:\install.exe..((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 )))))))))))))))))))))))))))))))..2012-04-22 23:36 . 2012-04-22 23:36 -------- d-----w- c:\users\installer\AppData\Local\temp2012-04-22 23:12 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{812F36A1-A4E1-402B-91B7-0FFC79CE9CD8}\mpengine.dll2012-04-16 03:57 . 2012-04-16 03:57 -------- d-----w- C:\2851d1b17679edb6042012-04-16 01:39 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr2012-04-16 01:39 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe2012-04-15 15:00 . 2012-04-15 15:00 -------- d-----w- c:\users\Dad\AppData\Roaming\SUPERAntiSpyware.com2012-04-15 15:00 . 2012-04-22 23:04 -------- d-----w- c:\program files\SUPERAntiSpyware2012-04-14 02:38 . 2012-04-14 02:38 -------- d-----w- c:\users\Dad\AppData\Local\Focus Home Interactive2012-04-14 00:56 . 2012-04-14 00:56 -------- d-----w- c:\programdata\Lavasoft2012-04-14 00:03 . 2012-04-16 01:39 -------- d-----w- c:\programdata\AVAST Software2012-04-14 00:03 . 2012-04-16 01:39 -------- d-----w- c:\program files\AVAST Software2012-04-10 21:07 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys2012-04-10 21:07 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll2012-04-10 21:07 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll2012-04-10 21:07 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll2012-04-10 21:07 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll2012-04-10 21:07 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll2012-04-10 21:07 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-04-04 19:56 . 2010-05-21 17:14 24904 ----a-w- c:\windows\system32\drivers\mbam.sys2012-02-23 14:18 . 2009-12-05 03:48 279656 ------w- c:\windows\system32\MpSigStub.exe2012-02-17 06:38 . 2012-03-14 01:01 1031680 ----a-w- c:\windows\system32\rdpcore.dll2012-02-17 05:34 . 2012-03-14 01:01 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll2012-02-17 04:58 . 2012-03-14 01:01 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-02-17 04:57 . 2012-03-14 01:01 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys2012-02-10 06:36 . 2012-03-14 01:02 1544192 ----a-w- c:\windows\system32\DWrite.dll2012-02-10 05:38 . 2012-03-14 01:02 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll2012-02-03 04:34 . 2012-03-14 01:02 3145728 ----a-w- c:\windows\system32\win32k.sys2012-01-25 06:38 . 2012-03-14 01:01 77312 ----a-w- c:\windows\system32\rdpwsx.dll2012-01-25 06:38 . 2012-03-14 01:01 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll2012-01-25 06:33 . 2012-03-14 01:01 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Steam"="d:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\STK02N 2.3 PNP Monitor.lnk - c:\windows\STK02N\STK02NM.exe [2011-12-6 163840].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"NoDevMgrUpdate"= 0 (0x0)"NoDFSTab"= 0 (0x0)"NoEncryptOnMove"= 0 (0x0)"NoResolveTrack"= 0 (0x0)"NoStartMenuSubFolders"= 0 (0x0).[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoDevMgrUpdate"= 0 (0x0)"NoDFSTab"= 0 (0x0)"NoEncryptOnMove"= 0 (0x0)"NoResolveTrack"= 0 (0x0)"NoStartMenuSubFolders"= 0 (0x0).[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]"DisableLocalMachineRun"= 0 (0x0)"DisableLocalMachineRunOnce"= 0 (0x0)"DisableCurrentUserRun"= 0 (0x0)"DisableCurrentUserRunOnce"= 0 (0x0)"NoFile"= 0 (0x0)"HideClock"= 0 (0x0)"NoDevMgrUpdate"= 0 (0x0)"NoDFSTab"= 0 (0x0)"NoEncryptOnMove"= 0 (0x0)"NoResolveTrack"= 0 (0x0)"NoStartMenuSubFolders"= 0 (0x0).R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-15 133104]R3 cpuz130;cpuz130;c:\users\Dad\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-15 133104]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440]S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]S3 cmudaxp;HTO CLARO Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.Contents of the 'Scheduled Tasks' folder.2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-15 15:21].2012-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-15 15:21].2012-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1388937940-463591034-3759548561-1001Core.job- c:\users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-11 04:00].2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1388937940-463591034-3759548561-1001UA.job- c:\users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-11 04:00]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2009-06-09 8126464]"BbPrintMonitor"="c:\program files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe" [2010-11-30 201376]"BbInstallUser"="d:\program files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe" [2011-08-12 38560].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x1.