Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow computer & Poss IE9 problem


  • Please log in to reply

#1
TomNeedsHelp

TomNeedsHelp

    Member

  • Member
  • PipPip
  • 51 posts
Hello,

I am noticing that my computer is starting to slow down. The other day, my wife mentioned that she was having a problem closing an IE session, everytime she tried to click the close button, it seemed to move. But then it worked fine and closed successfully. Then today she informs me that IE won't start. It opens, and immediately closes. Firefox runs fine though. I was looking through the programs and noticed an IE 64 bit that I dont recall seeing before, but it starts and runs fine, but I dont know where or when it came from.

So anyway, I ran an OTL log and am hoping that someone could look it over.

Thanks in advance

Tom

OTL.txt

OTL logfile created on: 6/17/2012 10:33:49 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\user\Desktop\Removal Files
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.74 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 56.37% Memory free
7.48 Gb Paging File | 5.66 Gb Available in Paging File | 75.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 30.79 Gb Free Space | 20.67% Space Free | Partition Type: NTFS
Drive E: | 931.32 Gb Total Space | 833.47 Gb Free Space | 89.49% Space Free | Partition Type: NTFS
Drive J: | 465.76 Gb Total Space | 68.53 Gb Free Space | 14.71% Space Free | Partition Type: NTFS

Computer Name: BUNTING-LIVRM | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/17 21:43:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\Removal Files\OTL.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/20 18:58:02 | 001,204,224 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2011/04/20 18:53:10 | 000,335,872 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2010/08/04 15:55:36 | 000,692,317 | ---- | M] ( ) -- E:\updates\FWManager.exe
PRC - [2010/06/10 14:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2009/10/13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/03/16 01:47:28 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/03/16 01:47:24 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/03/16 01:47:22 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/03/16 01:47:20 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe


========== Modules (No Company Name) ==========

MOD - [2010/08/04 15:55:20 | 003,235,840 | ---- | M] () -- E:\updates\LiveUpdate.dat
MOD - [2009/08/20 13:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/08/20 13:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/08/20 13:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/07 13:47:14 | 002,663,568 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2010/02/10 10:05:46 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/05/04 18:28:31 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/10/13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/16 01:47:22 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/07 13:47:54 | 000,016,528 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/24 04:00:00 | 000,055,952 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/18 18:05:48 | 000,154,256 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/11 01:11:52 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV:64bit: - [2010/11/11 01:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/11/11 01:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010/11/11 01:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/02/10 10:24:06 | 006,368,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/02/10 09:11:14 | 000,188,416 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/12/22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 22:35:40 | 000,226,616 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 20:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 20:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 20:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/04 21:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2011/10/07 13:52:18 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 28 63 00 CC 49 CD 01 [binary data]
IE - HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/15 20:56:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 17:32:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/16 19:28:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011/04/19 20:23:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2011/04/19 20:23:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/04/19 20:08:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\8icaa8ni.default\extensions
[2011/04/19 19:38:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\p2gzsapq.default\extensions
[2012/02/29 23:31:45 | 000,001,820 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8icaa8ni.default\searchplugins\bing.xml
[2011/10/26 19:23:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/12 18:25:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/21 13:54:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/06 23:28:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/26 19:23:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3 - HKU\S-1-5-21-2062905526-1712026431-3041011506-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Name of App] E:\updates\FWManager.exe ( )
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4452249-5C5D-4771-9EF1-A76923A69D15}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4452249-5C5D-4771-9EF1-A76923A69D15}: NameServer = 156.154.70.22,156.154.71.22
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{460f1623-ad83-11e1-85c1-6c626daf807e}\Shell - "" = AutoRun
O33 - MountPoints2\{460f1623-ad83-11e1-85c1-6c626daf807e}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
O33 - MountPoints2\{460f16db-ad83-11e1-85c1-6c626daf807e}\Shell - "" = AutoRun
O33 - MountPoints2\{460f16db-ad83-11e1-85c1-6c626daf807e}\Shell\AutoRun\command - "" = F:\TLBootstrap_WPP.exe
O33 - MountPoints2\{9a18d92b-3e2e-11e0-9af2-6c626daf807e}\Shell - "" = AutoRun
O33 - MountPoints2\{9a18d92b-3e2e-11e0-9af2-6c626daf807e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/17 21:44:38 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Removal Files
[2012/06/04 22:33:32 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Basement Finished
[2012/06/04 09:48:14 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\A Grad Day

