Solved Suspicious iexplore.exe processes always running

Broni · Sep 9, 2012

Good

Give me fresh RogueKiller log.

Bigtuna00 · Sep 9, 2012

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Parents [Admin rights]
Mode : Scan -- Date : 09/08/2012 22:13:20

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] SansaDispatch.exe -- C:\Users\Parents\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SansaDispatch (C:\Users\Parents\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3689204523-1297797616-1657894789-1004[...]\Run : SansaDispatch (C:\Users\Parents\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND
[TASK][PREVRUN] ProgramDataUpdater : C:\Windows\System32\rundll32.exe -> FOUND
[TASK][PREVRUN] Proxy : C:\Windows\System32\rundll32.exe -> FOUND
[TASK][PREVRUN] SR : C:\Windows\System32\rundll32.exe -> FOUND
[TASK][PREVRUN] IpAddressConflict1 : C:\Windows\System32\rundll32.exe -> FOUND
[TASK][PREVRUN] IpAddressConflict2 : C:\Windows\System32\rundll32.exe -> FOUND
[PROXY FF] yjiglzqp.default\ : -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: INTEL SS DSA2M080G2GC SATA Disk Device +++++
--- User ---
[MBR] 456fd817468c22b3cf57e7bc88b9e186
[BSP] 2fbdb687bdaaf4f2316b5c58c40c5f6c : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 76317 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 239f14c7f822b0c3d4c4352b8acd3e75
[BSP] cd958f910f243ab8c9473bc2dae567af : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 7224 Mo

+++++ PhysicalDrive1: WDC WD40 00KS-00MNB0 SATA Disk Device +++++
--- User ---
[MBR] 4375a6c7cb224ebba4eaed7df1f91626
[BSP] e9542363fd300cb042b8dc73a14e8590 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 381551 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

Broni · Sep 9, 2012

It looks like we still have infected MBR.

I'd like to see fresh FRST log.

However bed time is coming so we'll have to continue tomorrow.
Don't play with that computer too much.

Bigtuna00 · Sep 9, 2012

No problem, I'm leaving my laptop with my parents so they have something to use, I'll shut this one down. Thanks for all your help so far!

Broni · Sep 9, 2012

I'm back.

Bigtuna00 · Sep 9, 2012

Thanks, I'm still at home, should be over at my parents in about an hour, I'll post the FRST log then.

Broni · Sep 9, 2012

Bigtuna00 · Sep 9, 2012

Sorry it took so long, this machine was set up to auto-login and I decided to disable that; for some reason the default value in the user name wasn't the real account name and I didn't notice so I was unable to log in...until I pulled my head out of my ***

Here's the FRST log:

Scan result of Farbar Recovery Scan Tool (x64) Version: 08-09-2012
Ran by SYSTEM at 09-09-2012 13:07:41
Running from D:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12666984 2011-08-09] (Realtek Semiconductor)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [x]
HKLM\...\Run: [IntelliType Pro] "C:\Program Files\Microsoft Device Center\itype.exe" [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft Device Center\ipoint.exe" [2004584 2012-06-26] (Microsoft Corporation)
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-08-12] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124512 2007-05-21] (CANON INC.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [x]
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [x]
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKU\Parents\...\Run: [SansaDispatch] C:\Users\Parents\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [79872 2011-12-25] (SanDisk Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services ====================

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [x]
3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [x]

==================== Drivers =================================

3 61883; C:\Windows\System32\Drivers\61883.sys [60288 2009-07-13] (Microsoft Corporation)
2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)

==================== NetSvcs (Whitelisted) =================

==================== One Month Created Files and Folders ======================

2012-09-08 22:01 - 2012-09-08 22:01 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2012-09-08 21:38 - 2012-09-08 21:38 - 00000000 ____D C:\FRST
2012-09-08 21:13 - 2012-09-08 21:13 - 00002822 ____A C:\Users\Parents\Desktop\RKreport[1].txt
2012-09-08 20:02 - 2012-09-08 20:02 - 00016265 ____A C:\ComboFix.txt
2012-09-08 19:55 - 2012-09-08 20:02 - 00000000 ___AD C:\Qoobox
2012-09-08 19:55 - 2012-09-08 20:00 - 00000000 ____D C:\Windows\erdnt
2012-09-08 19:55 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-08 19:55 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-08 19:55 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-08 19:55 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-08 19:55 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-08 19:55 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-08 19:55 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-08 19:55 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-08 19:48 - 2012-09-08 19:49 - 04747622 ____R (Swearware) C:\Users\Parents\Desktop\ComboFix.exe
2012-09-08 18:38 - 2012-09-08 18:38 - 00000000 ____D C:\Users\Parents\Desktop\tdsskiller
2012-09-08 18:37 - 2012-09-08 18:37 - 02193184 ____A C:\Users\Parents\Desktop\tdsskiller.zip
2012-09-08 18:23 - 2012-09-08 18:24 - 00000000 ____D C:\Users\Parents\Desktop\RK_Quarantine
2012-09-08 18:22 - 2012-09-08 18:22 - 04731392 ____A (AVAST Software) C:\Users\Parents\Desktop\aswMBR.exe
2012-09-08 18:21 - 2012-09-08 18:21 - 01378816 ____A C:\Users\Parents\Desktop\RogueKiller.exe
2012-09-08 16:37 - 2012-09-08 21:13 - 00000000 ____D C:\Users\Parents\Desktop\infection
2012-09-08 16:07 - 2012-09-08 16:07 - 00000000 ____D C:\_OTL
2012-09-08 16:07 - 2012-09-08 15:59 - 00599552 ____A (OldTimer Tools) C:\Users\Parents\Desktop\OTL.exe
2012-09-08 15:15 - 2012-09-09 11:55 - 00000560 ____A C:\Windows\setupact.log
2012-09-08 15:15 - 2012-09-08 20:00 - 00002216 ____A C:\Windows\PFRO.log
2012-09-08 15:15 - 2012-09-08 15:15 - 00000000 ____A C:\Windows\setuperr.log
2012-09-08 14:53 - 2012-09-08 14:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-08 14:53 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-08 14:01 - 2012-09-08 14:01 - 00000000 ____A C:\Users\All Users\6UdiY7.dat
2012-09-08 14:00 - 2012-09-08 14:00 - 00000001 ____A C:\Users\All Users\21guOreO.exe_.b
2012-09-08 14:00 - 2012-09-08 14:00 - 00000001 ____A C:\Users\All Users\21guOreO.exe.b
2012-09-07 21:39 - 2012-09-07 21:39 - 00000000 ____D C:\Users\Parents\AppData\Roaming\DAVA
2012-09-07 21:22 - 2012-09-07 21:22 - 00002042 ____A C:\Users\Public\Desktop\Play Old Clockmaker's Riddle.lnk
2012-09-07 21:22 - 2012-09-07 21:22 - 00001276 ____A C:\Users\Public\Desktop\More Great Games.lnk
2012-09-07 21:22 - 2012-09-07 21:22 - 00000000 ____D C:\Program Files (x86)\Old Clockmaker's Riddle
2012-09-06 19:30 - 2012-09-08 14:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-09-05 08:43 - 2012-09-05 08:43 - 00000000 ____D C:\Users\Parents\AppData\Local\{6277D76C-A3F3-4371-B819-0CFBBC795A0F}
2012-09-04 22:26 - 2012-09-08 18:22 - 00000000 ____A C:\Users\Parents\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
2012-09-04 22:26 - 2012-09-04 22:26 - 00000000 ____D C:\Users\Parents\AppData\Local\{96AE75BE-F722-11E1-8270-B8AC6F996F26}
2012-09-01 10:26 - 2012-09-01 15:14 - 00013276 ____A C:\Users\Parents\Desktop\60's 2.jpeg
2012-09-01 10:24 - 2012-09-01 15:11 - 00013282 ____A C:\Users\Parents\Desktop\60's 1.jpeg
2012-09-01 09:58 - 2012-09-01 09:58 - 00000000 ____D C:\Users\Parents\AppData\Local\{6F4E124B-21FD-4215-B128-E6212F3BE2DF}
2012-08-31 19:52 - 2012-08-31 19:52 - 00000000 ____D C:\Users\Parents\AppData\Roaming\ShaoLin
2012-08-31 16:49 - 2012-09-02 13:23 - 00000000 ____D C:\Users\Parents\AppData\Roaming\CaribbeanHideaway
2012-08-27 17:27 - 2012-08-27 17:27 - 00000000 ____D C:\Users\All Users\CannyGames
2012-08-27 16:59 - 2012-08-27 16:59 - 00001953 ____A C:\Users\Public\Desktop\Play Atlantic Quest.lnk
2012-08-27 16:59 - 2012-08-27 16:59 - 00000000 ____D C:\Program Files (x86)\Atlantic Quest
2012-08-26 04:32 - 2012-08-26 04:32 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-08-26 04:31 - 2012-08-26 04:31 - 00000000 ____D C:\Users\All Users\ATI
2012-08-23 13:19 - 2012-08-23 13:19 - 00000000 ____D C:\Users\Parents\AppData\Local\{42B6636B-3465-4568-89C7-8B2B7F92D4DF}
2012-08-23 12:28 - 2012-08-23 12:28 - 00013124 ____A C:\Users\Parents\Desktop\005.JPG - Shortcut.lnk
2012-08-22 14:55 - 2012-08-22 14:55 - 00000000 ____D C:\Users\Public\Documents\Big Kahuna Reef 3
2012-08-21 19:18 - 2012-08-21 19:18 - 00000000 ____D C:\Users\Parents\AppData\Local\{2B522096-002E-4379-BBDD-1C8C5D3A5799}
2012-08-21 19:15 - 2012-08-21 19:15 - 00001074 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-08-20 14:32 - 2012-08-20 14:32 - 00002002 ____A C:\Users\Public\Desktop\Play Big Kahuna Reef 3.lnk
2012-08-20 14:31 - 2012-08-20 14:32 - 00000000 ____D C:\Program Files (x86)\Big Kahuna Reef 3
2012-08-20 14:28 - 2012-08-20 14:28 - 00000000 ____D C:\Users\Parents\AppData\Roaming\Artifact Quest
2012-08-18 13:45 - 2012-08-18 13:45 - 00000085 ____A C:\Users\Parents\Desktop\San Martin, CA Nursing Homes.url
2012-08-18 11:37 - 2012-08-18 11:37 - 00000000 ____D C:\Windows\en
2012-08-18 11:37 - 2012-08-18 11:37 - 00000000 ____D C:\Users\Parents\AppData\Local\{EE7371FC-F4EF-4852-9E32-27D440AF900E}
2012-08-18 11:37 - 2012-08-18 11:37 - 00000000 ____D C:\Users\Parents\AppData\Local\{BE7FADC2-89CA-4336-A3B1-5A3A9B43AE7C}
2012-08-18 11:36 - 2012-08-18 11:36 - 00000000 ____D C:\Users\Parents\AppData\Local\{CB9EF46C-8A48-4085-B37C-26B017D2C546}
2012-08-18 11:35 - 2012-08-18 11:35 - 00000000 ____D C:\Users\Parents\AppData\Local\{EFA18701-33A7-4311-B109-5B224C439ADA}
2012-08-18 11:35 - 2012-08-18 11:35 - 00000000 ____D C:\Users\Parents\AppData\Local\{B6991C87-AE41-4462-B4EF-B0DD83773E8A}
2012-08-18 11:35 - 2012-08-18 11:35 - 00000000 ____D C:\Users\Parents\AppData\Local\{17ED5333-1A5B-49DC-A836-A03AA6CD0618}
2012-08-18 11:34 - 2012-08-18 11:35 - 00000000 ____D C:\Users\Parents\AppData\Local\{11A84E74-0E47-470A-8816-48732B49372E}
2012-08-18 11:34 - 2012-08-18 11:34 - 00000000 ____D C:\Users\Parents\AppData\Local\{AA2C3B66-045C-4119-9930-09496AA9B695}
2012-08-18 11:34 - 2012-08-18 11:34 - 00000000 ____D C:\Users\Parents\AppData\Local\{8AE029B5-CCC1-4649-889A-7DAF29418C1E}
2012-08-18 11:34 - 2012-08-18 11:34 - 00000000 ____D C:\Users\Parents\AppData\Local\{494BB960-23BE-43CE-80DA-8E64B5789247}
2012-08-18 11:34 - 2012-08-18 11:34 - 00000000 ____D C:\Users\Parents\AppData\Local\{06030E84-444A-449D-8B81-E1D4CB86746F}
2012-08-18 11:33 - 2012-08-18 11:34 - 00000000 ____D C:\Users\Parents\AppData\Local\{F210D26C-DC86-46CC-869C-4C88DF96D090}
2012-08-18 11:33 - 2012-08-18 11:33 - 00000000 ____D C:\Users\Parents\AppData\Local\{C5D2AB25-32C6-47C8-8297-E0045A772B71}
2012-08-18 07:03 - 2012-08-18 07:03 - 00000000 ____D C:\Program Files\Microsoft Device Center
2012-08-18 06:51 - 2012-08-18 06:51 - 00000000 ____D C:\Users\Parents\AppData\Local\{91A6CC58-18B8-42C4-9949-80D0853909E3}
2012-08-18 06:51 - 2012-08-18 06:51 - 00000000 ____D C:\Users\Parents\AppData\Local\{4E9F5533-1311-4C21-84A9-3C91581E4B52}
2012-08-18 06:47 - 2012-08-18 06:47 - 00000000 ____D C:\Users\Parents\AppData\Local\{D9366DE5-0E6D-47FE-8C51-FE0C33A176B5}
2012-08-18 06:47 - 2012-08-18 06:47 - 00000000 ____D C:\Users\Parents\AppData\Local\{4C08CAE8-1352-4FF1-AA64-E61928FB5BA0}
2012-08-18 05:53 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-18 05:53 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-18 05:53 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-18 05:53 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-18 05:53 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-18 05:53 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-18 05:53 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-18 05:53 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-18 05:53 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-18 05:53 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-18 05:53 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-18 05:53 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-18 05:53 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-18 05:53 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-18 05:53 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-18 05:53 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-18 05:53 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-18 05:53 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-18 05:53 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-18 05:53 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-18 05:53 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-18 05:53 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-18 05:53 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-18 05:53 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-18 05:53 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-18 05:53 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-18 05:53 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-18 05:53 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-18 05:39 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-18 05:39 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-18 05:39 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-18 05:39 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-18 05:39 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-18 05:39 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-08-18 05:39 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-18 05:39 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-18 05:39 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-08-18 05:39 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-18 05:39 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-18 05:39 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-08-18 05:39 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