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www9.eleadcrm.com/evo2/fresh/login.aspmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTrusted Zone: eset.com\wwwTrusted Zone: eset.eu\wwwTCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\muycw2az.default\FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/home.html..------- File Associations -------.inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Toolbar-Locked - (no file)...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-1388937940-463591034-3759548561-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]"??"=hex:0f,40,49,da,f0,a6,f7,a0,cc,75,9c,08,95,48,7b,06,84,9b,ac,9d,a2,8a,0a, 89,e8,aa,7f,f8,d2,f6,1c,25,1b,f1,31,1e,8d,34,16,44,38,67,c8,2c,23,88,d3,9c,\"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f.[HKEY_USERS\S-1-5-21-1388937940-463591034-3759548561-1001\Software\SecuROM\License information*]"datasecu"=hex:3d,bf,bc,bc,43,48,eb,85,d3,e7,41,f6,fd,d9,fc,fe,7c,e7,82,12,64, f7,d3,55,1f,96,93,aa,17,78,27,91,0b,58,78,47,8d,33,02,32,6c,52,80,67,fd,41,\"rkeysecu"=hex:fc,c0,7e,17,05,7d,fc,b5,1a,af,54,29,89,3b,60,32.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]@Denied: (A 2) (Everyone)@="IFlashBroker3".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Flip Video\FlipShare\FlipShareService.exec:\windows\SysWOW64\PnkBstrA.exec:\windows\SysWOW64\rundll32.exe.**************************************************************************.Completion time: 2012-04-22 20:07:32 - machine was rebootedComboFix-quarantined-files.txt 2012-04-23 00:07.Pre-Run: 20,677,472,256 bytes freePost-Run: 20,300,832,768 bytes free.- - End Of File - - 9633C65C6C4C4B46835CDD847F0ED216 Link to post Share on other sites More sharing options...
Staff CatByte Posted April 23, 2012 Staff ID:545087 Share Posted April 23, 2012 looking better,please run the followingPlease open your MalwareBytes AntiMalware ProgramClick the Update Tab and search for updatesIf an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish, so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected. <-- very importantWhen disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. NEXTGo here to run an online scanner from ESET.Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activeX control to installClick StartMake sure that the option Remove found threats is unticked and the Scan Archives option is ticked.Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.Click ScanWait for the scan to finishWhen the scan completes, press the LIST OF THREATS FOUND buttonPress EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop Include the contents of this report in your next reply.Press the BACK button.Press Finish NEXTwhen you have completed the scans, please re-install only one antivirus product of your choice (and one firewall if you so choose)if you would like my recommendation please ask Link to post Share on other sites More sharing options...
01vfrrider Posted April 25, 2012 Author ID:545706 Share Posted April 25, 2012 MALWAREBYTESMalwarebytes Anti-Malware 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.04.24.06Windows 7 Service Pack 1 x64 NTFSInternet Explorer 8.0.7601.17514Dad :: DEN [administrator]4/24/2012 6:56:31 PMmbam-log-2012-04-24 (18-56-31).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 231959Time elapsed: 2 minute(s), 3 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)ESETC:\Users\Dad\Downloads\KeyFinderInstaller.exe Win32/OpenCandy applicationThanks for your help up to this point, and I have been using Comodo, but I would welcome your recommendation for an antivirus/firewall Link to post Share on other sites More sharing options...
Staff CatByte Posted April 25, 2012 Staff ID:545709 Share Posted April 25, 2012 Comodo has a good reputation, so if you like it, use it.If you wanted a recommendation for a free antivirus when your subscription to Comodo Expires, then I would recommend Microsoft Security Essentials. Avast and Avira Antivir are very good free products also.For paid products, ESET, Kaspersky and Emisoft make excellent Antivirus products as well. It really comes down to the product that works best with your systems configuration. Unfortunately there isn't an antivirus product that can detect everything, so safe browsing habits are the best defence.But remember to only use one Antivirus and one firewall, you can add an antimalware product as well (MalwareBytes).Please run the following so I can make certain you are clean. How is your computer running now? Are there any outsranding issues?Download OTL to your DesktopDouble click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.Select All UsersUnder the Custom Scan box paste this innetsvcs%SYSTEMDRIVE%\*.exe/md5startexplorer.exewinlogon.exeUserinit.exesvchost.exe/md5stop%systemroot%\*. /rp /sDRIVESCREATERESTOREPOINTClick the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Post both logs Link to post Share on other sites More sharing options...