========== Files - Modified Within 30 Days ==========

[2012/06/17 22:34:37 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012/06/17 22:28:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/17 22:27:54 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/17 22:27:54 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/17 19:34:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/17 19:34:41 | 3013,419,008 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/13 12:11:28 | 000,418,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/12 23:15:50 | 000,740,322 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/12 23:15:50 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/12 23:15:50 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/10 19:57:30 | 001,521,940 | ---- | M] () -- C:\Users\user\Desktop\Band Saw.pdf
[2012/06/04 22:25:20 | 000,172,945 | ---- | M] () -- C:\Users\user\DimLog0.xml
[2012/06/04 22:24:58 | 000,001,774 | ---- | M] () -- C:\Users\user\DIMConfig.xml
[2012/05/21 23:03:31 | 001,887,164 | ---- | M] () -- C:\Users\user\Desktop\Anna-K.jpg
[2012/05/21 23:03:31 | 000,003,369 | ---- | M] () -- C:\Users\user\.recently-used.xbel
[2012/05/21 23:01:23 | 001,611,966 | ---- | M] () -- C:\Users\user\Desktop\Anna-K05212012_0000.jpg
[2012/05/21 22:57:42 | 001,389,932 | ---- | M] () -- C:\Users\user\Desktop\Anna-9th05212012_0000.jpg
[2012/05/21 22:50:34 | 001,356,185 | ---- | M] () -- C:\Users\user\Desktop\Anna-1st05212012_0001.jpg
[2012/05/21 22:50:15 | 001,356,185 | ---- | M] () -- C:\Users\user\Desktop\Anna-1st05212012_0000.jpg
[2012/05/21 22:34:38 | 001,650,979 | ---- | M] () -- C:\Users\user\Desktop\Andrew-1st05212012_0000.jpg

========== Files Created - No Company Name ==========

[2012/06/10 19:57:30 | 001,521,940 | ---- | C] () -- C:\Users\user\Desktop\Band Saw.pdf
[2012/05/21 23:03:31 | 000,003,369 | ---- | C] () -- C:\Users\user\.recently-used.xbel
[2012/05/21 23:03:29 | 001,887,164 | ---- | C] () -- C:\Users\user\Desktop\Anna-K.jpg
[2012/05/21 23:01:23 | 001,611,966 | ---- | C] () -- C:\Users\user\Desktop\Anna-K05212012_0000.jpg
[2012/05/21 22:57:42 | 001,389,932 | ---- | C] () -- C:\Users\user\Desktop\Anna-9th05212012_0000.jpg
[2012/05/21 22:50:34 | 001,356,185 | ---- | C] () -- C:\Users\user\Desktop\Anna-1st05212012_0001.jpg
[2012/05/21 22:50:15 | 001,356,185 | ---- | C] () -- C:\Users\user\Desktop\Anna-1st05212012_0000.jpg
[2012/05/21 22:34:38 | 001,650,979 | ---- | C] () -- C:\Users\user\Desktop\Andrew-1st05212012_0000.jpg
[2012/03/30 15:28:27 | 000,000,164 | ---- | C] () -- C:\Users\user\AppData\Roaming\default.rss
[2011/11/10 16:46:16 | 000,000,305 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/11/10 16:46:16 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/11/10 16:43:21 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/11/10 16:43:20 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/03/04 21:59:50 | 000,000,165 | ---- | C] () -- C:\Users\user\AppData\Roaming\SamsungLiveUpdateConfig.ini
[2011/02/08 10:58:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/08 10:47:44 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2011/11/15 19:06:32 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\ControlCenter4
[2011/06/20 15:37:42 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\FrostWire
[2011/04/19 21:17:10 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Thunderbird
[2011/11/15 22:08:46 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\ControlCenter4
[2011/12/06 20:32:59 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Dropbox
[2011/04/19 21:25:53 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Thunderbird
[2011/11/13 01:04:52 | 000,000,000 | ---D | M] -- C:\Users\Bunting\AppData\Roaming\Audacity
[2012/02/02 23:57:18 | 000,000,000 | ---D | M] -- C:\Users\Bunting\AppData\Roaming\calibre
[2011/11/13 01:06:13 | 000,000,000 | ---D | M] -- C:\Users\Bunting\AppData\Roaming\ControlCenter4
[2011/06/20 15:19:02 | 000,000,000 | ---D | M] -- C:\Users\Bunting\AppData\Roaming\FrostWire
[2011/08/09 21:08:45 | 000,000,000 | ---D | M] -- C:\Users\Bunting\AppData\Roaming\gtk-2.0
[2011/05/16 13:13:03 | 000,000,000 | ---D | M] -- C:\Users\Bunting\AppData\Roaming\ImgBurn
[2011/04/19 21:30:15 | 000,000,000 | ---D | M] -- C:\Users\Bunting\AppData\Roaming\Thunderbird
[2012/03/23 22:09:55 | 000,000,000 | ---D | M] -- C:\Users\Dick and Betty\AppData\Roaming\ControlCenter4
[2011/04/19 21:33:16 | 000,000,000 | ---D | M] -- C:\Users\Dick and Betty\AppData\Roaming\Thunderbird
[2012/01/03 19:28:12 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\ControlCenter4
[2011/11/19 12:18:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Audacity
[2012/02/18 23:26:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\calibre
[2011/11/10 20:41:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ControlCenter4
[2011/12/07 11:23:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Dropbox
[2011/11/12 23:02:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\eBookConverter
[2012/05/21 23:03:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\gtk-2.0
[2011/05/10 23:30:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ImgBurn
[2011/11/12 00:21:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LEAPS
[2011/11/16 01:06:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MPEG Streamclip
[2011/11/12 00:17:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Pegasys Inc
[2011/04/19 20:23:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thunderbird
[2012/05/03 15:44:58 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