==================== 3 Months Modified Files ================================

2012-09-09 12:06 - 2011-08-27 15:52 - 01739175 ____A C:\Windows\WindowsUpdate.log
2012-09-09 12:04 - 2012-09-09 12:05 - 01453141 ____A (Farbar) C:\FRST64.exe
2012-09-09 12:02 - 2009-07-13 20:45 - 00022576 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-09 12:02 - 2009-07-13 20:45 - 00022576 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-09 11:59 - 2009-07-13 21:13 - 00729944 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-09 11:56 - 2011-08-28 07:05 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-09 11:55 - 2012-09-08 15:15 - 00000560 ____A C:\Windows\setupact.log
2012-09-09 11:55 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-08 21:19 - 2011-08-28 07:05 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-08 21:13 - 2012-09-08 21:13 - 00002822 ____A C:\Users\Parents\Desktop\RKreport[1].txt
2012-09-08 20:14 - 2009-07-13 21:08 - 00032598 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-08 20:02 - 2012-09-08 20:02 - 00016265 ____A C:\ComboFix.txt
2012-09-08 20:00 - 2012-09-08 15:15 - 00002216 ____A C:\Windows\PFRO.log
2012-09-08 20:00 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-09-08 19:49 - 2012-09-08 19:48 - 04747622 ____R (Swearware) C:\Users\Parents\Desktop\ComboFix.exe
2012-09-08 19:40 - 2012-01-12 21:20 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689204523-1297797616-1657894789-1004UA.job
2012-09-08 19:40 - 2012-01-12 21:20 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689204523-1297797616-1657894789-1004Core.job
2012-09-08 19:27 - 2012-04-02 22:22 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-08 18:37 - 2012-09-08 18:37 - 02193184 ____A C:\Users\Parents\Desktop\tdsskiller.zip
2012-09-08 18:22 - 2012-09-08 18:22 - 04731392 ____A (AVAST Software) C:\Users\Parents\Desktop\aswMBR.exe
2012-09-08 18:22 - 2012-09-04 22:26 - 00000000 ____A C:\Users\Parents\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
2012-09-08 18:21 - 2012-09-08 18:21 - 01378816 ____A C:\Users\Parents\Desktop\RogueKiller.exe
2012-09-08 15:59 - 2012-09-08 16:07 - 00599552 ____A (OldTimer Tools) C:\Users\Parents\Desktop\OTL.exe
2012-09-08 15:15 - 2012-09-08 15:15 - 00000000 ____A C:\Windows\setuperr.log
2012-09-08 15:15 - 2012-02-26 12:51 - 00688128 __ASH C:\Users\Parents\Desktop\Thumbs.db
2012-09-08 14:01 - 2012-09-08 14:01 - 00000000 ____A C:\Users\All Users\6UdiY7.dat
2012-09-08 14:00 - 2012-09-08 14:00 - 00000001 ____A C:\Users\All Users\21guOreO.exe_.b
2012-09-08 14:00 - 2012-09-08 14:00 - 00000001 ____A C:\Users\All Users\21guOreO.exe.b
2012-09-07 21:22 - 2012-09-07 21:22 - 00002042 ____A C:\Users\Public\Desktop\Play Old Clockmaker's Riddle.lnk
2012-09-07 21:22 - 2012-09-07 21:22 - 00001276 ____A C:\Users\Public\Desktop\More Great Games.lnk
2012-09-07 21:22 - 2011-10-11 21:36 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-09-07 21:22 - 2011-10-11 21:36 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-09-07 21:22 - 2011-10-11 21:36 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-09-07 21:22 - 2011-10-11 21:36 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-09-04 14:20 - 2011-08-28 07:06 - 00002348 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-09-01 15:14 - 2012-09-01 10:26 - 00013276 ____A C:\Users\Parents\Desktop\60's 2.jpeg
2012-09-01 15:11 - 2012-09-01 10:24 - 00013282 ____A C:\Users\Parents\Desktop\60's 1.jpeg
2012-08-28 05:05 - 2012-04-02 22:22 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-28 05:05 - 2011-08-28 07:06 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-27 16:59 - 2012-08-27 16:59 - 00001953 ____A C:\Users\Public\Desktop\Play Atlantic Quest.lnk
2012-08-23 12:28 - 2012-08-23 12:28 - 00013124 ____A C:\Users\Parents\Desktop\005.JPG - Shortcut.lnk
2012-08-21 19:15 - 2012-08-21 19:15 - 00001074 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-08-21 19:12 - 2011-10-24 18:36 - 00011776 ____A C:\Users\Parents\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-20 14:32 - 2012-08-20 14:32 - 00002002 ____A C:\Users\Public\Desktop\Play Big Kahuna Reef 3.lnk
2012-08-18 13:45 - 2012-08-18 13:45 - 00000085 ____A C:\Users\Parents\Desktop\San Martin, CA Nursing Homes.url
2012-08-18 06:53 - 2009-07-13 20:45 - 04911752 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-18 05:39 - 2011-08-27 17:52 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-13 19:00 - 2011-08-28 13:44 - 00007623 ____A C:\Users\Parents\AppData\Local\Resmon.ResmonCfg
2012-07-27 21:47 - 2012-07-27 21:47 - 00187392 ____A C:\Windows\System32\clinfo.exe
2012-07-27 21:47 - 2012-07-27 21:47 - 00075776 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-07-27 21:47 - 2012-07-27 21:47 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-07-27 21:47 - 2012-07-27 21:47 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-07-27 21:47 - 2012-07-27 21:47 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-07-27 21:46 - 2012-07-27 21:46 - 16464896 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-07-27 21:46 - 2012-07-27 21:46 - 13013504 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-07-21 11:02 - 2012-07-21 11:02 - 00001017 ____A C:\Users\Parents\Desktop\MusicBee.lnk
2012-07-18 10:15 - 2012-08-18 05:39 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-04 14:16 - 2012-08-18 05:39 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-18 05:39 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-18 05:39 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-18 05:39 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-18 05:39 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-03 12:46 - 2012-09-08 14:53 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-28 20:55 - 2012-08-18 05:53 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-08-18 05:53 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-08-18 05:53 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-08-18 05:53 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-08-18 05:53 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-08-18 05:53 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-08-18 05:53 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-08-18 05:53 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-08-18 05:53 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-08-18 05:53 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-08-18 05:53 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-08-18 05:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-08-18 05:53 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-08-18 05:53 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-08-18 05:53 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-08-18 05:53 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-08-18 05:53 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-08-18 05:53 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-08-18 05:53 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-08-18 05:53 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-08-18 05:53 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-08-18 05:53 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-08-18 05:53 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-08-18 05:53 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-08-18 05:53 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-08-18 05:53 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-08-18 05:53 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-08-18 05:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-28 09:16 - 2011-08-28 13:27 - 00025600 __ASH C:\Users\Parents\Thumbs.db
2012-06-26 20:38 - 2012-06-26 20:38 - 00046176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\point64.sys
2012-06-24 21:24 - 2012-06-24 21:24 - 00052320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dc3d.sys
2012-06-22 05:05 - 2012-06-22 05:05 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b05.log
2012-06-21 19:47 - 2012-06-21 19:47 - 00001991 ____A C:\Users\Public\Desktop\Play Call of Atlantis.lnk
2012-06-17 11:51 - 2011-08-27 19:25 - 00063088 ____A C:\Users\Parents\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-16 11:20 - 2012-06-16 11:20 - 00001487 ____A C:\Users\Parents\Desktop\Velzylogo.jpg - Shortcut.lnk
2012-06-12 07:41 - 2012-06-12 07:41 - 00001787 ____A C:\Users\Public\Desktop\iTunes.lnk

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-28 23:57:43
Restore point made on: 2012-09-02 05:12:03
Restore point made on: 2012-09-06 04:22:19
Restore point made on: 2012-09-08 14:47:06
Restore point made on: 2012-09-08 14:48:41
Restore point made on: 2012-09-08 14:48:52
Restore point made on: 2012-09-08 14:52:05
Restore point made on: 2012-09-08 15:57:46
Restore point made on: 2012-09-08 15:58:04
Restore point made on: 2012-09-08 16:00:48

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 7933.49 MB
Available physical RAM: 7193.95 MB
Total Pagefile: 7931.64 MB
Available Pagefile: 7184.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions ============================

1 Drive c: (Win7) (Fixed) (Total:74.53 GB) (Free:37.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Data) (Fixed) (Total:372.61 GB) (Free:278.85 GB) NTFS
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 74 GB 0 B
Disk 1 Online 372 GB 1024 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 74 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Win7 NTFS Partition 74 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 372 GB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Data NTFS Partition 372 GB Healthy

==================================================================================

Last Boot: 2012-09-06 05:56

==================== End Of Log =============================

Broni · Sep 9, 2012

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally and post new RogueKiller log.