01vfrrider Posted April 25, 2012 Author ID:545725 Share Posted April 25, 2012 OTL TEXT OTL logfile created on: 4/25/2012 12:15:25 AM - Run 1OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Dad\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 8.0.7601.17514)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy4.00 Gb Total Physical Memory | 2.83 Gb Available Physical Memory | 70.73% Memory free8.00 Gb Paging File | 6.48 Gb Available in Paging File | 81.01% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 139.73 Gb Total Space | 18.51 Gb Free Space | 13.25% Space Free | Partition Type: NTFSDrive D: | 931.51 Gb Total Space | 624.57 Gb Free Space | 67.05% Space Free | Partition Type: NTFSDrive E: | 4.14 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFSComputer Name: DEN | User Name: Dad | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/04/25 00:13:27 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exePRC - [2011/12/13 01:16:49 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exePRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXEPRC - [2011/08/02 15:22:59 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Program Files (x86)\Steam\steam.exePRC - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exePRC - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exePRC - [2007/03/21 19:50:00 | 000,163,840 | ---- | M] (Syntek Ltd.) -- C:\Windows\STK02N\STK02NM.exe========== Modules (No Company Name) ==========MOD - [2012/04/22 19:08:16 | 020,297,512 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\libcef.dllMOD - [2012/04/22 19:08:16 | 001,099,576 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\avcodec-53.dllMOD - [2012/04/22 19:08:16 | 000,907,048 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\chromehtml.dllMOD - [2012/04/22 19:08:16 | 000,190,776 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\avformat-53.dllMOD - [2012/04/22 19:08:16 | 000,123,192 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\avutil-51.dllMOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll========== Win32 Services (SafeList) ==========SRV:64bit: - [2012/03/11 21:13:24 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)SRV:64bit: - [2011/10/25 22:00:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2011/12/13 01:16:49 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)SRV - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)SRV - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)SRV - [2011/04/16 08:04:46 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)SRV - [2006/10/18 20:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)========== Driver Services (SafeList) ==========DRV:64bit: - [2012/03/11 21:13:40 | 000,022,696 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2011/10/25 23:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)DRV:64bit: - [2011/10/25 23:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)DRV:64bit: - [2011/10/25 21:21:58 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2011/06/06 18:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 09:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2010/11/20 09:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/06/09 07:02:47 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)DRV:64bit: - [2010/04/27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)DRV:64bit: - [2010/04/27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)DRV:64bit: - [2010/04/27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)DRV:64bit: - [2010/04/27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)DRV:64bit: - [2009/11/11 16:58:58 | 000,069,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)DRV:64bit: - [2009/09/30 10:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)DRV:64bit: - [2009/08/06 00:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/06/09 09:50:00 | 001,447,424 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)DRV:64bit: - [2008/09/17 15:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)DRV - [2010/01/07 10:53:57 | 000,024,072 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www9.eleadcrm.com/evo2/fresh/login.aspIE - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usIE - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.localIE - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0========== FireFox ==========FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/home.html"FF - prefs.js..network.proxy.ftp: ":0"FF - prefs.js..network.proxy.gopher: ":0"FF - prefs.js..network.proxy.http: ":0"FF - prefs.js..network.proxy.share_proxy_settings: trueFF - prefs.js..network.proxy.socks: ":0"FF - prefs.js..network.proxy.ssl: ":0"FF - user.js - File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not foundFF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll (ESN Social Software AB)FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dad\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dad\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKERFF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustCheckerFF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/13 01:18:25 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/11 20:50:27 | 000,000,000 | ---D | M][2010/06/18 23:16:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Extensions[2010/06/19 12:13:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\muycw2az.default\extensions[2011/12/13 01:18:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2011/11/24 21:13:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}[2011/12/13 01:18:24 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll[2011/10/30 18:54:39 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml[2011/12/13 01:18:24 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml========== Chrome ==========CHR - default_search_provider: Live Search (Enabled)CHR - default_search_provider: search_url = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRCCHR - default_search_provider: suggest_url =CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Users\Dad\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dad\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dad\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dllCHR - plugin: Shockwave Flash (Disabled) = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dllCHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllCHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dllCHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dllCHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dllCHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dllCHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dllCHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dllCHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dllCHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dllCHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dllCHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dllCHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dllCHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dllCHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dllCHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dllCHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dllCHR - Extension: YouTube = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\CHR - Extension: Google Search = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\CHR - Extension: Gmail = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\O1 HOSTS File: ([2012/04/22 20:04:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)O3 - HKLM\..\Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.O3 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.O4:64bit: - HKLM..\Run: [bbInstallUser] D:\Program Files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe (Bluebeam Software, Inc.)O4:64bit: - HKLM..\Run: [bbPrintMonitor] C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe (Bluebeam Software, Inc.)O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)O4 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001..\Run: [steam] D:\Program Files (x86)\Steam\steam.exe (Valve Corporation)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0O7 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O15 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\..Trusted Domains: eset.com ([www] https in Trusted sites)O15 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\..Trusted Domains: eset.eu ([www] https in Trusted sites)O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67AECB70-88D1-4342-9B34-831D7322FCF8}: DhcpNameServer = 192.168.1.1O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - File not foundO29:64bit: - HKLM SecurityProviders - (digest.dll) - File not foundO29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - File not foundO29 - HKLM SecurityProviders - (msapsspc.dll) - File not foundO29 - HKLM SecurityProviders - (digest.dll) - File not foundO29 - HKLM SecurityProviders - (msnsspc.dll) - File not foundO32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O35 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)CREATERESTOREPOINTRestore point Set: OTL Restore Point========== Files/Folders - Created Within 30 Days ==========[2012/04/25 00:13:39 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe[2012/04/24 22:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO[2012/04/24 22:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo[2012/04/24 22:35:33 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO[2012/04/24 22:34:35 | 091,767,744 | ---- | C] (COMODO) -- C:\Users\Dad\Desktop\cispremium_installer.exe[2012/04/24 19:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET[2012/04/23 14:04:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2012/04/22 20:07:34 | 000,000,000 | ---D | C] -- C:\Windows\temp[2012/04/22 19:31:35 | 000,000,000 | ---D | C] -- C:\FRST[2012/04/22 19:30:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2012/04/22 19:30:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2012/04/22 19:30:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2012/04/22 19:30:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT[2012/04/22 19:30:08 | 000,000,000 | ---D | C] -- C:\Qoobox[2012/04/22 19:29:02 | 004,472,002 | R--- | C] (Swearware) -- C:\Users\Dad\Desktop\ComboFix.exe[2012/04/15 23:57:06 | 000,000,000 | ---D | C] -- C:\2851d1b17679edb604[2012/04/15 23:56:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage[2012/04/15 21:39:14 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr[2012/04/15 21:39:13 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe[2012/04/15 11:00:26 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\SUPERAntiSpyware.com[2012/04/15 11:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware[2012/04/13 22:38:40 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\Focus Home Interactive[2012/04/13 20:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft[2012/04/13 20:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis[2012/04/13 20:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software[2012/04/13 20:03:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software[2012/04/11 00:00:53 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ][1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2012/04/25 00:20:04 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2012/04/25 00:14:03 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat[2012/04/25 00:13:27 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe[2012/04/25 00:05:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1388937940-463591034-3759548561-1001UA.job[2012/04/25 00:05:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1388937940-463591034-3759548561-1001Core.job[2012/04/24 23:03:16 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012/04/24 23:03:16 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012/04/24 23:00:09 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2012/04/24 23:00:09 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2012/04/24 23:00:09 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2012/04/24 22:54:30 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2012/04/24 22:54:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/04/24 22:54:05 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys[2012/04/24 22:35:41 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk[2012/04/24 22:34:35 | 091,767,744 | ---- | M] (COMODO) -- C:\Users\Dad\Desktop\cispremium_installer.exe[2012/04/22 20:04:40 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts[2012/04/22 19:29:04 | 004,472,002 | R--- | M] (Swearware) -- C:\Users\Dad\Desktop\ComboFix.exe[2012/04/22 14:52:16 | 000,045,073 | ---- | M] () -- C:\Users\Dad\Desktop\shot.jpg[2012/04/20 00:10:01 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk[2012/04/16 22:06:43 | 000,002,382 | ---- | M] () -- C:\Users\Dad\Desktop\Google Chrome.lnk[2012/04/13 20:06:19 | 000,002,093 | ---- | M] () -- C:\Users\Dad\Desktop\HijackThis.lnk[2012/04/10 20:48:53 | 000,000,787 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ][1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]========== Files Created - No Company Name ==========[2012/04/24 22:35:41 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk[2012/04/22 19:30:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2012/04/22 19:30:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2012/04/22 19:30:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2012/04/22 19:30:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2012/04/22 19:30:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2012/04/22 14:52:16 | 000,045,073 | ---- | C] () -- C:\Users\Dad\Desktop\shot.jpg[2012/04/11 00:00:55 | 000,002,382 | ---- | C] () -- C:\Users\Dad\Desktop\Google Chrome.lnk[2012/04/11 00:00:33 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1388937940-463591034-3759548561-1001UA.job[2012/04/11 00:00:32 | 000,000,848 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1388937940-463591034-3759548561-1001Core.job[2011/10/25 22:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll[2011/10/25 21:38:38 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat[2011/10/25 21:38:38 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat[2011/09/29 12:46:29 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe[2011/09/19 12:20:48 | 000,003,584 | ---- | C] () -- C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat[2011/07/28 17:55:44 | 015,079,936 | R--- | C] () -- C:\Windows\SysWow64\BGP901.dll[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat[2010/11/08 13:31:42 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ealtest.exe[2010/11/06 01:02:18 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\FileOut.cns[2010/11/06 01:02:18 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\FileIn.cns[2010/09/24 10:15:46 | 000,678,912 | R--- | C] () -- C:\Windows\SysWow64\Bluebeam Javascript Library.dll[2010/09/24 10:15:42 | 000,246,272 | R--- | C] () -- C:\Windows\SysWow64\Bluebeam JPX Library.dll[2010/07/21 13:22:30 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat[2010/06/18 23:16:05 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat========== LOP Check ==========[2012/01/17 21:42:54 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\BitTorrent[2012/01/19 19:23:41 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Canon[2010/01/07 09:52:01 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\CheckPoint[2011/01/20 21:13:44 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Command & Conquer 3 Tiberium Wars[2011/09/19 12:20:32 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Flip Video[2009/12/26 00:44:32 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Foxit[2010/01/28 14:52:22 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Foxit Software[2011/10/25 17:39:53 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Origin[2012/01/02 01:13:14 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Quest3D[2011/05/03 22:48:06 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\The Creative Assembly[2011/09/14 16:35:50 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\wargaming.net[2011/09/29 15:28:12 | 000,000,000 | ---D | M] -- C:\Users\installer\AppData\Roaming\Origin[2012/02/05 11:01:16 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT========== Purity Check ==================== Custom Scans ==========< %SYSTEMDRIVE%\*.exe >< MD5 for: EXPLORER.EXE >[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe< MD5 for: SVCHOST.EXE >[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe< MD5 for: USERINIT.EXE >[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe< MD5 for: WINLOGON.EXE >[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe< %systemroot%\*. /rp /s >========== Drive Information ==========Physical Drives---------------Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk mediaInterface type: IDEMedia Type: Fixed hard disk mediaModel: WDC WD1500ADFD-00NLR1 ATA DevicePartitions: 1Status: OKStatus Info: 0Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk mediaInterface type: IDEMedia Type: Fixed hard disk mediaModel: WDC WD1001FALS-00J7B0 ATA DevicePartitions: 1Status: OKStatus Info: 0Partitions---------------DeviceID: Disk #0, Partition #0PartitionType: Installable File SystemBootable: TrueBootPartition: TruePrimaryPartition: TrueSize: 140.00GBStarting Offset: 32256Hidden sectors: 0DeviceID: Disk #1, Partition #0PartitionType: Installable File SystemBootable: FalseBootPartition: FalsePrimaryPartition: TrueSize: 932.00GBStarting Offset: 1048576Hidden sectors: 0========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction[C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction[C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction[C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction[C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction[C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction[C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction[C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction[C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction[C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction[C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction[C:\Windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction[C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction< End of report >EXTRAS TXT OTL Extras logfile created on: 4/25/2012 12:15:25 AM - Run 1OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Dad\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 8.0.7601.17514)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy4.00 Gb Total Physical Memory | 2.83 Gb Available Physical Memory | 70.73% Memory free8.00 Gb Paging File | 6.48 Gb Available in Paging File | 81.01% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 139.73 Gb Total Space | 18.51 Gb Free Space | 13.25% Space Free | Partition Type: NTFSDrive D: | 931.51 Gb Total Space | 624.57 Gb Free Space | 67.05% Space Free | Partition Type: NTFSDrive E: | 4.14 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFSComputer Name: DEN | User Name: Dad | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].url[@ = internetshortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>][HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>][HKEY_USERS\S-1-5-19\SOFTWARE\Classes\<extension>][HKEY_USERS\S-1-5-20\SOFTWARE\Classes\<extension>][HKEY_USERS\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- Reg Error: Key error. File not found========== Shell Spawning ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"FirewallOverride" = 0"AntivirusOverride" = 0"AntiSpywareDisableNotify" = 0"UpdatesDisableNotify" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]"DisableMonitoring" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]"DisableMonitoring" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]"DisableMonitoring" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0========== Firewall Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 0========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]========== HKEY_LOCAL_MACHINE Uninstall List ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)"{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}" = Canon MP830"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148"{4BE9F0B8-FF3D-5CAA-9BF2-CB6F3DF75D3B}" = ccc-utility64"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime"{52FB2985-F3AD-DAA7-7645-4E38A5B96E17}" = AMD Catalyst Install Manager"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{6A9B5F9E-CAF3-2264-9DA0-E374F9A34279}" = AMD Drag and Drop Transcoding"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support"{7AF56904-5FDC-4D67-87FE-C21E6659668D}" = Bluebeam PDF Revu Standard x64 v9.5.0"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud"{D675AFB3-E32E-0935-3C1F-58D5D05A77A6}" = ATI AVIVO64 Codecs"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"{F7513E19-6224-485E-988D-9BF45BE64B53}" = Windows Live Family Safety"{FA54C4B1-98E3-AEFA-7254-C4038DC739AF}" = AMD Media Foundation Decoders"405C837EDDEC53ADABD0D214AEB9094C9D21DB1A" = Windows Driver Package - Superchips, Inc. USB CDM Driver Package (11/12/2009 2.06.00)"6455F36EFE99712B85F18A1CC930511C155814E9" = Windows Driver Package - Superchips, Inc. USB Programmer Drivers (11/12/2009 2.06.00)"CCleaner" = CCleaner"C-Media Oxygen HD Audio Driver" = HT OMEGA CLARO"DCS A-10C_is1" = DCS A-10C"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"WinRAR archiver" = WinRAR 4.01 (64-bit)[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam"{053A7E07-3D44-4CDB-B79C-EE8755BFD7D6}" = Class_50_Content_Update"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding"{1BF4CB15-6055-452A-8487-021AE2D91208}" = Crysis® 2 Demo"{1BF82343-8EE6-8B76-90CF-31059B9D1842}" = CCC Help English"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.6"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B1848}" = Supreme Commander Demo"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 29"{28ACABF5-34E8-45CE-B4B3-47A5FA38E875}" = Superchips Easy Update"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime"{45C8D17D-B5E0-4e93-8370-4329AB16D2A0}" = Battlefield 3™ Open Beta"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace"{566664F6-B34E-41A6-AD1D-4ED22DA334AE}" = Crysis ModSDK"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package"{70C3CC75-9E14-D215-8FAD-5ABEAE3125D9}" = Catalyst Control Center"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{7E4B7FD9-4ECE-4298-A910-3160B7918059}" = CryEngine®2 Sandbox2"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X"{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)"{BF7C1B99-A250-45EF-B186-0C33B7308F95}" = SD40-2_Content_Update"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime"{E42E07F5-5A90-4BA9-B55A-79FCF9EAF9B5}" = STK02N 2.3"{E9A1960E-7756-2299-C700-DC7CA6EDD6E4}" = Catalyst Control Center InstallProxy"{E9D98510-A8B6-E39C-B8BA-BA9A511E040C}" = Catalyst Control Center Graphics Previews Common"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"Battlelog Web Plugins" = Battlelog Web Plugins"BitTorrent" = BitTorrent"Classic PDF Editor_is1" = Classic PDF Editor 12.0"C-Media Oxygen HD Sound" = HT OMEGA CLARO"ComcastHSI" = Comcast High-Speed Internet Install Wizard"ESET Online Scanner" = ESET Online Scanner v3"f1mustang_FSX" = Flight1 Citation Mustang"Fleet Command" = Jane's Fleet Command"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration"FMOD Designer" = FMOD Designer"Foxit Reader" = Foxit Reader"FSFDT FSCopilot" = FSFDT FSCopilot"FSFDT FSInn" = FSFDT FSInn"HijackThis" = HijackThis 2.0.2"InstallShield_{7AF56904-5FDC-4D67-87FE-C21E6659668D}" = Bluebeam PDF Revu Standard x64 v9.5.0"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X"KeyFinder_is1" = Magical Jelly Bean KeyFinder"KMOD Nations at War" = KMOD Nations at War"KMOD NaW ~ Diagnostic Tool" = KMOD NaW ~ Diagnostic Tool"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)"OpenAL" = OpenAL"Origin" = Origin"PunkBusterSvc" = PunkBuster Services"RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X"SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X Service Pack 1"Steam App 10500" = Empire: Total War"Steam App 107400" = ARMA 2: Free"Steam App 1600" = Dangerous Waters"Steam App 201760" = Cities XL 2012"Steam App 204050" = Take on Helicopters Demo"Steam App 21940" = World in Conflict - Demo"Steam App 24600" = Trainz 2009: Railroad Simulator"Steam App 3130" = Men of War: Red Tide"Steam App 34330" = Total War: SHOGUN 2"Steam App 40100" = Supreme Commander 2"Steam App 47890" = The Sims 3"Steam App 48810" = Ship Simulator Extremes Demo"Steam App 61010" = Digital Combat Simulator: A-10C Warthog"Steam App 64000" = Men of War: Assault Squad"Steam App 7830" = Men of War"Steam App 91200" = Anomaly Warzone Earth"Train Simulator 1.0" = Microsoft Train Simulator"v1.1.0" = v1.1.0 of A Proper Empire: Terra Incognita"WinLiveSuite_Wave3" = Windows Live Essentials========== HKEY_USERS Uninstall List ==========[HKEY_USERS\S-1-5-21-1388937940-463591034-3759548561-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Google Chrome" = Google Chrome========== Last 10 Event Log Errors ==========Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!< End of report >The computer seems to be running normal now, I havent tried to run windows update yet, going to do that after I get the all clear. Don't know what caused this, my son was playing a steam game and after he shut it down and I turned it back on was when it got all goofy. He reports nothing unusual happened that he saw. Dunno. Link to post Share on other sites More sharing options...