EXTRAS.txt

OTL Extras logfile created on: 6/17/2012 10:33:49 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\user\Desktop\Removal Files
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.74 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 56.37% Memory free
7.48 Gb Paging File | 5.66 Gb Available in Paging File | 75.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 30.79 Gb Free Space | 20.67% Space Free | Partition Type: NTFS
Drive E: | 931.32 Gb Total Space | 833.47 Gb Free Space | 89.49% Space Free | Partition Type: NTFS
Drive J: | 465.76 Gb Total Space | 68.53 Gb Free Space | 14.71% Space Free | Partition Type: NTFS

Computer Name: BUNTING-LIVRM | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{071533B5-AC0D-42B2-BAD6-FFBDB64C5304}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0DF29E0A-E3EB-494C-BBDE-658FFCCF39C4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{172EADC8-C7F6-4074-A8B1-9D6F6CD8702D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2031502E-8261-49E0-87CB-7D27A799A6DD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{297C4524-B656-4E35-AD2F-4368F92CDC94}" = lport=137 | protocol=17 | dir=in | app=system |
"{2A047F17-8761-43CB-B7D7-F574C1303D23}" = rport=138 | protocol=17 | dir=out | app=system |
"{313BE0C5-13EC-45D0-90C6-EBAB2E40EA00}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{361D3BB4-ABE0-4704-AD29-E84964C02CAB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{428F78E1-5595-4E44-B766-442DF8C37455}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{48668B31-0B7B-414B-81A0-8D586D9E02A4}" = lport=139 | protocol=6 | dir=in | app=system |
"{4DF4547D-5C90-4BAB-B15F-A5977405CF5D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{63845FCE-AE8B-4544-A1BD-1B4B42536C24}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{65B39033-863F-4D0A-86FD-EA3644FC9254}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6EDDE233-8978-49DB-B4FE-0D1663C8300B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{72954D07-AD8A-4F6D-9381-017BB0C98DA6}" = lport=138 | protocol=17 | dir=in | app=system |
"{73A4837F-40AC-4684-8F89-2BD39F7D8ACA}" = rport=137 | protocol=17 | dir=out | app=system |
"{790C335A-7FE8-474D-8904-714EC5E54E8F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{82F5EBE6-5EDF-4A23-A924-D50E821AAE8E}" = lport=445 | protocol=6 | dir=in | app=system |
"{AEE1E3D7-9EA7-43BA-B60D-4B4898339C39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B1B6B6BE-6588-489C-8290-D0758F4B5085}" = rport=445 | protocol=6 | dir=out | app=system |
"{B65B0C9C-730A-4D07-BE34-B8AEA0EEAA67}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B687D7AA-D73A-452E-B972-75734C34CE6E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{CDF16A43-7874-43BA-8C15-4CCBAC5F9B78}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{D50E21EC-56C8-480D-8B0B-44FCBE85E3F8}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{D5A7229C-33B6-4F62-A417-DDD887A1A989}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{DE7C6D3E-7398-426B-9BD1-0D60177F6F79}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E384DE28-FE62-477E-A823-EDF916DE5664}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{E5426B3A-C477-4B7F-8343-56ED622FC4BA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E610281D-F787-49AA-8DE9-F504DB13F421}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ECE3C96B-C985-4BD5-89FD-454C5745DE05}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{F01BC7DC-F4BC-48C4-A2CD-B81BF44866D1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F0CFD703-BE6E-45D0-BC7E-B1778C6BC5AC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FA653CD6-55A8-4FC1-99CB-8882DDCEC62B}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B61BCE6-3B48-46B9-A618-D9F14AEB215F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{0BFBC7F4-D41F-4D3C-A2B2-989158EB78E5}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{0C2AADE3-7A29-48D3-A4E2-36E7B20180B1}" = protocol=17 | dir=in | app=k:\documents\downloads\frostwire\frostwire.exe |
"{0E73B4DE-8F36-4E0F-B645-CBAE4380082C}" = protocol=58 | dir=in | [email protected],-28545 |