Bigtuna00 · Sep 9, 2012

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-09-2012
Ran by SYSTEM at 2012-09-09 14:40:25 Run:2
Running from F:\

==============================================

========= bootrec /FixMbr =========

ÿþT h e o p e r a t I o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========

==== End of Fixlog ====

Bigtuna00 · Sep 9, 2012

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Parents [Admin rights]
Mode : Scan -- Date : 09/09/2012 14:45:38

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] SansaDispatch.exe -- C:\Users\Parents\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SansaDispatch (C:\Users\Parents\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3689204523-1297797616-1657894789-1004[...]\Run : SansaDispatch (C:\Users\Parents\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND
[TASK][PREVRUN] ProgramDataUpdater : C:\Windows\System32\rundll32.exe -> FOUND
[TASK][PREVRUN] Proxy : C:\Windows\System32\rundll32.exe -> FOUND
[TASK][PREVRUN] SR : C:\Windows\System32\rundll32.exe -> FOUND
[TASK][PREVRUN] IpAddressConflict1 : C:\Windows\System32\rundll32.exe -> FOUND
[TASK][PREVRUN] IpAddressConflict2 : C:\Windows\System32\rundll32.exe -> FOUND
[PROXY FF] yjiglzqp.default\ : -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: INTEL SS DSA2M080G2GC SATA Disk Device +++++
--- User ---
[MBR] 456fd817468c22b3cf57e7bc88b9e186
[BSP] 2fbdb687bdaaf4f2316b5c58c40c5f6c : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 76317 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 239f14c7f822b0c3d4c4352b8acd3e75
[BSP] cd958f910f243ab8c9473bc2dae567af : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 7224 Mo

+++++ PhysicalDrive1: WDC WD40 00KS-00MNB0 SATA Disk Device +++++
--- User ---
[MBR] 4375a6c7cb224ebba4eaed7df1f91626
[BSP] e9542363fd300cb042b8dc73a14e8590 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 381551 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: SanDisk Cruzer Fit USB Device +++++
--- User ---
[MBR] a124dc1f32b91ceacb765c7a5ad6ec2e
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 32 | Size: 15266 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

Broni · Sep 9, 2012

Create new restore point manually and re-run Combofix.
If you lose internet connection afterwards restart computer.
If that doesn't help use just created restore point.

Bigtuna00 · Sep 9, 2012

Running now. FYI it said there was a newer version of ComboFix available when I launched it. I did not not update it.

Bigtuna00 · Sep 9, 2012

Done; I did have to do the System Restore to get networking back (as well as being able to launch Notepad++ and Chrome):

ComboFix 12-09-09.01 - Parents 09/09/2012 14:57:49.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7933.6626 [GMT -7:00]
Running from: c:\users\Parents\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-09 to 2012-09-09 )))))))))))))))))))))))))))))))
.
.
2012-09-09 22:01 . 2012-09-09 22:01--------d-----w-c:\users\Default\AppData\Local\temp
2012-09-09 22:01 . 2012-09-09 22:01--------d-----w-c:\users\Administrator\AppData\Local\temp
2012-09-09 22:01 . 2012-09-09 22:01--------d-----w-c:\users\2cruzers\AppData\Local\temp
2012-09-09 20:27 . 2012-08-23 08:269310152----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC51D850-D0C8-4380-B03E-AABA11076B2F}\mpengine.dll
2012-09-09 05:38 . 2012-09-09 05:38--------d-----w-C:\FRST
2012-09-09 05:06 . 2012-08-23 08:269310152----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-09 00:07 . 2012-09-09 00:07--------d-----w-C:\_OTL
2012-09-08 22:53 . 2012-09-08 22:54--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-08 22:53 . 2012-07-03 20:4624904----a-w-c:\windows\system32\drivers\mbam.sys
2012-09-08 05:39 . 2012-09-08 05:39--------d-----w-c:\users\Parents\AppData\Roaming\DAVA
2012-09-08 05:22 . 2012-09-08 05:22--------d-----w-c:\program files (x86)\Old Clockmaker's Riddle
2012-09-05 06:26 . 2012-09-05 06:26--------d-----w-c:\users\Parents\AppData\Local\{96AE75BE-F722-11E1-8270-B8AC6F996F26}
2012-09-01 03:52 . 2012-09-01 03:52--------d-----w-c:\users\Parents\AppData\Roaming\ShaoLin
2012-09-01 00:49 . 2012-09-02 21:23--------d-----w-c:\users\Parents\AppData\Roaming\CaribbeanHideaway
2012-08-31 15:42 . 2012-08-31 15:424278384----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-08-31 15:42 . 2012-08-31 15:4242776----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-08-28 01:27 . 2012-08-28 01:27--------d-----w-c:\programdata\CannyGames
2012-08-28 00:59 . 2012-08-28 00:59--------d-----w-c:\program files (x86)\Atlantic Quest
2012-08-26 12:32 . 2012-08-26 12:32--------d-----w-c:\program files (x86)\AMD APP
2012-08-26 12:31 . 2012-08-26 12:31--------d-----w-c:\programdata\ATI
2012-08-20 22:31 . 2012-08-20 22:32--------d-----w-c:\program files (x86)\Big Kahuna Reef 3
2012-08-20 22:28 . 2012-08-20 22:28--------d-----w-c:\users\Parents\AppData\Roaming\Artifact Quest
2012-08-18 19:37 . 2012-08-18 19:37--------d-----w-c:\windows\en
2012-08-18 19:35 . 2012-08-18 19:35537432----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\a5792bed1cd7d7802\DXSETUP.exe
2012-08-18 19:35 . 2012-08-18 19:351801048----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\a5792bed1cd7d7802\dsetup32.dll
2012-08-18 19:35 . 2012-08-18 19:3589944----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\a5792bed1cd7d7802\DSETUP.dll
2012-08-18 15:03 . 2012-08-18 15:03--------d-----w-c:\program files\Microsoft Device Center
2012-08-18 13:39 . 2012-05-05 08:36503808----a-w-c:\windows\system32\srcore.dll
2012-08-18 13:39 . 2012-05-05 07:4643008----a-w-c:\windows\SysWow64\srclient.dll
2012-08-18 13:39 . 2012-02-11 06:43751104----a-w-c:\windows\system32\win32spl.dll
2012-08-18 13:39 . 2012-02-11 06:36559104----a-w-c:\windows\system32\spoolsv.exe
2012-08-18 13:39 . 2012-07-04 22:1673216----a-w-c:\windows\system32\netapi32.dll
2012-08-18 13:39 . 2012-07-04 22:1359392----a-w-c:\windows\system32\browcli.dll
2012-08-18 13:39 . 2012-07-04 22:13136704----a-w-c:\windows\system32\browser.dll
2012-08-18 13:39 . 2012-07-04 21:1441984----a-w-c:\windows\SysWow64\browcli.dll
2012-08-18 13:39 . 2012-02-11 06:3667072----a-w-c:\windows\splwow64.exe
2012-08-18 13:39 . 2012-02-11 05:43492032----a-w-c:\windows\SysWow64\win32spl.dll
2012-08-18 13:39 . 2012-07-18 18:153148800----a-w-c:\windows\system32\win32k.sys
2012-08-18 13:39 . 2012-05-14 05:26956928----a-w-c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-08 05:22 . 2011-10-12 05:36466456----a-w-c:\windows\system32\wrap_oal.dll
2012-09-08 05:22 . 2011-10-12 05:36444952----a-w-c:\windows\SysWow64\wrap_oal.dll
2012-09-08 05:22 . 2011-10-12 05:36122904----a-w-c:\windows\system32\OpenAL32.dll
2012-09-08 05:22 . 2011-10-12 05:36109080----a-w-c:\windows\SysWow64\OpenAL32.dll
2012-08-28 13:05 . 2012-04-03 06:22696520----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-28 13:05 . 2011-08-28 15:0673416----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-18 13:39 . 2011-08-28 01:5262134624----a-w-c:\windows\system32\MRT.exe
2012-07-28 05:47 . 2012-07-28 05:47187392----a-w-c:\windows\system32\clinfo.exe
2012-07-28 05:47 . 2012-07-28 05:4775776----a-w-c:\windows\system32\OpenVideo64.dll
2012-07-28 05:47 . 2012-07-28 05:4765024----a-w-c:\windows\SysWow64\OpenVideo.dll
2012-07-28 05:47 . 2012-07-28 05:4763488----a-w-c:\windows\system32\OVDecode64.dll
2012-07-28 05:47 . 2012-07-28 05:4756320----a-w-c:\windows\SysWow64\OVDecode.dll
2012-07-28 05:46 . 2012-07-28 05:4616464896----a-w-c:\windows\system32\amdocl64.dll
2012-07-28 05:46 . 2012-07-28 05:4613013504----a-w-c:\windows\SysWow64\amdocl.dll
2012-06-27 04:38 . 2012-06-27 04:3846176----a-w-c:\windows\system32\drivers\point64.sys
2012-06-25 05:24 . 2012-06-25 05:2452320----a-w-c:\windows\system32\drivers\dc3d.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\users\Parents\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-12-26 79872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 250568]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-28 1255736]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-16 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-16 40064]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 13:05]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 15:05]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 15:05]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689204523-1297797616-1657894789-1004Core.job
- c:\users\Parents\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-13 22:59]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689204523-1297797616-1657894789-1004UA.job
- c:\users\Parents\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-13 22:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-09 12666984]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Adobe ARM - c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
Wow6432Node-HKLM-Run-AdobeCS6ServiceManager - c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
HKLM-Run-AdobeAAMUpdater-1.0 - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
AddRemove-DVD Decrypter - c:\program files (x86)\DVD Decrypter\uninstall.exe
AddRemove-DVD Shrink_is1 - c:\program files (x86)\DVD Shrink\unins000.exe
AddRemove-Mozilla Firefox 15.0 (x86 en-US) - c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe
AddRemove-MozillaMaintenanceService - c:\program files (x86)\Mozilla Maintenance Service\uninstall.exe
AddRemove-{4869414E-7AEA-4C8E-BE1C-8D40977FD517} - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-09 15:03:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-09 22:03
ComboFix2.txt 2012-09-09 04:02
.
Pre-Run: 42,465,517,568 bytes free
Post-Run: 42,054,950,912 bytes free
.
- - End Of File - - 40DAD47A7A327FB3DE245F24F968A799

Broni · Sep 9, 2012

That's fine because Combofix log is clean anyway.

Any current issues?

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Bigtuna00 · Sep 9, 2012

OTL.txt part 1:

OTL logfile created on: 9/9/2012 4:20:38 PM - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Parents\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 6.53 Gb Available Physical Memory | 84.28% Memory free
15.49 Gb Paging File | 14.07 Gb Available in Paging File | 90.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.53 Gb Total Space | 39.26 Gb Free Space | 52.68% Space Free | Partition Type: NTFS
Drive E: | 372.61 Gb Total Space | 278.85 Gb Free Space | 74.84% Space Free | Partition Type: NTFS
Drive F: | 14.90 Gb Total Space | 14.75 Gb Free Space | 98.96% Space Free | Partition Type: FAT32

Computer Name: PARENTS-PC | User Name: Parents | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/09 16:19:29 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Parents\Desktop\OTL.exe
PRC - [2012/01/17 23:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/12/25 23:21:52 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\Parents\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2011/08/12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/08/12 12:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/03/22 23:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2007/05/21 08:37:00 | 000,124,512 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

========== Modules (No Company Name) ==========

MOD - [2011/08/22 15:47:44 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/08/12 12:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/22 23:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2011/03/01 23:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/03/01 23:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/03/01 23:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/03/01 23:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/03/01 23:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/08/06 12:24:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/04/05 19:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/28 06:05:55 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/17 23:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/26 21:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/06/24 22:24:48 | 000,052,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/04/05 22:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/04/05 22:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 18:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/17 23:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/17 23:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/07/06 03:12:50 | 000,367,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2011/06/16 12:08:26 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/06/16 12:08:24 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/12/15 20:06:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/06/17 02:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 17:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 17:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 17:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/27 18:03:42 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/04/27 18:03:42 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsearch.com/jsp/cfg_...html&st=sb&searchfor={searchTerms}&n=77ce8215
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2737658

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local

IE - HKU\S-1-5-21-3689204523-1297797616-1657894789-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3689204523-1297797616-1657894789-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3689204523-1297797616-1657894789-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3689204523-1297797616-1657894789-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3689204523-1297797616-1657894789-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3689204523-1297797616-1657894789-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledAddons: {96AE75BE-F722-11E1-8270-B8AC6F996F26}:2.0.14
FF - prefs.js..extensions.enabledItems: fsonlinescanner@f-secure.com:1.01
FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://search.avg.com/?d=4e32b82c&I=23&tp=ab&nt=1&q="
FF - prefs.js..network.proxy.type: 1

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Parents\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Parents\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Parents\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Parents\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 15:51:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/08 15:47:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{96AE75BE-F722-11E1-8270-B8AC6F996F26}: C:\Users\Parents\AppData\Local\{96AE75BE-F722-11E1-8270-B8AC6F996F26}\ [2012/09/04 23:26:20 | 000,000,000 | ---D | M]

[2011/08/28 14:27:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Parents\AppData\Roaming\Mozilla\Extensions
[2012/09/08 15:50:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Parents\AppData\Roaming\Mozilla\Firefox\Profiles\yjiglzqp.default\extensions
[2008/09/06 09:22:32 | 000,002,286 | ---- | M] () -- C:\Users\Parents\AppData\Roaming\Mozilla\Firefox\Profiles\yjiglzqp.default\searchplugins\google.xml
[2008/09/05 15:35:55 | 000,000,273 | ---- | M] () -- C:\Users\Parents\AppData\Roaming\Mozilla\Firefox\Profiles\yjiglzqp.default\searchplugins\search.xml
[2008/09/06 09:22:55 | 000,002,137 | ---- | M] () -- C:\Users\Parents\AppData\Roaming\Mozilla\Firefox\Profiles\yjiglzqp.default\searchplugins\yahoo-search.xml
[2012/09/08 15:52:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/04 23:26:20 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\PARENTS\APPDATA\LOCAL\{96AE75BE-F722-11E1-8270-B8AC6F996F26}

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Parents\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Chrome Toolbox Plugin (Enabled) = C:\Users\Parents\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjccknnhdnkbanjilpjddjhmkghmachn\1.0.30_0\plugin/convenience.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Parents\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Parents\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - Extension: YouTube = C:\Users\Parents\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: AdBlock+ = C:\Users\Parents\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmimgmjdabgiilljdjfbonifbhiglao\1.1.9.18_0\
CHR - Extension: Google Search = C:\Users\Parents\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Chrome Toolbox (by Google) = C:\Users\Parents\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjccknnhdnkbanjilpjddjhmkghmachn\1.0.32_0\
CHR - Extension: Gmail = C:\Users\Parents\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/08 21:00:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" File not found
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" File not found
O4 - HKU\S-1-5-21-3689204523-1297797616-1657894789-1004..\Run: [SansaDispatch] C:\Users\Parents\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3689204523-1297797616-1657894789-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3689204523-1297797616-1657894789-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CA72E32-AD9E-4D05-88E8-9878FB8873C2}: DhcpNameServer = 10.64.0.11 207.135.64.66 207.135.127.66 10.2.2.7 10.2.2.17 10.2.2.77 10.96.0.104
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC25EEA4-DE6A-4DC6-95C3-3BEF84B2B9B9}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/04 18:13:52 | 000,000,110 | -H-- | M] () - F:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/09 15:03:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/09 13:05:44 | 001,453,141 | ---- | C] (Farbar) -- C:\FRST64.exe
[2012/09/08 22:38:06 | 000,000,000 | ---D | C] -- C:\FRST
[2012/09/08 21:00:22 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/09/08 20:55:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/08 20:55:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/08 20:55:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/08 20:55:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/08 20:55:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/08 20:48:54 | 004,747,622 | R--- | C] (Swearware) -- C:\Users\Parents\Desktop\ComboFix.exe
[2012/09/08 19:38:41 | 000,000,000 | ---D | C] -- C:\Users\Parents\Desktop\tdsskiller
[2012/09/08 19:23:26 | 000,000,000 | ---D | C] -- C:\Users\Parents\Desktop\RK_Quarantine
[2012/09/08 19:22:18 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Parents\Desktop\aswMBR.exe
[2012/09/08 17:37:15 | 000,000,000 | ---D | C] -- C:\Users\Parents\Desktop\infection
[2012/09/08 17:07:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/08 17:07:02 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Parents\Desktop\OTL.exe
[2012/09/08 15:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/08 15:53:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/08 15:53:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/07 22:39:41 | 000,000,000 | ---D | C] -- C:\Users\Parents\AppData\Roaming\DAVA
[2012/09/07 22:38:18 | 000,000,000 | ---D | C] -- E:\Share\Profile\Documents\DAVAProject
[2012/09/07 22:22:09 | 000,000,000 | ---D | C] -- C:\Users\Parents\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Old Clockmaker's Riddle
[2012/09/07 22:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Old Clockmaker's Riddle
[2012/09/07 22:22:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Old Clockmaker's Riddle
[2012/09/06 20:30:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/05 09:43:35 | 000,000,000 | ---D | C] -- C:\Users\Parents\AppData\Local\{6277D76C-A3F3-4371-B819-0CFBBC795A0F}
[2012/09/04 23:26:20 | 000,000,000 | ---D | C] -- C:\Users\Parents\AppData\Local\{96AE75BE-F722-11E1-8270-B8AC6F996F26}
[2012/09/01 10:58:03 | 000,000,000 | ---D | C] -- C:\Users\Parents\AppData\Local\{6F4E124B-21FD-4215-B128-E6212F3BE2DF}
[2012/08/31 20:52:04 | 000,000,000 | ---D | C] -- C:\Users\Parents\AppData\Roaming\ShaoLin
[2012/08/31 17:49:58 | 000,000,000 | ---D | C] -- C:\Users\Parents\AppData\Roaming\CaribbeanHideaway
[2012/08/27 18:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\CannyGames
[2012/08/27 17:59:06 | 000,000,000 | ---D | C] -- C:\Users\Parents\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Atlantic Quest
[2012/08/27 17:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlantic Quest
[2012/08/27 17:59:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atlantic Quest
[2012/08/26 05:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/08/26 05:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/08/26 05:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/08/23 14:19:31 | 000,000,000 | ---D | C] -- C:\Users\Parents\AppData\Local\{42B6636B-3465-4568-89C7-8B2B7F92D4DF}
[2012/08/22 15:55:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Big Kahuna Reef 3
[2012/08/21 20:18:04 | 000,000,000 | ---D | C] -- C:\Users\Parents\AppData\Local\{2B522096-002E-4379-BBDD-1C8C5D3A5799}
[2012/08/20 15:31:41 | 000,000,000 | ---D | C] -- C:\Users\Parents\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Big Kahuna Reef 3
[2012/08/20 15:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Big Kahuna Reef 3
[2012/08/20 15:31:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Big Kahuna Reef 3
[2012/08/20 15:28:42 | 000,000,000 | ---D | C] -- C:\Users\Parents\AppData\Roaming\Artifact Quest
[2012/08/18 12:37:54 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/08/18 12:37:31 | 000,000,000 | ---D | C] -- C:\Users\Parents\AppData\Local\{BE7FADC2-89CA-4336-A3B1-5A3A9B43AE7C}
[2012/08/18 12:37:27 | 000,000,000 | ---D | C] -- C:\Users\Parents\AppData\Local\{EE7371FC-F4EF-4852-9E32-27D440AF900E}
[2012/08/18 12:36:19 | 000,000,000 | ---D | C] -- C:\Users\Parents\AppData\Local\{CB9EF46C-8A48-4085-B37C-26B017D2C546}
[2012/08/18 12:35:31 | 000,000,000 | ---D | C] -- C:\Users\Parents\AppData\Local\{EFA18701-33A7-4311-B109-5B224C439ADA}
[2012/08/18 12:35:21 | 000,000,000 | ---D | C] -- C:\Users\Parents\AppData\Local\{B6991C87-AE41-4462-B4EF-B0DD83773E8A}
[2012/08/18 12:35:10 | 000,000,000 | ---D | C] -- C:\Users\Parents\AppData\Local\{17ED5333-1A5B-49DC-A836-A03AA6CD0618}
[2012/08/18 12:34:49 | 000,000,000 | ---D | C] -- C:\Users\Parents\AppData\Local\{11A84E74-0E47-470A-8816-48732B49372E}
[2012/08/18 12:34:39 | 000,000,000 | ---D | C] -- C:\Users\Parents\AppData\Local\{494BB960-23BE-43CE-80DA-8E64B5789247}
[2012/08/18 12:34:28 | 000,000,000 | ---D | C] -- C:\Users\Parents\AppData\Local\{AA2C3B66-045C-4119-9930-09496AA9B695}
[2012/08/18 12:34:18 | 000,000,000 | ---D | C] -- C:\Users\Parents\AppData\Local\{06030E84-444A-449D-8B81-E1D4CB86746F}
[2012/08/18 12:34:07 | 000,000,000 | ---D | C] -- C:\Users\Parents\AppData\Local\{8AE029B5-CCC1-4649-889A-7DAF29418C1E}
[2012/08/18 12:33:57 | 000,000,000 | ---D | C] -- C:\Users\Parents\AppData\Local\{F210D26C-DC86-46CC-869C-4C88DF96D090}
[2012/08/18 12:33:36 | 000,000,000 | ---D | C] -- C:\Users\Parents\AppData\Local\{C5D2AB25-32C6-47C8-8297-E0045A772B71}
[2012/08/18 08:03:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2012/08/18 08:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Center
[2012/08/18 07:51:29 | 000,000,000 | ---D | C] -- C:\Users\Parents\AppData\Local\{91A6CC58-18B8-42C4-9949-80D0853909E3}
[2012/08/18 07:51:08 | 000,000,000 | ---D | C] -- C:\Users\Parents\AppData\Local\{4E9F5533-1311-4C21-84A9-3C91581E4B52}
[2012/08/18 07:47:38 | 000,000,000 | ---D | C] -- C:\Users\Parents\AppData\Local\{4C08CAE8-1352-4FF1-AA64-E61928FB5BA0}
[2012/08/18 07:47:19 | 000,000,000 | ---D | C] -- C:\Users\Parents\AppData\Local\{D9366DE5-0E6D-47FE-8C51-FE0C33A176B5}

Bigtuna00 · Sep 9, 2012

OTL.txt part 2:

========== Files - Modified Within 30 Days ==========

[2012/09/09 16:19:29 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Parents\Desktop\OTL.exe
[2012/09/09 16:19:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/09 16:19:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/09 15:40:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3689204523-1297797616-1657894789-1004UA.job
[2012/09/09 15:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/09 15:16:16 | 000,022,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/09 15:16:16 | 000,022,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/09 15:13:21 | 000,729,944 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/09 15:13:21 | 000,626,290 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/09 15:13:21 | 000,107,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/09 15:09:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/09 13:04:39 | 001,453,141 | ---- | M] (Farbar) -- C:\FRST64.exe
[2012/09/08 21:00:22 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/08 20:49:15 | 004,747,622 | R--- | M] (Swearware) -- C:\Users\Parents\Desktop\ComboFix.exe
[2012/09/08 20:40:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3689204523-1297797616-1657894789-1004Core.job
[2012/09/08 19:37:50 | 002,193,184 | ---- | M] () -- C:\Users\Parents\Desktop\tdsskiller.zip
[2012/09/08 19:22:51 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Parents\Desktop\aswMBR.exe
[2012/09/08 19:22:25 | 000,000,000 | ---- | M] () -- C:\Users\Parents\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
[2012/09/08 19:21:30 | 001,378,816 | ---- | M] () -- C:\Users\Parents\Desktop\RogueKiller.exe
[2012/09/08 17:52:58 | 000,014,652 | ---- | M] () -- E:\Share\Profile\Documents\Multi-Monitor ~[1280 x 1024][1280 x 1024].dtr
[2012/09/08 15:01:11 | 000,000,000 | ---- | M] () -- C:\ProgramData\6UdiY7.dat
[2012/09/08 15:00:56 | 000,000,001 | ---- | M] () -- C:\ProgramData\21guOreO.exe_.b
[2012/09/08 15:00:56 | 000,000,001 | ---- | M] () -- C:\ProgramData\21guOreO.exe.b
[2012/09/07 22:22:32 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/09/07 22:22:32 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/09/07 22:22:24 | 000,002,042 | ---- | M] () -- C:\Users\Public\Desktop\Play Old Clockmaker's Riddle.lnk
[2012/09/07 22:22:24 | 000,001,276 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2012/09/04 15:20:52 | 000,002,348 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/09/01 16:14:42 | 000,013,276 | ---- | M] () -- C:\Users\Parents\Desktop\60's 2.jpeg
[2012/09/01 16:11:40 | 000,013,282 | ---- | M] () -- C:\Users\Parents\Desktop\60's 1.jpeg
[2012/08/27 17:59:33 | 000,001,953 | ---- | M] () -- C:\Users\Public\Desktop\Play Atlantic Quest.lnk
[2012/08/23 13:28:57 | 000,013,124 | ---- | M] () -- C:\Users\Parents\Desktop\005.JPG - Shortcut.lnk
[2012/08/21 20:15:40 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/08/21 20:12:04 | 000,011,776 | ---- | M] () -- C:\Users\Parents\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/20 15:32:31 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Play Big Kahuna Reef 3.lnk
[2012/08/18 14:45:09 | 000,000,085 | ---- | M] () -- C:\Users\Parents\Desktop\San Martin, CA Nursing Homes.url
[2012/08/18 07:53:15 | 004,911,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/13 20:00:28 | 000,007,623 | ---- | M] () -- C:\Users\Parents\AppData\Local\Resmon.ResmonCfg

========== Files Created - No Company Name ==========

[2012/09/08 20:55:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/08 20:55:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/08 20:55:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/08 20:55:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/08 20:55:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/08 19:37:43 | 002,193,184 | ---- | C] () -- C:\Users\Parents\Desktop\tdsskiller.zip
[2012/09/08 19:21:28 | 001,378,816 | ---- | C] () -- C:\Users\Parents\Desktop\RogueKiller.exe
[2012/09/08 17:52:58 | 000,014,652 | ---- | C] () -- E:\Share\Profile\Documents\Multi-Monitor ~[1280 x 1024][1280 x 1024].dtr
[2012/09/08 15:01:11 | 000,000,000 | ---- | C] () -- C:\ProgramData\6UdiY7.dat
[2012/09/08 15:00:56 | 000,000,001 | ---- | C] () -- C:\ProgramData\21guOreO.exe_.b
[2012/09/08 15:00:56 | 000,000,001 | ---- | C] () -- C:\ProgramData\21guOreO.exe.b
[2012/09/07 22:22:24 | 000,002,042 | ---- | C] () -- C:\Users\Public\Desktop\Play Old Clockmaker's Riddle.lnk
[2012/09/07 22:22:24 | 000,001,276 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2012/09/04 23:26:20 | 000,000,000 | ---- | C] () -- C:\Users\Parents\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
[2012/09/01 11:26:24 | 000,013,276 | ---- | C] () -- C:\Users\Parents\Desktop\60's 2.jpeg
[2012/09/01 11:24:42 | 000,013,282 | ---- | C] () -- C:\Users\Parents\Desktop\60's 1.jpeg
[2012/08/27 17:59:33 | 000,001,953 | ---- | C] () -- C:\Users\Public\Desktop\Play Atlantic Quest.lnk
[2012/08/23 13:28:57 | 000,013,124 | ---- | C] () -- C:\Users\Parents\Desktop\005.JPG - Shortcut.lnk
[2012/08/21 20:15:40 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/08/20 15:32:31 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Play Big Kahuna Reef 3.lnk
[2012/08/18 14:45:09 | 000,000,085 | ---- | C] () -- C:\Users\Parents\Desktop\San Martin, CA Nursing Homes.url
[2012/06/28 10:14:40 | 000,038,306 | ---- | C] () -- C:\Users\Parents\for linda.jpg
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/02/14 19:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 19:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/17 23:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/17 23:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/17 23:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/11/13 12:49:12 | 000,743,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/10/24 19:36:45 | 000,011,776 | ---- | C] () -- C:\Users\Parents\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/06 20:38:47 | 000,000,391 | ---- | C] () -- C:\Users\Parents\AppData\Roaming\prefsdb.dat
[2011/08/28 14:44:44 | 000,007,623 | ---- | C] () -- C:\Users\Parents\AppData\Local\Resmon.ResmonCfg
[2011/08/28 14:37:03 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/08/27 17:02:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/05/28 08:41:58 | 000,003,268 | ---- | C] () -- C:\Users\Parents\pspbrwse.jbf
[2011/03/21 17:08:45 | 000,322,876 | ---- | C] () -- C:\Users\Parents\Treating Scratches.jpeg
[2010/04/06 22:34:09 | 000,000,343 | ---- | C] () -- C:\Users\Parents\Isidiada.pgs

========== LOP Check ==========

[2012/07/08 15:40:43 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\2monkeys
[2012/03/30 22:03:04 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\4 Friends Games
[2011/09/05 22:38:26 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Aerohills
[2012/05/18 21:09:01 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Alawar Stargaze
[2012/06/04 21:51:21 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\AlawarEntertainment
[2012/03/05 16:12:06 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Amaranth Games
[2011/09/25 17:57:21 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Amazon
[2011/09/13 21:29:28 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Anarchy
[2012/08/20 15:28:49 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Artifact Quest
[2012/06/02 20:50:16 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Artifex Mundi
[2012/05/05 22:50:22 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Artogon
[2012/01/16 23:46:57 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Awem
[2011/08/31 21:45:22 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Az-Art
[2012/04/20 19:22:11 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Big Fish Games
[2012/06/29 21:09:57 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\BlamGames
[2012/01/10 21:54:10 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Blue Tea Games
[2012/08/29 18:24:55 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Boomzap
[2012/04/05 18:22:23 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Canon
[2012/09/02 14:23:52 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\CaribbeanHideaway
[2012/06/17 11:37:19 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/09/07 22:39:41 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\DAVA
[2012/06/03 21:05:34 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Eipix
[2012/04/12 21:50:20 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\EleFun Games
[2012/07/17 22:51:43 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Elephant Games
[2012/03/16 23:07:10 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\EnchantedCavern2
[2011/10/14 21:37:36 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Enki Games
[2012/05/13 20:44:21 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\ERS Game Studios
[2012/04/21 20:59:46 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Fanda Games
[2011/09/26 22:32:44 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\FlyWheelGames
[2012/03/17 22:34:00 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Friday's games
[2012/04/29 17:47:15 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\GameInvest
[2011/10/11 22:40:08 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\GameMill Entertainment
[2011/09/02 19:22:12 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Ghost Ship Studios
[2012/06/30 18:24:36 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Gogii
[2011/11/03 20:18:07 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\ImgBurn
[2012/01/10 20:52:41 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\JaiboGames
[2011/11/03 19:46:31 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\JAM Software
[2012/05/31 22:59:34 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Kutawaves Games
[2012/06/17 15:55:40 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Mad Head Games
[2012/05/18 20:35:29 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\MagicIndie
[2011/12/21 19:35:08 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\MediaArt
[2011/08/28 21:07:51 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Monkey Barrel Games
[2012/02/18 21:19:51 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\MumboJumbo
[2012/07/21 13:06:42 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\MusicBee
[2012/05/02 23:07:55 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\My Games
[2012/09/09 14:30:03 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Notepad++
[2012/05/28 16:25:21 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Orneon
[2012/06/17 12:51:15 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\PDAppFlex
[2011/09/06 20:39:35 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\perfect future studio
[2012/04/13 21:39:31 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\PlayFavoriteGames
[2012/08/06 18:38:16 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\PlayFirst
[2011/12/25 23:21:35 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\SanDisk
[2012/08/31 20:52:15 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\ShaoLin
[2012/07/09 16:30:08 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Skunk Studios
[2012/07/02 22:14:45 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\SMIGames
[2012/06/17 12:51:30 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/10/28 20:24:09 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\SulusGames
[2012/05/08 21:16:23 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\tabagames
[2011/09/07 18:14:19 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Ten Heavens
[2011/10/04 23:38:56 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\TikisLab
[2011/10/09 22:04:16 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\TOMI3
[2012/04/09 23:42:58 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Top Evidence
[2012/05/17 22:59:31 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Vast Studios
[2011/12/18 22:15:53 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\VeniceMysteryData
[2011/12/24 22:08:33 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\Vogat Interactive
[2012/05/19 15:15:57 | 000,000,000 | ---D | M] -- C:\Users\Parents\AppData\Roaming\WDC
[2012/09/08 21:14:04 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:28DB0DC4
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:AFC732F7
@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:639BB5E9
@Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:9C3AAD57
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:ED2D63E4
@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:57B374AB
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:EB4FEEF5
@Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:6D5A15BF
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:160ADF0B
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:FAB64002
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:678C1866
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:007D45CF
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:7C4DF735
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:58481C6F
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:8BE7A048
@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:FC2E567F
@Alternate Data Stream - 196 bytes -> C:\Users\Parents\Desktop\60's 2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Parents\Desktop\60's 1.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:6A9CA6CB
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:A6F30843
@Alternate Data Stream - 152 bytes -> E:\Share\Profile\Documents\Treating Scratches page 2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 152 bytes -> E:\Share\Profile\Documents\Site 5.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 152 bytes -> E:\Share\Profile\Documents\FNEF auto transfer.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 152 bytes -> C:\Users\Parents\Treating Scratches.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 152 bytes -> C:\Users\Parents\Desktop\Doug Fletcher Surfboards.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 152 bytes -> C:\Users\Parents\Desktop\Bohemian2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:B88DC997
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:B6E58523
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:6ED8B881
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:F610C203
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:E8B61305
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:E40AB54F
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:961B84C5
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:6E2D80C8
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:66FC2E6F
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:244E4E3A
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:FFC3922F
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:F56BE392
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:1604D047
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP

6D084A5
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:3D922890
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:6EE8565A
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0BACBDD9
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0696EC8E
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:AABECEFB
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:18B5F839
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:79875988
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:62AF94A0
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:4A8EB1C4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:164561C8
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:F9F58B80
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:F2B81C2E
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:E402E439
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:A819A132
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:97AAB7F2
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:B1786630
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:A76A1B1B
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:C76CFF82
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:F19A4790
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:C946EBB2
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:AA0017FD
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:00D99749
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E8AEB2BF
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A6E01F67
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:5FC043A8
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:1234ADAE
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:E87AB4E3
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP

E875C30
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:87A3A233
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:2A874675
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP

A24A961
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:B4258C5D
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:96372A73
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:29F0CA7D
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FCBEDCFD
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:BE0654D6
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:A4560327
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:874ADA37
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:3C4BD225
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:3487C53E
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2211E7A0
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:98CD9221
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:10CB85CA
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B3A5945E
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:A8185163
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:54403233
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:E6C6EB3B
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:A9223B61
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:65C4D44A
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:31C9BA96
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:FA29CA24
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:94B46CA2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:124B94C0
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP

7D0B4AF
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:884C7316
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:A9562832
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:774C075A
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:59465B40
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:CA23BCFD
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A5948878
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6DD124E2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E6B95E40
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8B4B9596
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5A9F1AE5
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:12258D63
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:EDDBC69E
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8944C195
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:72F57408
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F9283DA1
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C0893153
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:99F8C0E6
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:4DDE401B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C7F08EA3
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C6920A5D
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:48862C37
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:1A5822A3
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:EE69D7DF
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E5496666
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:BD34FFC5
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A4241298
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:905BCB57
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:AD2DB2F9
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP

BEF355E

< End of report >

Bigtuna00 · Sep 9, 2012

OTL Extras logfile created on: 9/9/2012 4:20:38 PM - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Parents\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 6.53 Gb Available Physical Memory | 84.28% Memory free
15.49 Gb Paging File | 14.07 Gb Available in Paging File | 90.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.53 Gb Total Space | 39.26 Gb Free Space | 52.68% Space Free | Partition Type: NTFS
Drive E: | 372.61 Gb Total Space | 278.85 Gb Free Space | 74.84% Space Free | Partition Type: NTFS
Drive F: | 14.90 Gb Total Space | 14.75 Gb Free Space | 98.96% Space Free | Partition Type: FAT32

Computer Name: PARENTS-PC | User Name: Parents | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3689204523-1297797616-1657894789-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MusicBee.1PlayNow] -- "C:\Program Files (x86)\MusicBee\MusicBee.exe" "%1" /Play (Steven Mayall)
Directory [MusicBee.2QueueNext] -- "C:\Program Files (x86)\MusicBee\MusicBee.exe" "%1" /QueueNext (Steven Mayall)
Directory [MusicBee.3QueueLast] -- "C:\Program Files (x86)\MusicBee\MusicBee.exe" "%1" /QueueLast (Steven Mayall)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MusicBee.1PlayNow] -- "C:\Program Files (x86)\MusicBee\MusicBee.exe" "%1" /Play (Steven Mayall)
Directory [MusicBee.2QueueNext] -- "C:\Program Files (x86)\MusicBee\MusicBee.exe" "%1" /QueueNext (Steven Mayall)
Directory [MusicBee.3QueueLast] -- "C:\Program Files (x86)\MusicBee\MusicBee.exe" "%1" /QueueLast (Steven Mayall)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{238E3D36-E780-44EF-93CB-0CC690A1C4B9}" = rport=137 | protocol=17 | dir=out | app=system |
"{244E45FD-147C-40A1-8DCE-0F24527F8015}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{31DC8A05-2F91-480F-B80C-B7BF778690C9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{525F944D-716B-40F2-A679-11186F877CC9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5740A3DE-55C6-4743-A710-2460969402DA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5AB44367-6C20-4D8D-A20D-45ADCEC12A0F}" = lport=137 | protocol=17 | dir=in | app=system |
"{6366E6BE-07D3-453C-9785-3A1DB6C3057E}" = lport=139 | protocol=6 | dir=in | app=system |
"{68CBB1ED-B3D9-4C23-97A1-6F7BC6C1ACB6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{70870F86-A14A-49BF-B429-7C2FACD6A929}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7553EE91-5FBC-46A3-ABC4-910D5470B6D9}" = rport=445 | protocol=6 | dir=out | app=system |
"{88152B4B-07B0-4CD5-97B8-6AA7A007A947}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9C30A45E-4EBC-4D60-9956-CC38BE217E89}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9D6FDA08-8654-4260-BDB2-9E4367E2B8E2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9E7BE204-6964-40A1-89A8-367171B40AE9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A3F968E9-A227-4E01-93BF-CF283E6338F2}" = lport=138 | protocol=17 | dir=in | app=system |
"{A4FF7AE3-931D-48BB-A79E-984D728DE6F2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B67AF93F-8218-4114-9FBB-C58AD9F497B6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C0D1A641-C778-4AF8-8675-82A21AE2649C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C3740F4D-066A-4201-9254-2068577EA115}" = rport=138 | protocol=17 | dir=out | app=system |
"{CBC91DCF-CA2C-480D-AF3B-89B08397D207}" = rport=139 | protocol=6 | dir=out | app=system |
"{CECEC5D9-A4F6-4E74-839F-390C240A5A4D}" = lport=445 | protocol=6 | dir=in | app=system |
"{CF8C0227-7BF7-422E-974F-DEFF46759131}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DF9EC5F6-606C-4CAD-8B6C-D18BBBAA3734}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E8E15F2E-C717-4C11-8344-52BC15B76CCA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FC3F2FF9-65B9-445E-B58D-831145C0F5E5}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C5BF5D5-7063-4F89-B889-B29434E0A6E1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2481CCFE-AD1C-424A-920C-8F97857343BC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2BAA31C4-2C5A-4021-B441-E365C7EDD0CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{310F56BC-0DF6-4BD5-9B1E-839D196D42C5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{33D53C3C-617D-4EF7-9B2D-7ADC069EC81B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{424ED592-33C8-4647-9AB1-6C1E2D5631B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5A6FEB6D-8571-44E8-BC1C-299599552E9D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5F5B82FC-BBE7-4846-9A92-6E01901ADB96}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{613739DA-66AC-415B-8AE2-44548370EFE7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6E0D7CD6-B92B-4627-B369-3D749861BEC9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6E59021D-49F4-44D8-B6BE-80EE8B1FF396}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{72BE90D7-EAE8-4016-9D77-11FCAF8588A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{77C06863-22A4-4E05-AC62-78AD167BBE6E}" = protocol=6 | dir=in | app=c:\users\parents\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{78B8822F-778E-4847-BBDB-D8F2ED2E6D18}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{805C173C-BE05-46DE-B098-F7065347179D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{81B064CE-9C14-4988-B83C-5356083A7AFA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{86631BDB-B6BE-4FA8-A058-C44AF7808C9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{94911501-749A-46C8-AFB6-6C4519DBDD64}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{953E25B5-AE90-4281-8C94-E63900559EAD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A3BE74AE-2D2E-46EC-BA48-397C619F9426}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{AF410439-62B4-4EE6-8AFB-5B3FC3EC108B}" = protocol=6 | dir=out | app=system |
"{B3416DA1-78A1-4E4D-9D5F-14979552A591}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B7DD3738-9488-49B1-8857-74BF81F002E6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D75D4EE9-BD97-4CFE-9D77-47B687C3E3D8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E7003CB9-33EE-4B54-BD46-D462CE383FAA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EC12691F-AFA0-494F-9BDA-1CF302246EE1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F3B95DE0-0BF9-448A-B535-8C329D6ABFCF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F3CB4377-718A-4D54-9B9B-5E0B1E83995E}" = protocol=17 | dir=in | app=c:\users\parents\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{F3F48BBE-FB67-4429-A13D-47D30E460E2B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{33E6512B-A653-493D-A0E1-86362ADF282E}D:\setup.exe" = protocol=6 | dir=in | app=d:\setup.exe |
"TCP Query User{9163661C-A05B-4A13-BE37-1B2871B33AF9}E:\share\profile\downloads\setupwizard_tew-647ga\setup.exe" = protocol=6 | dir=in | app=e:\share\profile\downloads\setupwizard_tew-647ga\setup.exe |
"TCP Query User{CF27D3F9-8F70-450E-BD92-120F81BA24D6}E:\share\profile\downloads\tew-647ga_utility\setup.exe" = protocol=6 | dir=in | app=e:\share\profile\downloads\tew-647ga_utility\setup.exe |
"TCP Query User{EAF8FE1D-1368-4476-BBD3-D215D77DFD33}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{0B33481C-00C0-4B0B-B031-A0E2765C4094}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{4776325E-C126-4447-A659-2616BFF013E7}E:\share\profile\downloads\tew-647ga_utility\setup.exe" = protocol=17 | dir=in | app=e:\share\profile\downloads\tew-647ga_utility\setup.exe |
"UDP Query User{67597419-9021-45BC-9054-8E0AE4F8F8F7}E:\share\profile\downloads\setupwizard_tew-647ga\setup.exe" = protocol=17 | dir=in | app=e:\share\profile\downloads\setupwizard_tew-647ga\setup.exe |
"UDP Query User{FA7EF04B-1FC4-4BF3-8DC9-A3207C66EA15}D:\setup.exe" = protocol=17 | dir=in | app=d:\setup.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series" = Canon MP970 series
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15D07D6F-E4CC-41D9-88A3-94115E5E5A10}" = Desktop Restore
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6A7F7056-14E1-D8E4-0B87-BC3F18EAC8AC}" = ATI AVIVO64 Codecs
"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9387E5ED-7D5D-A744-6BDC-8F6CB26DE09A}" = AMD Fuel
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft Mouse and Keyboard Center
"{D77162FE-B7B2-8E1E-D80D-89DE6217DF13}" = AMD Drag and Drop Transcoding
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{24176A21-AFC8-3DCC-A2BB-901734AA64B9}" = Google Talk Plugin
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 5
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{4869414E-7AEA-4C8E-BE1C-8D40977FD517}" = Adobe Illustrator CS6
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = AMD VISION Engine Control Center
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95B8C1B9-FAB2-4F2B-976A-D0CE7290B5A1}" = MusicBee
"{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"BFG-7 Wonders - Magical Mystery Tour" = 7 Wonders: Magical Mystery Tour
"BFG-Atlantic Quest" = Atlantic Quest
"BFG-Big Kahuna Reef 3" = Big Kahuna Reef 3
"BFGC" = Big Fish Games: Game Manager
"BFG-Call of Atlantis" = Call of Atlantis
"BFG-Cradle of Egypt" = Cradle of Egypt
"BFG-Cradle of Rome 2" = Cradle of Rome 2
"BFG-Cursed House" = Cursed House
"BFG-Death at Fairing Point - A Dana Knightstone Novel" = Death at Fairing Point: A Dana Knightstone Novel
"BFG-Haunted Manor - Lord of Mirrors" = Haunted Manor: Lord of Mirrors
"BFG-Heroes of Hellas 3 - Athens" = Heroes of Hellas 3: Athens
"BFG-Hidden in Time - Looking glass Lane" = Hidden in Time: Looking-glass Lane
"BFG-Midnight Mysteries - Devil on the Mississippi Collector's Edition" = Midnight Mysteries: Devil on the Mississippi Collector's Edition
"BFG-Ozzy Bubbles" = Ozzy Bubbles
"BFG-The Treasures of Montezuma 3" = The Treasures of Montezuma 3
"BFG-Venice Mystery" = Venice Mystery
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Google Chrome" = Google Chrome
"ImgBurn" = ImgBurn
"Intel(R) Solid-State Drive Toolbox" = Intel(R) Solid-State Drive Toolbox
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"TreeSize Free_is1" = TreeSize Free V2.5
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3689204523-1297797616-1657894789-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f9598aeafb0efd18" = BabySmash!
"Sansa Updater" = Sansa Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/27/2012 6:11:09 PM | Computer Name = Parents-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Big Kahuna Reef 3.exe, version: 0.0.0.0,
time stamp: 0x4fba7b1c Faulting module name: Data3.bin, version: 0.0.0.0, time stamp:
0x4fba7b1b Exception code: 0xc0000005 Fault offset: 0x0009e831 Faulting process id:
0x1188 Faulting application start time: 0x01cd84a04295664f Faulting application path:
C:\Program Files (x86)\Big Kahuna Reef 3\Big Kahuna Reef 3.exe Faulting module path:
C:\Program Files (x86)\Big Kahuna Reef 3\Data3.bin Report Id: 1a4352d0-f094-11e1-84c3-6cf04900a767

Error - 8/31/2012 1:58:02 PM | Computer Name = Parents-PC | Source = DeviceCenter | ID = 0
Description = Unknown Node:#text -->

Error - 9/8/2012 6:32:56 PM | Computer Name = Parents-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16448,
time stamp: 0x4fecf1b7 Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b8f Exception code: 0x4000001f Fault offset: 0x000ce695 Faulting
process id: 0x21d4 Faulting application start time: 0x01cd8e11e2b2864c Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\ntdll.dll Report Id: 22410744-fa05-11e1-bbe9-6cf04900a767

Error - 9/9/2012 12:00:19 AM | Computer Name = Parents-PC | Source = Schedule | ID = 0
Description =

Error - 9/9/2012 12:02:08 AM | Computer Name = Parents-PC | Source = Schedule | ID = 0
Description =

Error - 9/9/2012 12:08:11 AM | Computer Name = Parents-PC | Source = Schedule | ID = 0
Description =

Error - 9/9/2012 12:14:04 AM | Computer Name = Parents-PC | Source = Schedule | ID = 0
Description =

Error - 9/9/2012 6:01:42 PM | Computer Name = Parents-PC | Source = Schedule | ID = 0
Description =

Error - 9/9/2012 6:03:36 PM | Computer Name = Parents-PC | Source = Schedule | ID = 0
Description =

Error - 9/9/2012 6:06:41 PM | Computer Name = Parents-PC | Source = Schedule | ID = 0
Description =

[ Media Center Events ]
Error - 2/26/2012 1:19:19 AM | Computer Name = Parents-PC | Source = MCUpdate | ID = 0
Description = 9:19:17 PM - Error connecting to the internet. 9:19:17 PM - Unable
to contact server..

[ System Events ]
Error - 9/9/2012 6:07:58 PM | Computer Name = Parents-PC | Source = Service Control Manager | ID = 7023
Description = The IPsec Policy Agent service terminated with the following error:
%%10044

Error - 9/9/2012 6:07:58 PM | Computer Name = Parents-PC | Source = Service Control Manager | ID = 7023
Description = The IPsec Policy Agent service terminated with the following error:
%%10044

Error - 9/9/2012 6:07:58 PM | Computer Name = Parents-PC | Source = Service Control Manager | ID = 7023
Description = The IPsec Policy Agent service terminated with the following error:
%%10044

Error - 9/9/2012 6:07:59 PM | Computer Name = Parents-PC | Source = Service Control Manager | ID = 7023
Description = The IPsec Policy Agent service terminated with the following error:
%%10044

Error - 9/9/2012 6:07:59 PM | Computer Name = Parents-PC | Source = Service Control Manager | ID = 7023
Description = The IPsec Policy Agent service terminated with the following error:
%%10044

Error - 9/9/2012 6:07:59 PM | Computer Name = Parents-PC | Source = Service Control Manager | ID = 7023
Description = The IPsec Policy Agent service terminated with the following error:
%%10044

Error - 9/9/2012 6:07:59 PM | Computer Name = Parents-PC | Source = Service Control Manager | ID = 7023
Description = The IPsec Policy Agent service terminated with the following error:
%%10044

Error - 9/9/2012 6:07:59 PM | Computer Name = Parents-PC | Source = Service Control Manager | ID = 7024
Description = The Bonjour Service service terminated with service-specific error
%%-1.

Error - 9/9/2012 6:07:59 PM | Computer Name = Parents-PC | Source = Service Control Manager | ID = 7023
Description = The IPsec Policy Agent service terminated with the following error:
%%10044

Error - 9/9/2012 6:09:12 PM | Computer Name = Parents-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.1 service failed to start due to the following error:
%%2

< End of report >

Bigtuna00 · Sep 9, 2012

No current issues that I can see, except maybe that 8MB partition that shows up in the Rogue Killer report? Or is that the recovery partition?

Let me know if you need anything else.

Broni · Sep 9, 2012

Please read my previous reply.
We posted at the same time.

Broni · Sep 9, 2012

That partition is fine.
Hold on....

Broni · Sep 9, 2012

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsearch.com/jsp/cfg_...html&st=sb&searchfor={searchTerms}&n=77ce8215
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local
IE - HKU\S-1-5-21-3689204523-1297797616-1657894789-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local
FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.1
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" File not found
O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
[2012/09/08 22:38:06 | 000,000,000 | ---D | C] -- C:\FRST
[2012/09/04 23:26:20 | 000,000,000 | ---- | C] () -- C:\Users\Parents\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:28DB0DC4
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:AFC732F7
@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:639BB5E9
@Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:9C3AAD57
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:ED2D63E4
@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:57B374AB
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:EB4FEEF5
@Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:6D5A15BF
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:160ADF0B
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:FAB64002
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:678C1866
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:007D45CF
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:7C4DF735
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:58481C6F
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:8BE7A048
@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:FC2E567F
@Alternate Data Stream - 196 bytes -> C:\Users\Parents\Desktop\60's 2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 196 bytes -> C:\Users\Parents\Desktop\60's 1.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:6A9CA6CB
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:A6F30843
@Alternate Data Stream - 152 bytes -> E:\Share\Profile\Documents\Treating Scratches page 2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 152 bytes -> E:\Share\Profile\Documents\Site 5.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 152 bytes -> E:\Share\Profile\Documents\FNEF auto transfer.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 152 bytes -> C:\Users\Parents\Treating Scratches.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 152 bytes -> C:\Users\Parents\Desktop\Doug Fletcher Surfboards.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 152 bytes -> C:\Users\Parents\Desktop\Bohemian2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:B88DC997
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:B6E58523
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:6ED8B881
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:F610C203
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:E8B61305
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:E40AB54F
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:961B84C5
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:6E2D80C8
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:66FC2E6F
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:244E4E3A
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:FFC3922F
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:F56BE392
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:1604D047
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:D6D084A5
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:3D922890
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:6EE8565A
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0BACBDD9
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0696EC8E
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:AABECEFB
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:18B5F839
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:79875988
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:62AF94A0
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:4A8EB1C4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:164561C8
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:F9F58B80
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:F2B81C2E
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:E402E439
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:A819A132
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:97AAB7F2
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:B1786630
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:A76A1B1B
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:C76CFF82
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:F19A4790
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:C946EBB2
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:AA0017FD
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:00D99749
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E8AEB2BF
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A6E01F67
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:5FC043A8
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:1234ADAE
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:E87AB4E3
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:DE875C30
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:87A3A233
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:2A874675
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:DA24A961
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:B4258C5D
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:96372A73
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:29F0CA7D
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FCBEDCFD
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:BE0654D6
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:A4560327
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:874ADA37
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:3C4BD225
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:3487C53E
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2211E7A0
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:98CD9221
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:10CB85CA
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B3A5945E
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:A8185163
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:54403233
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:E6C6EB3B
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:A9223B61
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:65C4D44A
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:31C9BA96
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:FA29CA24
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:94B46CA2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:124B94C0
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:D7D0B4AF
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:884C7316
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:A9562832
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:774C075A
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:59465B40
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:CA23BCFD
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A5948878
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6DD124E2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E6B95E40
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8B4B9596
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5A9F1AE5
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:12258D63
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:EDDBC69E
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8944C195
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:72F57408
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F9283DA1
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C0893153
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:99F8C0E6
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:4DDE401B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C7F08EA3
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C6920A5D
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:48862C37
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:1A5822A3
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:EE69D7DF
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E5496666
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:BD34FFC5
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A4241298
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:905BCB57
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:AD2DB2F9
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DBEF355E


:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

=========================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Search.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[R1].txt as well.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

Bigtuna00 · Sep 9, 2012

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-3689204523-1297797616-1657894789-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: m3ffxtbr@mywebsearch.com:1.1 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS6ServiceManager deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
C:\Users\Parents\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ moved successfully.
ADS C:\ProgramData\TEMP:28DB0DC4 deleted successfully.
ADS C:\ProgramData\TEMP:AFC732F7 deleted successfully.
ADS C:\ProgramData\TEMP:639BB5E9 deleted successfully.
ADS C:\ProgramData\TEMP:9C3AAD57 deleted successfully.
ADS C:\ProgramData\TEMP:ED2D63E4 deleted successfully.
ADS C:\ProgramData\TEMP:57B374AB deleted successfully.
ADS C:\ProgramData\TEMP:EB4FEEF5 deleted successfully.
ADS C:\ProgramData\TEMP:6D5A15BF deleted successfully.
ADS C:\ProgramData\TEMP:160ADF0B deleted successfully.
ADS C:\ProgramData\TEMP:FAB64002 deleted successfully.
ADS C:\ProgramData\TEMP:678C1866 deleted successfully.
ADS C:\ProgramData\TEMP:007D45CF deleted successfully.
ADS C:\ProgramData\TEMP:7C4DF735 deleted successfully.
ADS C:\ProgramData\TEMP:58481C6F deleted successfully.
ADS C:\ProgramData\TEMP:8BE7A048 deleted successfully.
ADS C:\ProgramData\TEMP:FC2E567F deleted successfully.
ADS C:\Users\Parents\Desktop\60's 2.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Parents\Desktop\60's 1.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\ProgramData\TEMP:6A9CA6CB deleted successfully.
ADS C:\ProgramData\TEMP:A6F30843 deleted successfully.
ADS E:\Share\Profile\Documents\Treating Scratches page 2.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS E:\Share\Profile\Documents\Site 5.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS E:\Share\Profile\Documents\FNEF auto transfer.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Parents\Treating Scratches.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Parents\Desktop\Doug Fletcher Surfboards.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Parents\Desktop\Bohemian2.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\ProgramData\TEMP:B88DC997 deleted successfully.
ADS C:\ProgramData\TEMP:B6E58523 deleted successfully.
ADS C:\ProgramData\TEMP:6ED8B881 deleted successfully.
ADS C:\ProgramData\TEMP:F610C203 deleted successfully.
ADS C:\ProgramData\TEMP:E8B61305 deleted successfully.
ADS C:\ProgramData\TEMP:E40AB54F deleted successfully.
ADS C:\ProgramData\TEMP:961B84C5 deleted successfully.
ADS C:\ProgramData\TEMP:6E2D80C8 deleted successfully.
ADS C:\ProgramData\TEMP:66FC2E6F deleted successfully.
ADS C:\ProgramData\TEMP:244E4E3A deleted successfully.
ADS C:\ProgramData\TEMP:FFC3922F deleted successfully.
ADS C:\ProgramData\TEMP:F56BE392 deleted successfully.
ADS C:\ProgramData\TEMP:1604D047 deleted successfully.
ADS C:\ProgramData\TEMP

6D084A5 deleted successfully.
ADS C:\ProgramData\TEMP:3D922890 deleted successfully.
ADS C:\ProgramData\TEMP:6EE8565A deleted successfully.
ADS C:\ProgramData\TEMP:0BACBDD9 deleted successfully.
ADS C:\ProgramData\TEMP:0696EC8E deleted successfully.
ADS C:\ProgramData\TEMP:AABECEFB deleted successfully.
ADS C:\ProgramData\TEMP:18B5F839 deleted successfully.
ADS C:\ProgramData\TEMP:79875988 deleted successfully.
ADS C:\ProgramData\TEMP:62AF94A0 deleted successfully.
ADS C:\ProgramData\TEMP:4A8EB1C4 deleted successfully.
ADS C:\ProgramData\TEMP:164561C8 deleted successfully.
ADS C:\ProgramData\TEMP:F9F58B80 deleted successfully.
ADS C:\ProgramData\TEMP:F2B81C2E deleted successfully.
ADS C:\ProgramData\TEMP:E402E439 deleted successfully.
ADS C:\ProgramData\TEMP:A819A132 deleted successfully.
ADS C:\ProgramData\TEMP:97AAB7F2 deleted successfully.
ADS C:\ProgramData\TEMP:B1786630 deleted successfully.
ADS C:\ProgramData\TEMP:A76A1B1B deleted successfully.
ADS C:\ProgramData\TEMP:C76CFF82 deleted successfully.
ADS C:\ProgramData\TEMP:F19A4790 deleted successfully.
ADS C:\ProgramData\TEMP:C946EBB2 deleted successfully.
ADS C:\ProgramData\TEMP:AA0017FD deleted successfully.
ADS C:\ProgramData\TEMP:00D99749 deleted successfully.
ADS C:\ProgramData\TEMP:E8AEB2BF deleted successfully.
ADS C:\ProgramData\TEMP:A6E01F67 deleted successfully.
ADS C:\ProgramData\TEMP:5FC043A8 deleted successfully.
ADS C:\ProgramData\TEMP:1234ADAE deleted successfully.
ADS C:\ProgramData\TEMP:E87AB4E3 deleted successfully.
ADS C:\ProgramData\TEMP

E875C30 deleted successfully.
ADS C:\ProgramData\TEMP:87A3A233 deleted successfully.
ADS C:\ProgramData\TEMP:2A874675 deleted successfully.
ADS C:\ProgramData\TEMP

A24A961 deleted successfully.
ADS C:\ProgramData\TEMP:B4258C5D deleted successfully.
ADS C:\ProgramData\TEMP:96372A73 deleted successfully.
ADS C:\ProgramData\TEMP:29F0CA7D deleted successfully.
ADS C:\ProgramData\TEMP:FCBEDCFD deleted successfully.
ADS C:\ProgramData\TEMP:BE0654D6 deleted successfully.
ADS C:\ProgramData\TEMP:A4560327 deleted successfully.
ADS C:\ProgramData\TEMP:874ADA37 deleted successfully.
ADS C:\ProgramData\TEMP:3C4BD225 deleted successfully.
ADS C:\ProgramData\TEMP:3487C53E deleted successfully.
ADS C:\ProgramData\TEMP:2211E7A0 deleted successfully.
ADS C:\ProgramData\TEMP:98CD9221 deleted successfully.
ADS C:\ProgramData\TEMP:10CB85CA deleted successfully.
ADS C:\ProgramData\TEMP:B3A5945E deleted successfully.
ADS C:\ProgramData\TEMP:A8185163 deleted successfully.
ADS C:\ProgramData\TEMP:54403233 deleted successfully.
ADS C:\ProgramData\TEMP:E6C6EB3B deleted successfully.
ADS C:\ProgramData\TEMP:A9223B61 deleted successfully.
ADS C:\ProgramData\TEMP:65C4D44A deleted successfully.
ADS C:\ProgramData\TEMP:31C9BA96 deleted successfully.
ADS C:\ProgramData\TEMP:FA29CA24 deleted successfully.
ADS C:\ProgramData\TEMP:94B46CA2 deleted successfully.
ADS C:\ProgramData\TEMP:124B94C0 deleted successfully.
ADS C:\ProgramData\TEMP

7D0B4AF deleted successfully.
ADS C:\ProgramData\TEMP:884C7316 deleted successfully.
ADS C:\ProgramData\TEMP:A9562832 deleted successfully.
ADS C:\ProgramData\TEMP:774C075A deleted successfully.
ADS C:\ProgramData\TEMP:59465B40 deleted successfully.
ADS C:\ProgramData\TEMP:206470A5 deleted successfully.
ADS C:\ProgramData\TEMP:CA23BCFD deleted successfully.
ADS C:\ProgramData\TEMP:A5948878 deleted successfully.
ADS C:\ProgramData\TEMP:6DD124E2 deleted successfully.
ADS C:\ProgramData\TEMP:E6B95E40 deleted successfully.
ADS C:\ProgramData\TEMP:8B4B9596 deleted successfully.
ADS C:\ProgramData\TEMP:5A9F1AE5 deleted successfully.
ADS C:\ProgramData\TEMP:12258D63 deleted successfully.
ADS C:\ProgramData\TEMP:EDDBC69E deleted successfully.
ADS C:\ProgramData\TEMP:8944C195 deleted successfully.
ADS C:\ProgramData\TEMP:72F57408 deleted successfully.
ADS C:\ProgramData\TEMP:F9283DA1 deleted successfully.
ADS C:\ProgramData\TEMP:C0893153 deleted successfully.
ADS C:\ProgramData\TEMP:99F8C0E6 deleted successfully.
ADS C:\ProgramData\TEMP:4DDE401B deleted successfully.
ADS C:\ProgramData\TEMP:C7F08EA3 deleted successfully.
ADS C:\ProgramData\TEMP:C6920A5D deleted successfully.
ADS C:\ProgramData\TEMP:48862C37 deleted successfully.
ADS C:\ProgramData\TEMP:1A5822A3 deleted successfully.
ADS C:\ProgramData\TEMP:EE69D7DF deleted successfully.
ADS C:\ProgramData\TEMP:E5496666 deleted successfully.
ADS C:\ProgramData\TEMP:BD34FFC5 deleted successfully.
ADS C:\ProgramData\TEMP:A4241298 deleted successfully.
ADS C:\ProgramData\TEMP:905BCB57 deleted successfully.
ADS C:\ProgramData\TEMP:AD2DB2F9 deleted successfully.
ADS C:\ProgramData\TEMP

BEF355E deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: 2cruzers
->Temp folder emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Parents
->Temp folder emptied: 2082 bytes
->Temporary Internet Files folder emptied: 66340 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 24927072 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3116 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 24.00 mb

[EMPTYJAVA]

User: 2cruzers

User: Administrator

User: All Users

User: Default

User: Default User

User: Parents
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: 2cruzers

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Parents
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.61.3 log created on 09092012_164305

Files\Folders moved on Reboot...
C:\Users\Parents\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Bigtuna00 · Sep 9, 2012

Results of screen317's Security Check version 0.99.50
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java(TM) 7 Update 5
Java version out of Date!
Adobe Flash Player 11.4.402.265
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 12% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Bigtuna00 · Sep 9, 2012

Farbar Service Scanner Version: 06-08-2012
Ran by Parents (administrator) on 09-09-2012 at 16:52:19
Running from "C:\Users\Parents\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Solved Suspicious iexplore.exe processes always running

Posts: 56,041 +516

Posts: 44 +0

Posts: 56,041 +516

Posts: 44 +0

Posts: 56,041 +516

Posts: 44 +0

Posts: 56,041 +516

Posts: 44 +0

Posts: 56,041 +516

Attachments

Posts: 44 +0

Posts: 44 +0

Posts: 56,041 +516

Posts: 44 +0

Posts: 44 +0

Posts: 56,041 +516

Posts: 44 +0

Posts: 44 +0

Posts: 44 +0

Posts: 44 +0

Posts: 56,041 +516

Posts: 56,041 +516

Posts: 56,041 +516

Posts: 44 +0

Posts: 44 +0

Posts: 44 +0

Similar threads