Staff CatByte Posted April 25, 2012 Staff ID:545989 Share Posted April 25, 2012 Hi,Please do the following:Run OTL.exeCopy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL:OTLO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.O3 - HKU\S-1-5-21-1388937940-463591034-3759548561-1001\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.:Filesipconfig /flushdns /c:Commands[resethosts][purity][emptytemp][Reboot]Then click the Run Fix button at the topLet the program run unhindered, reboot when it is doneThen post the OTL log NEXTYour Java is out of date. Java™ 6 Update 29 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; > follow the prompts.NEXTPlease advise how the computer is running now and if there are any outstanding issues Link to post Share on other sites More sharing options...
01vfrrider Posted April 25, 2012 Author ID:546031 Share Posted April 25, 2012 All processes killed========== OTL ==========Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.Registry value HKEY_USERS\S-1-5-21-1388937940-463591034-3759548561-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.Registry value HKEY_USERS\S-1-5-21-1388937940-463591034-3759548561-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.========== FILES ==========< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Users\Dad\Desktop\cmd.bat deleted successfully.C:\Users\Dad\Desktop\cmd.txt deleted successfully.========== COMMANDS ==========C:\Windows\System32\drivers\etc\Hosts moved successfully.HOSTS file reset successfully[EMPTYTEMP]User: All UsersUser: Dad->Temp folder emptied: 1115506 bytes->Temporary Internet Files folder emptied: 36682969 bytes->Java cache emptied: 25034105 bytes->FireFox cache emptied: 51112774 bytes->Google Chrome cache emptied: 232934865 bytes->Apple Safari cache emptied: 0 bytes->Flash cache emptied: 2407 bytesUser: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 56504 bytesUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytesUser: installer->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 67 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 76312119 bytes->Google Chrome cache emptied: 235450215 bytes->Flash cache emptied: 63750 bytesUser: Owner->Temp folder emptied: 0 bytesUser: Public->Temp folder emptied: 0 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 200704 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 6522 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 96688 bytesRecycleBin emptied: 0 bytesTotal Files Cleaned = 629.00 mbOTL by OldTimer - Version 3.2.42.0 log created on 04252012_181820Files\Folders moved on Reboot...C:\Users\Dad\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.Registry entries deleted on Reboot...Java taken care of also.As far as how its running, ok except on this reboot I did not have internet access for about 10 minutes. My network status indicator in the lower right screenbar showed I had internet access on Network 2, I could not open any pages. And my fresh install of Comodo Internet Security is not working, it says Comodo Application Agent is not running (antivirus off). A self diagnostic scan showed no problems with the install.. Link to post Share on other sites More sharing options...
Staff CatByte Posted April 26, 2012 Staff ID:546056 Share Posted April 26, 2012 looking through the Comodo Forum, that seems to be a common problem with Comodo,try this:1. Run services.msc2. Right click on "COMODO Firewall Pro Helper Service" and choose properties3. Select "logon" tab and enable the service for the hardware profile4. Select the general tab and start the service5. Go to directory "C:\program files\COMODO\Firewall" and run cmdagent.exe6. Close CFP on tray and start it againother users uninstalled, then re-installed again and that seemed to fix the problem, have a look at some of the responses hereDid you regain use of the internet?I suspect that may have had something to do with a setting in Comodo as well.Let me know if Comodo was able to be started Link to post Share on other sites More sharing options...
01vfrrider Posted April 26, 2012 Author ID:546073 Share Posted April 26, 2012 Yes I also noted that this problem seems to be common with other comodo users. I went into the services.msc and when I looked under the general tab it said the service was running. Yet Comodo still reported it not running. Went into directory and tried launching cmdagent.exe, and it blinked for a second, but comodo still reported it not running. Quit Comodo, restarted it and it immediately reported all systems are active and running. Its like comodo was not recognizing cmdagent was running. This happened once before also. I may just go with one of your other recommendations for a AV/Firewall option if this continues. I did regain use of the internet, it just started working, no Idea why it was reporting no network issues yet I could not open webpages. Another odd thing is my Internet Explorer is working again, it has not been working for some time, only the 64Bit Internet Explorer was working. The regular internet explorer would never launch. Now after our work here its working again. So all seems to be in order.A look at windows update shows 14 optional updates, 13 are updates for windows7x64 systems and one is IE9 for Win7x64. Should I run the updates yet? Link to post Share on other sites More sharing options...