"{1E8EB90E-6E17-4DB5-8059-0C35A1317793}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{230582B6-9F25-44E2-8E5A-8F9A65B3724A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{24C78085-29A3-43EB-B799-7DD389D0A1A4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{26655F64-A802-443E-B13D-72B5299325F6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{30D17AC5-979F-4C49-A7F5-A2B64EA77151}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl10f\faxrx.exe |
"{37451073-4166-418C-BBAC-E5978F032B9A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{42077F2A-2F21-4421-B1A8-9D9DAC7B596A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{441E4077-DFFD-4E41-981E-F9011B229A76}" = protocol=6 | dir=out | app=system |
"{5114150B-7796-4BB7-A853-B71E0EA52197}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{51C23584-E5E1-4BF4-8198-6E7265F8B5EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F6141D6-7163-4260-9CB4-AF0C617872B4}" = protocol=6 | dir=in | app=k:\documents\downloads\frostwire\frostwire.exe |
"{683222AD-04DF-49AA-9134-E6253393A85F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{889F6EB0-5736-4E1D-9481-8890B75AEA53}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8E19DB25-9792-4425-AC6A-E0DA94B34ADE}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{98C49CAF-41E7-4D21-8430-7F1C0C69B8E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{995CD0D4-7061-4281-BFA1-3D4434E00D28}" = protocol=1 | dir=in | [email protected],-28543 |
"{A9481623-F170-443E-AF17-DF4C083BF44C}" = protocol=1 | dir=out | [email protected],-28544 |
"{AF641652-7C5A-4E1B-AEF9-223F3793CAE3}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl10f\faxrx.exe |
"{B674FC3E-3338-4534-8D2C-896363F503CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D0114093-4E0E-4005-96CF-FE5811338E31}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D28F27DA-D222-490B-803F-90BF53EAD24B}" = protocol=58 | dir=out | [email protected],-28546 |
"{D3FB98F1-422B-4FA2-A436-7007D6C889DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DB49F3CE-0EC8-442E-B7EB-96BA1263C2C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DBC4267B-E230-4681-9AA4-155316671B5B}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{DD788027-F259-4EF4-892C-CA53C0D8F81E}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{E04D3439-ED3C-4BA3-A65B-C97366C4E0D0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E0B5F50C-85CA-4978-9A49-0F3293290E62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F073937E-03AE-4513-BE22-0546A4D3071B}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{F50B01F8-A79D-4DBD-9876-505ABA1AB677}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FF370D45-8F0F-4552-9D98-60D13A7773DE}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java™ 6 Update 24 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{64555D45-1F57-BF1D-1A5E-BFD4C8C0ADB4}" = ATI Catalyst Install Manager
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADCF7C16-C3AC-4AFB-A738-968C86A5C2CF}" = Oracle VM VirtualBox 4.0.2
"{C1AC1FED-9E75-42A5-B3EA-CCEC92E75D61}" = Raw Therapee V4.0.7.1 x64
"{CD886EE3-07DE-76F1-79DA-0D2C31551559}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"GIMP-2_is1" = GIMP 2.6.10
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{0879415B-4038-A4ED-276C-80E2C24502E8}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{15787835-5C5D-4F64-8A87-5140FB83E64C}" = calibre
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{23114BAB-A7F2-160F-4CF8-20F5917C5063}" = CCC Help Dutch
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{24AAB420-4E30-4496-9739-3E216F3DE6AE}" = Python 2.6.2
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 29
"{2D290157-1B44-1620-073B-F91546386AEF}" = CCC Help German
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite MFC-7460DN
"{3B183D60-41F1-4513-BF25-761A70654452}" = TMPGEnc Authoring Works 4
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4599E55A-9861-AA8D-AD77-A62649FB1B88}" = Catalyst Control Center Graphics Full New
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{599556F6-88AA-D1B4-BBEE-E6DBEB69E958}" = CCC Help Thai
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{61E455F8-99A8-D65F-B6E3-06B998B7F26F}" = CCC Help Greek
"{61F25370-7465-4404-BE28-4629BF808699}" = LightScribe Applications
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{67E6A5BC-CA30-46DE-2A8E-C17BD52D3A60}" = Catalyst Control Center Graphics Full Existing
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{725F0ABA-808A-4256-885C-1E60245521D0}" = LightScribe Template Designs - Sports Pack 1
"{772E433B-907F-D183-9521-4FB6C6126E24}" = CCC Help Danish
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{796DDBD5-999C-EE26-EB08-AD16FF82B620}" = CCC Help Italian
"{7A1107CD-A2EF-B18D-65E6-D8496CC99BB7}" = Catalyst Control Center InstallProxy
"{7C3D2C23-FF8C-DF11-1110-220FD024E94B}" = CCC Help Spanish
"{80DB9145-FFA6-A9EA-0684-6F09BCEE5324}" = CCC Help Swedish
"{8303FC1B-3B58-19D3-DBCD-DF63144463DB}" = CCC Help Hungarian
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83721450-E604-4C37-ABEB-CE7F18C587C8}" = LightScribe Template Labeler
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B37A414-1480-607C-8A06-3C6DAC20CA87}" = Catalyst Control Center Graphics Light
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EC37670-CFF6-851D-F6F4-D730E2DCF827}" = CCC Help Norwegian
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94FF7296-8022-FFB5-2B31-3B72524DDF2A}" = Catalyst Control Center Graphics Previews Vista
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9F5B8E0-1935-0CE0-08B3-7128820A7B08}" = CCC Help Portuguese
"{AA35FD9B-BD64-2229-371C-5217D43F3829}" = CCC Help Japanese
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{AFF3DA5E-9426-57DA-3B59-9E67A426214B}" = CCC Help Turkish
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B31F6A27-F7B6-EA98-2168-B256A929F49B}" = Catalyst Control Center Localization All
"{B82285B9-60A7-85E6-2AFF-F7CC65530EA1}" = CCC Help Russian
"{BAC15A55-B97D-AD8C-54AF-5E6B681BC839}" = CCC Help Chinese Standard
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BF73A77C-55FD-4F59-928C-DBFDEC52E623}" = Catalyst Control Center Core Implementation
"{C5177FC1-B7C4-41DE-129F-54B273EBCD09}" = Catalyst Control Center Graphics Previews Common
"{C7C05C54-21D1-4DA7-9473-C47CB13D6A40}" = CCC Help Czech
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C9F3DB27-447C-8569-9E5A-F2DB69C5BE4D}" = ccc-core-static
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D584C0DD-5994-8AC4-FC21-ED1E5F3B3B95}" = CCC Help English
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DD794783-8313-CEFC-0A34-B9F596B09F76}" = CCC Help French
"{DFC3AA0C-E8F1-2DCB-4EA2-073E20131FC5}" = CCC Help Korean
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F42F3704-4CA7-4D28-9F5B-FDBF2E589EB2}" = Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC)
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{f885d547-71dc-4614-92c3-6722f5e9457c}" = Nero 9 Essentials
"{FA2AD46D-06FB-8883-6CE5-349EC371D173}" = CCC Help Finnish
"{FB3E4248-8793-6A02-7862-4D56FABC814B}" = CCC Help Chinese Traditional
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Digital Editions" = Adobe Digital Editions
"DVDFab 8 Qt_is1" = DVDFab 8.1.3.2 (31/10/2011) Qt
"ImgBurn" = ImgBurn
"Kobo" = Kobo
"Kurlo 1.3" = Kurlo 1.3
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"Mozilla Thunderbird 13.0.1 (x86 en-US)" = Mozilla Thunderbird 13.0.1 (x86 en-US)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"QuicktimeAlt_is1" = QuickTime Alternative 1.81
"VLC media player" = VLC media player 1.1.5
"WinGTK-2_is1" = GTK+ 2.10.13 runtime environment
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2062905526-1712026431-3041011506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/5/2012 11:53:53 AM | Computer Name = Bunting-LivRm | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file
"" on line . A component version required by the application conflicts with another
component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 5/6/2012 7:22:31 PM | Computer Name = Bunting-LivRm | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Python26\Lib\distutils\command\wininst-8_d.exe".
Dependent
Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/6/2012 7:24:19 PM | Computer Name = Bunting-LivRm | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\mozbackup\dll\DelZip179.dll".Error
in manifest or policy file "c:\program files (x86)\mozbackup\dll\DelZip179.dll"
on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is
invalid.