Staff CatByte Posted April 26, 2012 Staff ID:546078 Share Posted April 26, 2012 Yes, run the updates now, we are ready to clean up our tools, I am glad to hear everything is working as it should.please do the following:You can delete the FRST, TDSSKiller, DDS and aswMBR logs and programs from your desktop.NEXTFollow these steps to uninstall Combofix Make sure your security programs are totally disabled.Click START then RUNNow copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.NEXTClean up with OTL:Double-click OTL.exe to start the program.Close all other programs apart from OTL as this step will require a rebootOn the OTL main screen, press the CLEANUP buttonSay Yes to the prompt and then allow the program to reboot your computer.If there are any logs/tools remaining on your desktop > right click and delete them.NEXTBelow I have included a number of recommendations for how to protect your computer against malware infections.It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.Keep Windows updated by regularly checking their website at :http://windowsupdate.microsoft.com/This will ensure your computer has always the latest security updates available installed on your computer.Make Internet Explorer more secureClick Start > RunType Inetcpl.cpl & click OKClick on the Security tabClick Reset all zones to default levelMake sure the Internet Zone is selected & Click Custom levelIn the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".Next Click OK, then Apply button and then OK to exit the Internet Properties page.[*]Download TFC to your desktopClose any open windows.Double click the TFC icon to run the programTFC will close all open programs itself in order to run, Click the Start button to begin the process. Allow TFC to run uninterrupted.The program should not take long to finish it's jobOnce its finished it should automatically reboot your machine,if it doesn't, manually reboot to ensure a complete cleanIt's normal after running TFC cleaner that the PC will be slower to boot the first time. [*]WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:Green to go Yellow for caution Red to stop WOT has an addon available for both Firefox and IE[*]Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.[*]ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.[*]In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:PC Safety and Security--What Do I Need?.Thank you for your patience, and performing all of the procedures requested.Please respond one last time so we can consider the thread resolved and close it, thank-you. Link to post Share on other sites More sharing options...
01vfrrider Posted April 26, 2012 Author ID:546109 Share Posted April 26, 2012 just updated windows, and again it took almost 10 minutes to allow internet access. Comodo defense+ alert is giving a bunch of popups again of programs " modifying the protected registry key" and other warnings. Dont know why comodo is going nuts, i've run it for a couple of years without issues. For example "taskeng.exe is trying to execute googleupdate.exe". Another is "trustedinstaller.exe is about to obtain restore privelidge" and also "trustedinstaller.exe is trying to create a new fille or directory in C:windows\logs\cbs\filterlist.log" I dont know if I should ignore these and allow them or is there still something amiss. I'm still getting tons of disk access after startup, and the long delay till full program loading is complete and I can get on the internet. Also getting "trustedinstaller.exe wants to create C:\windows\temp\outofProcReport1998418.txt"No Idea whats different and why this is up. I'm assuming trustedinstaller.exe is a windows file, perhaps this is related to the windows updates I installed? Link to post Share on other sites More sharing options...
01vfrrider Posted April 26, 2012 Author ID:546110 Share Posted April 26, 2012 and comodo wont initialize properly still.Comodo is out, I'm going with another AV/Firewall Link to post Share on other sites More sharing options...
Staff CatByte Posted April 26, 2012 Staff ID:546368 Share Posted April 26, 2012 yes, those programs would have been related to the windows updatesComodo can be difficult to 'train', it may just not be suited to your system.Let me know if switching it for alternate products resolves any outstanding issues and speeds up your connection. Link to post Share on other sites More sharing options...
01vfrrider Posted April 28, 2012 Author ID:546837 Share Posted April 28, 2012 Uninstalled Comodo, installed Microsoft Security Essentials. Not having the fail to connect to internet anymore. Still running over 60 processes, but if thats normal I'll live with it. Followed your instructions from you next to last post, and I think I'm good from here on out. Of course, thank you for your time, I did have a good infection a couple of years ago and a volunteer on one of these forums got me through that mess. I appreciate all of your help. Link to post Share on other sites More sharing options...
Staff CatByte Posted April 28, 2012 Staff ID:546838 Share Posted April 28, 2012 Have a look at this topic hereYou may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve performance. Link to post Share on other sites More sharing options...
01vfrrider Posted April 28, 2012 Author ID:546840 Share Posted April 28, 2012 I used the startup lite, the only one it suggested I change was the SunJava update, which I disabled Link to post Share on other sites More sharing options...
01vfrrider Posted April 28, 2012 Author ID:546842 Share Posted April 28, 2012 It just seems there are probably a lot of processes I dont need to have running, on idle I'm using over 1.6 gigs of memory, cpu usage is not too high, throttles up and down but hovers around 5%. I should go to a ssd so I dont have to listen to my hd's constant disk access, it bugs me. Link to post Share on other sites More sharing options...
Staff CatByte Posted April 28, 2012 Staff ID:546844 Share Posted April 28, 2012 Well, it doesn't appear that there is any malware remaining, I just counted my running processes and there are 52, so I don't think what you have is unusual, but the more programs you can set to start manually, the better. Link to post Share on other sites More sharing options...
Recommended Posts