Error - 5/6/2012 7:25:43 PM | Computer Name = Bunting-LivRm | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file
"" on line . A component version required by the application conflicts with another
component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 5/7/2012 1:21:31 PM | Computer Name = Bunting-LivRm | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Python26\Lib\distutils\command\wininst-8_d.exe".
Dependent
Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/7/2012 1:23:17 PM | Computer Name = Bunting-LivRm | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\mozbackup\dll\DelZip179.dll".Error
in manifest or policy file "c:\program files (x86)\mozbackup\dll\DelZip179.dll"
on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is
invalid.

Error - 5/7/2012 1:24:35 PM | Computer Name = Bunting-LivRm | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file
"" on line . A component version required by the application conflicts with another
component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 5/8/2012 6:17:11 PM | Computer Name = Bunting-LivRm | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Python26\Lib\distutils\command\wininst-8_d.exe".
Dependent
Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/8/2012 6:18:50 PM | Computer Name = Bunting-LivRm | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\mozbackup\dll\DelZip179.dll".Error
in manifest or policy file "c:\program files (x86)\mozbackup\dll\DelZip179.dll"
on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is
invalid.

Error - 5/8/2012 6:20:03 PM | Computer Name = Bunting-LivRm | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file
"" on line . A component version required by the application conflicts with another
component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

[ System Events ]
Error - 6/5/2012 10:54:04 AM | Computer Name = Bunting-LivRm | Source = DCOM | ID = 10016
Description =

Error - 6/5/2012 12:29:36 PM | Computer Name = Bunting-LivRm | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 6/5/2012 12:29:37 PM | Computer Name = Bunting-LivRm | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 6/6/2012 3:50:21 PM | Computer Name = Bunting-LivRm | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 6/6/2012 3:50:22 PM | Computer Name = Bunting-LivRm | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 6/6/2012 5:17:12 PM | Computer Name = Bunting-LivRm | Source = DCOM | ID = 10016
Description =

Error - 6/6/2012 5:17:12 PM | Computer Name = Bunting-LivRm | Source = DCOM | ID = 10016
Description =

Error - 6/7/2012 8:02:58 PM | Computer Name = Bunting-LivRm | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 6/7/2012 8:02:58 PM | Computer Name = Bunting-LivRm | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 6/17/2012 1:29:25 AM | Computer Name = Bunting-LivRm | Source = Service Control Manager | ID = 7034
Description = The COMODO Internet Security Helper Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >
  • 0

Advertisements


#2
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Hello TomNeedsHelp,

Nothing showing here other than that COMODO Internet Security, which can be problematic at times. Let's get a few more detailed look at things.

The system is Windows 7, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • If you can have an open Internet connection, and allow it to download the latest Avast engine detections.
  • If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

  • 0

#3
TomNeedsHelp

TomNeedsHelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Jintan,

Thanks for helping.

As requested:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-23 23:35:34
Windows 6.1.7601 Service Pack 1
Running: 9emj5hvs.exe


---- Files - GMER 1.0.15 ----

File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes

---- EOF - GMER 1.0.15 ----


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-23 23:38:19
-----------------------------
23:38:19.830 OS Version: Windows x64 6.1.7601 Service Pack 1
23:38:19.830 Number of processors: 2 586 0x603
23:38:19.830 ComputerName: BUNTING-LIVRM UserName: user
23:38:21.889 Initialize success
23:41:38.206 AVAST engine defs: 12062301
23:42:06.193 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
23:42:06.209 Disk 0 Vendor: Seagate_ CC38 Size: 152627MB BusType: 8
23:42:06.209 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000065
23:42:06.209 Disk 1 Vendor: AMD_____ 1.10 Size: 953674MB BusType: 8
23:42:06.225 Disk 0 MBR read successfully
23:42:06.225 Disk 0 MBR scan
23:42:06.240 Disk 0 Windows 7 default MBR code
23:42:06.240 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:42:06.256 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
23:42:06.271 Disk 0 scanning C:\Windows\system32\drivers
23:42:18.081 Service scanning
23:42:30.280 Service MSICDSetup D:\CDriver64.sys **LOCKED** 21
23:42:43.524 Modules scanning
23:42:43.540 Disk 0 trace - called modules:
23:42:43.555 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys
23:42:43.571 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004e4e700]
23:42:43.571 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\00000064[0xfffffa8004590060]
23:42:50.513 AVAST engine scan C:\Windows
23:42:52.635 AVAST engine scan C:\Windows\system32
23:46:18.493 AVAST engine scan C:\Windows\system32\drivers
23:46:33.157 AVAST engine scan C:\Users\user
23:52:07.621 AVAST engine scan C:\ProgramData
23:53:41.611 Scan finished successfully
10:42:01.353 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\Removal Files\MBR.dat"
10:42:01.353 The log file has been saved successfully to "C:\Users\user\Desktop\Removal Files\aswMBR.txt"


I apologise, but I will not always get "right away" to your requests, but I will get them before the 2 days.

Thanks again
  • 0

#4
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
No outright malware showing in these logs, though this is an unsual entry in aswMBR:

23:42:30.280 Service MSICDSetup D:\CDriver64.sys **LOCKED** 21

Some type of Internet downloading service (see here), related to a driver on a "D" drive. Is your D drive your CD player? I wonder if Comodo interfered with some action that left things incorrect?

Got to Start, right click Computer, left click manage. Locate and expand the Services and Applications listing, and click the Services listing. In that list, locate and double-click:

MSICDSetup

Post back what it's Startup type is, as well as if it is running or stopped please.
  • 1

#5
TomNeedsHelp

TomNeedsHelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
MSICD is not found in the Serives listing.

You have mentioned Comodo several times in a less than flattering way. Is there a problem w/ Comodo? I ask because the last time I had computer problems (different computer), the G2G tech that helprd was completely unimpressed w/ AVG Free and suggested Comodo as a much better alternative. Now, my son just got a new laptop as did my father in law. I have set up Comodo 2012 on my sons laptop, and was planning on doing the same with the in law comp. Is this not a good idea? If no, what would you recommend? The son is 21, knows everything, and would "never" do something that could harm his computer. The father in law is someone that will click on anything that says click here, and will probably click it several times because it did not instantly do something. Frankly, he actually scares me more, because he truly cannot distinguish bad sites, bad ideas, etc. If someone sends him something, it must be ok or else why would they have sent it. He will be attached to my home network, if I ever give him our password or explain to him how to plug in. Any ideas on how to lock down his computer like Fort Knox?

Thanks for any guidance,

Tom
  • 0

#6
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
My opinion of different security programs is truly just that - one person's opinion, among the millions of us that have them (billions). Comodo has a pretty fair history of some of their programs being very problematic, and I have always questioned their purpose for being in the security software business (their first entry was a firewall program that they just bought from another company - in fact, bought the company). As has AVG become lately (not ignoring the fact that both will try to sneak in a search hijacker toolbar, if allowed). If you would, assuming it is a free version, why not uninstall Comodo, reboot, then check for change. Please do not install any antivirus program until you do that checking, and post back here what you find.

The son is 21, knows everything, and would "never" do something that could harm his computer. The father in law is someone that will click on anything that says click here, and will probably click it several times because it did not instantly do something. Frankly, he actually scares me more, because he truly cannot distinguish bad sites, bad ideas, etc


The father-in-law should be on a limited user account, without admin privileges. If your son has his own computer, and just uses your Internet access, you should be okay there.
  • 0

#7
TomNeedsHelp

TomNeedsHelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Is the Windows Firewall and Virus Protection OK to use while I uninstall Comodo and check? Or should I disconnect while doing that?

Also, understanding that you are only giving opinions, is there a freeware security suite that you would recommend?

Tom
  • 0

#8
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts

Virus Protection OK


What do you mean by that, please? What program would do that, with Comodo uninstalled?

The best I might suggest is using any free antivirus that keeps a low profile, and doesn't interfere with system activities, an anti-malware program, and be knowledgeable about both and act on that. All the requests we get tend to have this or that antivirus program installed, and are all also infected, so I see no reason to have one of the old huge and intrusive dinosaurs that have become ingrained in folks thinking (or pre-installed on their new computer).

Please go ahead with the suggested steps regardless, and let's check after that.
  • 0

#9
TomNeedsHelp

TomNeedsHelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Sorry for the delay. I had to go out of town for a few days.

I will give this a try tomorrow.

Quote

Virus Protection OK


What do you mean by that, please? What program would do that, with Comodo uninstalled?

What I meant was is the MS Virus Protection and the MS Firewall good enough to use while I uninstall the Comodo? I understand that they are better in WIN7 than they were in previous Windows versions, but I never hear good things about them either.

I also get your point about all of the posts here (and in other malware forums) about infections, and everyone is using a different form of FW and Virus Protection, so I guess it is a crap shoot as far as what is best.

So, with that said, are there any that you would definitely NOT recommend?

Tom
  • 0

#10
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
MS Virus Protection - I assume you mean Microsoft Security Essentials. It has a plus in that it is fairly non-intrusive, expect when you do something for the first time (learning curve). Is it already installed then, and Comodo removed? Are the issues you first presented resolved, if you have done that change over?
  • 0

Advertisements


#11
TomNeedsHelp

TomNeedsHelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Have uninstalled the Comodo. I do not see much difference. I guess everything is working well.
  • 0

#12
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
:) I guess, and is, could be a far ways apart. What issues are you having there now, where I might help you with?
  • 0

#13
TomNeedsHelp

TomNeedsHelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
The only problem I am currently seeing is with Fire Fox. It has lately (within the last week) started being very slow to load pages, and every time I exit FF it pops up a crash report. Also, when I tried using FF to download Avira, it asked if I wanted to save or run like normal, when I clicked "Save", it crashed.
  • 0

#14
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Sorry, as you may already know the forum was offline to do some maintenance. Let's go ahead and run a more aggressive change-maker scan - I would like to see what it finds behind what we normally see.


Follow the steps here under To uninstall Internet Explorer, then uninstall IE9. It is a security mess/disaster, and removing it will just revert the system back to IE8. Go ahead a reboot after.


Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
  • 0

#15
TomNeedsHelp

TomNeedsHelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Jintan,

I am out of town this week, and will not be able to follow through with this until next Monday at the earliest. Please do not close this topic because of no response.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP