Can not remove Trojan

Jay Pfoutz · Nov 3, 2012

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Copy the code below in the quotebox, go back to OTL and paste it in the Custom Scans/Fixes box:

DRIVES
SHOWHIDDEN
msconfig
activex
drivers32
netsvcs
CreateRestorePoint
%systemroot%\system32\sysprep
c:\*.xpi /s /md5
%systemroot%\Downloaded Program Files\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%SYSTEMDRIVE%\*.exe /md5
"%WinDir%\$NtUninstallKB*$." /30
%systemdrive%\Program Files\Common Files\ComObjects\*.* /s
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\Installer\ /s
%systemroot%\system32\Cache\ /s
%systemroot%\system32\config\systemprofile\Application Data /s
%appdata%\*.*
/md5start
volsnap.sys
services.exe
userinit.exe
afd.sys
ipnathlp.dll
winlogon.exe
atapi.sys
explorer.exe
/md5stop

Click the Run Scan button. The scan will not take long.

When the scan completes, it usually opens two notepad windows. OTL.Txt (Displayed on screen) and Extras.Txt (minimized). These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of OTL.txt and paste it to your next reply. I will let you know if I need the Extras.txt.

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

Troyce Brooks · Nov 3, 2012

OTL logfile created on: 11/3/2012 2:18:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\RoseyB\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 42.72% Memory free
5.93 Gb Paging File | 3.85 Gb Available in Paging File | 64.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.84 Gb Total Space | 363.10 Gb Free Space | 79.65% Space Free | Partition Type: NTFS

Computer Name: ROSEYB-PC | User Name: RoseyB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/03 14:17:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RoseyB\Downloads\OTL.exe
PRC - [2012/10/27 12:30:42 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/12 16:21:00 | 002,710,488 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\NUA.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/06 10:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 08:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/03 21:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe
PRC - [2010/11/27 00:55:44 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/27 00:55:44 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/07/05 14:44:43 | 012,483,584 | ---- | M] (Postbox, Inc.) -- C:\Program Files (x86)\Postbox Express\postbox.exe
PRC - [2010/05/05 09:18:46 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
PRC - [2010/05/05 09:18:43 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
PRC - [2010/03/03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 19:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/10/15 02:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/01/08 06:36:42 | 002,521,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
PRC - [2007/08/02 21:08:00 | 000,095,504 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe

========== Modules (No Company Name) ==========

MOD - [2012/10/27 12:30:42 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/06/14 03:41:32 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:02:36 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e5eb29b9cce30679c7cd5436314fe44\PresentationFramework.ni.dll
MOD - [2012/06/14 03:02:06 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/14 03:01:56 | 012,237,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9f79e840d5317ef66a839e54eba19ad\PresentationCore.ni.dll
MOD - [2012/05/12 03:46:37 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/12 03:45:39 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll
MOD - [2012/05/12 03:39:08 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/12 03:38:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 03:38:22 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/12 03:38:19 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 03:38:16 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 03:38:16 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 03:38:11 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/12/01 22:15:25 | 006,276,768 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/18 08:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/03/21 17:30:20 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/07/05 14:44:45 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Postbox Express\nsldap32v60.dll
MOD - [2010/07/05 14:44:45 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Postbox Express\nsldappr32v60.dll
MOD - [2010/05/05 09:18:46 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
MOD - [2010/05/05 09:18:43 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
MOD - [2010/04/05 06:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epoemdll.dll
MOD - [2010/04/05 06:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epstring.dll
MOD - [2010/04/05 06:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epwizres.dll
MOD - [2010/04/05 06:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epwizard.dll
MOD - [2010/04/05 06:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\customui.dll
MOD - [2010/04/05 06:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epfunct.dll
MOD - [2010/04/05 06:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\eputil.dll
MOD - [2010/04/05 06:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\imagutil.dll
MOD - [2010/04/01 13:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadrs.dll
MOD - [2010/04/01 13:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll
MOD - [2009/10/15 02:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/04/07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\iptk.dll
MOD - [2009/03/10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll
MOD - [2009/03/02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaptp.dll
MOD - [2007/08/02 21:07:56 | 000,034,064 | ---- | M] () -- C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\DetMethod.dll

========== Services (SafeList) ==========

SRV:64bit: - [2010/04/14 15:45:36 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeacoms.exe -- (lxea_device)
SRV:64bit: - [2010/04/14 15:45:30 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/10/27 12:30:42 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/08/03 21:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe -- (N360)
SRV - [2010/12/22 09:21:09 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/11/27 00:55:44 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/04/14 15:45:30 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV - [2010/04/14 15:45:21 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeacoms.exe -- (lxea_device)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/26 21:21:33 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro36)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/21 19:53:36 | 000,451,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2011/08/21 19:53:35 | 000,221,304 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/08/03 21:19:26 | 000,593,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/07 18:38:15 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/02/11 20:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/28 22:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 19:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 19:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2009/10/14 20:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/26 05:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/10/05 11:23:26 | 001,385,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20121005.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/09/12 18:54:03 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20121102.021\ex64.sys -- (NAVEX15)
DRV - [2012/09/12 18:54:03 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20121102.021\eng64.sys -- (NAVENG)
DRV - [2012/09/06 04:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20121102.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/08 19:34:50 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/08 19:34:50 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A870719-27D7-46FC-8169-B3DFEEE8AA24}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{C059B9C8-031E-4FAA-B303-57DFDD0BC606}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebsearch.com/myweb...Ayfw&st=sb&n=77de608e&searchfor={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5E 68 F7 0C 7D 75 78 4B 84 C0 71 3A 40 E9 2C 2F [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis
IE - HKCU\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebsearch.com/myweb...Ayfw&st=sb&n=77de608e&searchfor={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.excite.com/"
FF - prefs.js..extensions.enabledAddons: {6847DFAE-037A-400c-A524-27F0A281B692}:2.2
FF - prefs.js..extensions.enabledAddons: ddaldjizbp@ddaldjizbp.org:2.5
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2010.9.0.6
FF - prefs.js..extensions.enabledItems: {6847DFAE-037A-400c-A524-27F0A281B692}:2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}:7.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?btnI=I'm Feeling Lucky&ie=UTF-8&oe=UTF-8&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/07/21 05:29:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2012/10/31 12:01:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 12:30:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/27 12:30:41 | 000,000,000 | ---D | M]

[2011/03/12 16:16:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RoseyB\AppData\Roaming\Mozilla\Extensions
[2011/03/12 16:16:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RoseyB\AppData\Roaming\Mozilla\Extensions\express@postbox-inc.com
[2012/10/29 11:21:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions
[2011/09/02 09:14:05 | 000,000,000 | ---D | M] (Toolbar - Big Fish Games) -- C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}
[1832/11/28 21:37:17 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\ddaldjizbp@ddaldjizbp.org.xpi
[2012/10/27 12:30:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/27 12:30:42 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/29 05:21:38 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/08/29 12:54:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/11 18:40:08 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/10/28 14:25:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Reg Error: Value error.) - {0CF7685E-757D-4B78-84C0-713A40E92C2f} - C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-032.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Toolbar - Big Fish Games) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Toolbar - Big Fish Games) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxeamon.exe] C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [NortonUpdateAgent] C:\ProgramData\Norton\NUA.exe (Symantec Corporation)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10y_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\RoseyB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinner.com/games/v41/hangman/hangman.cab (Hangman Control)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7490A99-8BD1-40F5-B707-37E22507E905}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Troyce Brooks · Nov 3, 2012

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Windows\SysWow64\ffdshow.ax ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/30 11:04:04 | 000,000,000 | ---D | C] -- C:\Users\RoseyB\Desktop\RK_Quarantine
[2012/10/29 14:43:18 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/28 19:38:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/28 14:27:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/28 13:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\bobipandkcjsylf
[2012/10/28 13:33:43 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/10/28 12:58:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/28 12:58:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/28 12:58:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/27 15:03:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/27 12:30:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/26 21:05:32 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/10/26 19:08:44 | 000,000,000 | ---D | C] -- C:\Users\RoseyB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery P.I. - The Curious Case of Counterfeit Cove
[2012/10/26 19:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery P.I. - The Curious Case of Counterfeit Cove
[2012/10/26 19:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mystery P.I. - The Curious Case of Counterfeit Cove
[2012/10/17 17:21:52 | 000,000,000 | ---D | C] -- C:\Users\RoseyB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gardenscapes
[2012/10/17 17:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gardenscapes
[2012/10/17 17:21:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gardenscapes
[2012/10/11 11:57:18 | 000,000,000 | ---D | C] -- C:\Users\RoseyB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Trackers - Four Aces Collector's Edition
[2012/10/11 11:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery Trackers - Four Aces Collector's Edition
[2012/10/11 11:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mystery Trackers - Four Aces Collector's Edition
[2012/10/10 18:35:17 | 000,000,000 | ---D | C] -- C:\Users\RoseyB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/10/10 18:31:40 | 000,000,000 | ---D | C] -- C:\Users\RoseyB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RealMYST
[2012/10/10 18:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealMYST
[2012/10/10 18:31:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealMYST
[2012/10/09 23:24:56 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/09 23:24:56 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/09 23:24:55 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/09 23:24:44 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/09 23:24:34 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/10/09 23:24:34 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/10/09 23:24:34 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/10/09 23:24:34 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/10/09 23:24:34 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/10/09 23:24:33 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/10/09 23:24:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/10/09 23:24:33 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/10/09 23:24:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/10/09 23:24:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/10/09 23:24:33 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/10/09 23:24:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/09 23:24:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/10/09 23:24:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/09 23:24:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/09 23:24:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/09 23:24:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/09 23:24:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/09 23:24:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/09 23:24:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/09 23:24:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/09 23:24:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/09 23:24:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/09 23:24:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/09 23:24:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/09 23:24:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/09 23:24:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/09 23:24:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/09 23:24:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/09 23:24:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/10/09 23:24:17 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/09 23:24:17 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

========== Files - Modified Within 30 Days ==========

[2012/11/02 21:51:53 | 000,198,871 | ---- | M] () -- C:\Users\RoseyB\Desktop\GetSystemInfo_ROSEYB-PC_RoseyB_2012_11_02_21_47_12.zip
[2012/11/01 16:48:12 | 000,001,940 | ---- | M] () -- C:\Users\RoseyB\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2012/11/01 06:28:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/31 21:37:08 | 000,002,120 | ---- | M] () -- C:\scu.dat
[2012/10/31 12:08:32 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/31 12:08:32 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/31 12:05:24 | 000,810,344 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/31 12:05:24 | 000,169,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/31 12:05:24 | 000,005,396 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/31 12:00:08 | 2388,381,696 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/28 14:25:31 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/10/28 14:08:14 | 460,364,497 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/10/28 13:53:24 | 004,989,309 | R--- | M] (Swearware) -- C:\Users\RoseyB\Documents\ComboFix.exe
[2012/10/28 13:36:13 | 000,097,640 | ---- | M] () -- C:\ProgramData\yeplmhpycrkhtgt
[2012/10/27 14:59:09 | 000,002,046 | ---- | M] () -- C:\Users\RoseyB\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/26 21:21:33 | 000,030,496 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/10/26 21:21:27 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/17 17:22:12 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\Play Gardenscapes.lnk

========== Files Created - No Company Name ==========

[2012/11/02 21:49:42 | 000,198,871 | ---- | C] () -- C:\Users\RoseyB\Desktop\GetSystemInfo_ROSEYB-PC_RoseyB_2012_11_02_21_47_12.zip
[2012/10/31 21:05:33 | 000,002,120 | ---- | C] () -- C:\scu.dat
[2012/10/28 13:33:55 | 000,097,640 | ---- | C] () -- C:\ProgramData\yeplmhpycrkhtgt
[2012/10/28 12:58:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/28 12:58:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/28 12:58:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/28 12:58:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/28 12:58:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/26 21:05:19 | 460,364,497 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/10/26 21:02:18 | 000,030,496 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/10/17 17:22:12 | 000,001,941 | ---- | C] () -- C:\Users\Public\Desktop\Play Gardenscapes.lnk
[2012/09/19 15:51:01 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeapmui.dll
[2012/09/19 15:51:01 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeainpa.dll
[2012/09/19 15:51:01 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeacomx.dll
[2012/09/19 15:51:01 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaiesc.dll
[2012/09/19 15:51:01 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEAinst.dll
[2012/09/19 15:51:01 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeainsb.dll
[2012/09/19 15:51:01 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxeainsr.dll
[2012/09/19 15:51:01 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeajswr.dll
[2012/09/19 15:51:01 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeacur.dll
[2012/09/19 15:51:00 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaserv.dll
[2012/09/19 15:51:00 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeausb1.dll
[2012/09/19 15:51:00 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomc.dll
[2012/09/19 15:51:00 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeahbn3.dll
[2012/09/19 15:51:00 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacoms.exe
[2012/09/19 15:51:00 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxealmpm.dll
[2012/09/19 15:51:00 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacfg.exe
[2012/09/19 15:51:00 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomm.dll
[2012/09/19 15:51:00 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaih.exe
[2012/09/19 15:51:00 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeains.dll
[2012/09/19 15:51:00 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeacu.dll
[2012/09/19 15:51:00 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeacub.dll
[2012/09/19 15:42:01 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEAsmr.dll
[2012/09/19 15:42:00 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEAsm.dll
[2012/09/10 08:01:05 | 000,000,112 | ---- | C] () -- C:\Windows\LocalPref.bin
[2011/12/11 11:06:34 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/09/13 19:20:01 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/09/13 19:20:01 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/09/06 15:26:29 | 000,003,584 | ---- | C] () -- C:\Users\RoseyB\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/02 09:13:45 | 000,000,059 | ---- | C] () -- C:\ProgramData\user.ini
[2011/05/18 16:40:17 | 000,001,940 | ---- | C] () -- C:\Users\RoseyB\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/10 16:27:59 | 000,743,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/23 18:12:25 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/23 18:12:25 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/12/22 10:57:15 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST3500418AS
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic- SD/MMC USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic- Compact Flash USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic- SM/xD Picture USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic- MS/MS-Pro USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 39.00MB
Starting Offset: 32256
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 10.00GB
Starting Offset: 41943040
Hidden sectors: 0

DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 456.00GB
Starting Offset: 10651435008
Hidden sectors: 0

[2011/03/07 16:43:38 | 000,000,000 | RH-D | M] -- C:\Users\RoseyB\AppData\Local\Microsoft\Windows\Burn\Burn
[2011/03/08 09:46:14 | 000,000,000 | -H-D | M] -- C:\Users\RoseyB\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics
[2011/03/08 09:46:14 | 000,000,000 | -H-D | M] -- C:\Users\RoseyB\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics\{89FE5CB3-11CB-489C-AC0D-0C0B6707E1F6}
[2011/03/07 18:41:08 | 000,000,000 | -H-D | M] -- C:\Users\RoseyB\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics\{A8977498-2FDF-42B7-A726-8D3B2A53CD2C}
[2011/03/07 17:13:53 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
[2012/11/02 21:50:16 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData

< %systemroot%\system32\sysprep >

< c:\*.xpi /s /md5 >
[1832/11/28 21:37:17 | 000,004,816 | ---- | M] () MD5=2212C157C90F17B204B579F3B2077B32 -- c:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\ddaldjizbp@ddaldjizbp.org.xpi

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %appdata%\*.* >

< MD5 for: AFD.SYS >
[2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/27 21:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2011/04/24 19:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009/07/13 16:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2011/12/27 21:01:12 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=CCA39961E76B491DDF44B1E90FC8971D -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
[2010/11/20 02:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/24 19:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/12/27 20:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
[2011/04/24 20:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011/04/24 19:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: EXPLORER.EXE >
[2010/12/22 11:05:51 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/12/22 11:06:07 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/12/22 11:05:51 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/12/22 11:05:57 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/12/22 11:06:07 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/12/22 11:05:57 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/12/22 11:06:07 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/12/22 11:05:57 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/12/22 11:06:07 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/12/22 11:05:51 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/12/22 11:05:57 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/12/22 11:05:51 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\SysNative\ipnathlp.dll
[2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\ipnathlp.dll

< MD5 for: SERVICES.EXE >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2010/11/20 06:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 06:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 06:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2009/07/13 18:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/12/22 11:06:07 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/12/22 11:06:07 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 254 bytes -> C:\ProgramData\TEMP:2B40A7DB
@Alternate Data Stream - 253 bytes -> C:\ProgramData\TEMP:E8AEB2BF
@Alternate Data Stream - 253 bytes -> C:\ProgramData\TEMP:A71DCB33
@Alternate Data Stream - 251 bytes -> C:\ProgramData\TEMP:6A9CA6CB
@Alternate Data Stream - 249 bytes -> C:\ProgramData\TEMP:2CB9631F
@Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:2E636DD9
@Alternate Data Stream - 246 bytes -> C:\ProgramData\TEMP:934CA750
@Alternate Data Stream - 244 bytes -> C:\ProgramData\TEMP:95D421DF
@Alternate Data Stream - 243 bytes -> C:\ProgramData\TEMP:5E73E1C2
@Alternate Data Stream - 243 bytes -> C:\ProgramData\TEMP:4C9782FB
@Alternate Data Stream - 243 bytes -> C:\ProgramData\TEMP:120B3AFD
@Alternate Data Stream - 242 bytes -> C:\ProgramData\TEMP:94A31742
@Alternate Data Stream - 242 bytes -> C:\ProgramData\TEMP:6DD124E2
@Alternate Data Stream - 241 bytes -> C:\ProgramData\TEMP:C6920A5D
@Alternate Data Stream - 241 bytes -> C:\ProgramData\TEMP:0E22C5DB
@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:12258D63
@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:084612C9
@Alternate Data Stream - 239 bytes -> C:\ProgramData\TEMP:93F3E4C9
@Alternate Data Stream - 239 bytes -> C:\ProgramData\TEMP:1A15E356
@Alternate Data Stream - 238 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 238 bytes -> C:\ProgramData\TEMP:5FC043A8
@Alternate Data Stream - 237 bytes -> C:\ProgramData\TEMP:70E897B5
@Alternate Data Stream - 237 bytes -> C:\ProgramData\TEMP:53B8C5D2
@Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:E732B44B
@Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:3D4B733E
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:FBA79096
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:58E38390
@Alternate Data Stream - 233 bytes -> C:\ProgramData\TEMP:1B96CF22
@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:A3B8F70C
@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:10CB85CA
@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:A9562832
@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:6294B369
@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:E6C6EB3B
@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:53BA2DF6
@Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:F89F2593
@Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:BEE39E9B
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:4EFA2FC7
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:25249477
@Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:FAB64002
@Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:4A448DB2
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:EC2381A4
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:BDCD8531
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:927EC486
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:55F44B88
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:FAFEC4B9
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:BCFEA004
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:E4EE99EF
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:AD2DB2F9
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:4911BB5C
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:ECFD9449
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:6F55EB66
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP31BE97C
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:CBAF0C30
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:6A0A47E7
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:EC3A9923
@Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:2F141B68
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:CB0EB1DE
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:A4AF8D0D
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:7A0EFE63
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:4DCAC4BC
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:14362DF8
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:A4F63AED
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:12F3508C
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:43301D1D
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:0AC32449
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:E51234A9
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:0ED4AC2F
@Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:FB97DB91
@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:462A7C89
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:88E3B9B6
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:5ACE199E
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:EFBD4447
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:E265ED33
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:2636DE16
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:CAE2C3A5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:0F64164E
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:3BC173E4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E2CFA9CD
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A384652A
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A3E39C6A

< End of report >

Troyce Brooks · Nov 3, 2012

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Windows\SysWow64\ffdshow.ax ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/30 11:04:04 | 000,000,000 | ---D | C] -- C:\Users\RoseyB\Desktop\RK_Quarantine
[2012/10/29 14:43:18 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/28 19:38:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/28 14:27:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/28 13:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\bobipandkcjsylf
[2012/10/28 13:33:43 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/10/28 12:58:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/28 12:58:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/28 12:58:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/27 15:03:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/27 12:30:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/26 21:05:32 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/10/26 19:08:44 | 000,000,000 | ---D | C] -- C:\Users\RoseyB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery P.I. - The Curious Case of Counterfeit Cove
[2012/10/26 19:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery P.I. - The Curious Case of Counterfeit Cove
[2012/10/26 19:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mystery P.I. - The Curious Case of Counterfeit Cove
[2012/10/17 17:21:52 | 000,000,000 | ---D | C] -- C:\Users\RoseyB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gardenscapes
[2012/10/17 17:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gardenscapes
[2012/10/17 17:21:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gardenscapes
[2012/10/11 11:57:18 | 000,000,000 | ---D | C] -- C:\Users\RoseyB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Trackers - Four Aces Collector's Edition
[2012/10/11 11:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery Trackers - Four Aces Collector's Edition
[2012/10/11 11:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mystery Trackers - Four Aces Collector's Edition
[2012/10/10 18:35:17 | 000,000,000 | ---D | C] -- C:\Users\RoseyB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/10/10 18:31:40 | 000,000,000 | ---D | C] -- C:\Users\RoseyB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RealMYST
[2012/10/10 18:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealMYST
[2012/10/10 18:31:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealMYST
[2012/10/09 23:24:56 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/09 23:24:56 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/09 23:24:55 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/09 23:24:44 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/09 23:24:34 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/10/09 23:24:34 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/10/09 23:24:34 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/10/09 23:24:34 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/10/09 23:24:34 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/10/09 23:24:33 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/10/09 23:24:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/10/09 23:24:33 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/10/09 23:24:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/10/09 23:24:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/10/09 23:24:33 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/10/09 23:24:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/09 23:24:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/10/09 23:24:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/09 23:24:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/09 23:24:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/09 23:24:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/09 23:24:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/09 23:24:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/09 23:24:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/09 23:24:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/09 23:24:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/09 23:24:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/09 23:24:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/09 23:24:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/09 23:24:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/09 23:24:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/09 23:24:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/09 23:24:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/09 23:24:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/09 23:24:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/09 23:24:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/10/09 23:24:17 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/09 23:24:17 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

========== Files - Modified Within 30 Days ==========

[2012/11/02 21:51:53 | 000,198,871 | ---- | M] () -- C:\Users\RoseyB\Desktop\GetSystemInfo_ROSEYB-PC_RoseyB_2012_11_02_21_47_12.zip
[2012/11/01 16:48:12 | 000,001,940 | ---- | M] () -- C:\Users\RoseyB\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2012/11/01 06:28:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/31 21:37:08 | 000,002,120 | ---- | M] () -- C:\scu.dat
[2012/10/31 12:08:32 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/31 12:08:32 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/31 12:05:24 | 000,810,344 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/31 12:05:24 | 000,169,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/31 12:05:24 | 000,005,396 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/31 12:00:08 | 2388,381,696 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/28 14:25:31 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/10/28 14:08:14 | 460,364,497 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/10/28 13:53:24 | 004,989,309 | R--- | M] (Swearware) -- C:\Users\RoseyB\Documents\ComboFix.exe
[2012/10/28 13:36:13 | 000,097,640 | ---- | M] () -- C:\ProgramData\yeplmhpycrkhtgt
[2012/10/27 14:59:09 | 000,002,046 | ---- | M] () -- C:\Users\RoseyB\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/26 21:21:33 | 000,030,496 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/10/26 21:21:27 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/17 17:22:12 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\Play Gardenscapes.lnk

========== Files Created - No Company Name ==========

[2012/11/02 21:49:42 | 000,198,871 | ---- | C] () -- C:\Users\RoseyB\Desktop\GetSystemInfo_ROSEYB-PC_RoseyB_2012_11_02_21_47_12.zip
[2012/10/31 21:05:33 | 000,002,120 | ---- | C] () -- C:\scu.dat
[2012/10/28 13:33:55 | 000,097,640 | ---- | C] () -- C:\ProgramData\yeplmhpycrkhtgt
[2012/10/28 12:58:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/28 12:58:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/28 12:58:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/28 12:58:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/28 12:58:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/26 21:05:19 | 460,364,497 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/10/26 21:02:18 | 000,030,496 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/10/17 17:22:12 | 000,001,941 | ---- | C] () -- C:\Users\Public\Desktop\Play Gardenscapes.lnk
[2012/09/19 15:51:01 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeapmui.dll
[2012/09/19 15:51:01 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeainpa.dll
[2012/09/19 15:51:01 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeacomx.dll
[2012/09/19 15:51:01 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaiesc.dll
[2012/09/19 15:51:01 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEAinst.dll
[2012/09/19 15:51:01 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeainsb.dll
[2012/09/19 15:51:01 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxeainsr.dll
[2012/09/19 15:51:01 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeajswr.dll
[2012/09/19 15:51:01 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeacur.dll
[2012/09/19 15:51:00 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaserv.dll
[2012/09/19 15:51:00 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeausb1.dll
[2012/09/19 15:51:00 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomc.dll
[2012/09/19 15:51:00 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeahbn3.dll
[2012/09/19 15:51:00 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacoms.exe
[2012/09/19 15:51:00 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxealmpm.dll
[2012/09/19 15:51:00 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacfg.exe
[2012/09/19 15:51:00 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomm.dll
[2012/09/19 15:51:00 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaih.exe
[2012/09/19 15:51:00 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeains.dll
[2012/09/19 15:51:00 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeacu.dll
[2012/09/19 15:51:00 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeacub.dll
[2012/09/19 15:42:01 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEAsmr.dll
[2012/09/19 15:42:00 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEAsm.dll
[2012/09/10 08:01:05 | 000,000,112 | ---- | C] () -- C:\Windows\LocalPref.bin
[2011/12/11 11:06:34 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/09/13 19:20:01 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/09/13 19:20:01 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/09/06 15:26:29 | 000,003,584 | ---- | C] () -- C:\Users\RoseyB\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/02 09:13:45 | 000,000,059 | ---- | C] () -- C:\ProgramData\user.ini
[2011/05/18 16:40:17 | 000,001,940 | ---- | C] () -- C:\Users\RoseyB\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/10 16:27:59 | 000,743,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/23 18:12:25 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/23 18:12:25 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/12/22 10:57:15 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST3500418AS
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic- SD/MMC USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic- Compact Flash USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic- SM/xD Picture USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic- MS/MS-Pro USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 39.00MB
Starting Offset: 32256
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 10.00GB
Starting Offset: 41943040
Hidden sectors: 0

DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 456.00GB
Starting Offset: 10651435008
Hidden sectors: 0

[2011/03/07 16:43:38 | 000,000,000 | RH-D | M] -- C:\Users\RoseyB\AppData\Local\Microsoft\Windows\Burn\Burn
[2011/03/08 09:46:14 | 000,000,000 | -H-D | M] -- C:\Users\RoseyB\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics
[2011/03/08 09:46:14 | 000,000,000 | -H-D | M] -- C:\Users\RoseyB\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics\{89FE5CB3-11CB-489C-AC0D-0C0B6707E1F6}
[2011/03/07 18:41:08 | 000,000,000 | -H-D | M] -- C:\Users\RoseyB\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics\{A8977498-2FDF-42B7-A726-8D3B2A53CD2C}
[2011/03/07 17:13:53 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
[2012/11/02 21:50:16 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData

< %systemroot%\system32\sysprep >

< c:\*.xpi /s /md5 >
[1832/11/28 21:37:17 | 000,004,816 | ---- | M] () MD5=2212C157C90F17B204B579F3B2077B32 -- c:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\ddaldjizbp@ddaldjizbp.org.xpi

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %appdata%\*.* >

< MD5 for: AFD.SYS >
[2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/27 21:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2011/04/24 19:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009/07/13 16:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2011/12/27 21:01:12 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=CCA39961E76B491DDF44B1E90FC8971D -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
[2010/11/20 02:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/24 19:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/12/27 20:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
[2011/04/24 20:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011/04/24 19:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: EXPLORER.EXE >
[2010/12/22 11:05:51 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/12/22 11:06:07 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/12/22 11:05:51 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/12/22 11:05:57 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/12/22 11:06:07 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/12/22 11:05:57 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/12/22 11:06:07 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/12/22 11:05:57 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/12/22 11:06:07 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/12/22 11:05:51 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/12/22 11:05:57 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/12/22 11:05:51 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\SysNative\ipnathlp.dll
[2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\ipnathlp.dll

< MD5 for: SERVICES.EXE >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2010/11/20 06:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 06:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 06:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2009/07/13 18:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/12/22 11:06:07 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/12/22 11:06:07 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 254 bytes -> C:\ProgramData\TEMP:2B40A7DB
@Alternate Data Stream - 253 bytes -> C:\ProgramData\TEMP:E8AEB2BF
@Alternate Data Stream - 253 bytes -> C:\ProgramData\TEMP:A71DCB33
@Alternate Data Stream - 251 bytes -> C:\ProgramData\TEMP:6A9CA6CB
@Alternate Data Stream - 249 bytes -> C:\ProgramData\TEMP:2CB9631F
@Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:2E636DD9
@Alternate Data Stream - 246 bytes -> C:\ProgramData\TEMP:934CA750
@Alternate Data Stream - 244 bytes -> C:\ProgramData\TEMP:95D421DF
@Alternate Data Stream - 243 bytes -> C:\ProgramData\TEMP:5E73E1C2
@Alternate Data Stream - 243 bytes -> C:\ProgramData\TEMP:4C9782FB
@Alternate Data Stream - 243 bytes -> C:\ProgramData\TEMP:120B3AFD
@Alternate Data Stream - 242 bytes -> C:\ProgramData\TEMP:94A31742
@Alternate Data Stream - 242 bytes -> C:\ProgramData\TEMP:6DD124E2
@Alternate Data Stream - 241 bytes -> C:\ProgramData\TEMP:C6920A5D
@Alternate Data Stream - 241 bytes -> C:\ProgramData\TEMP:0E22C5DB
@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:12258D63
@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:084612C9
@Alternate Data Stream - 239 bytes -> C:\ProgramData\TEMP:93F3E4C9
@Alternate Data Stream - 239 bytes -> C:\ProgramData\TEMP:1A15E356
@Alternate Data Stream - 238 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 238 bytes -> C:\ProgramData\TEMP:5FC043A8
@Alternate Data Stream - 237 bytes -> C:\ProgramData\TEMP:70E897B5
@Alternate Data Stream - 237 bytes -> C:\ProgramData\TEMP:53B8C5D2
@Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:E732B44B
@Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:3D4B733E
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:FBA79096
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:58E38390
@Alternate Data Stream - 233 bytes -> C:\ProgramData\TEMP:1B96CF22
@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:A3B8F70C
@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:10CB85CA
@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:A9562832
@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:6294B369
@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:E6C6EB3B
@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:53BA2DF6
@Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:F89F2593
@Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:BEE39E9B
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:4EFA2FC7
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:25249477
@Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:FAB64002
@Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:4A448DB2
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:EC2381A4
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:BDCD8531
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:927EC486
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:55F44B88
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:FAFEC4B9
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:BCFEA004
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:E4EE99EF
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:AD2DB2F9
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:4911BB5C
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:ECFD9449
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:6F55EB66
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP31BE97C
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:CBAF0C30
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:6A0A47E7
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:EC3A9923
@Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:2F141B68
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:CB0EB1DE
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:A4AF8D0D
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:7A0EFE63
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:4DCAC4BC
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:14362DF8
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:A4F63AED
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:12F3508C
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:43301D1D
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:0AC32449
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:E51234A9
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:0ED4AC2F
@Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:FB97DB91
@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:462A7C89
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:88E3B9B6
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:5ACE199E
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:EFBD4447
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:E265ED33
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:2636DE16
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:CAE2C3A5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:0F64164E
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:3BC173E4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E2CFA9CD
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A384652A
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A3E39C6A

< End of report >

Jay Pfoutz · Nov 4, 2012

OTL Fix

Please run OTL

Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

:OTL
IE - HKLM\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebsearch.com/myweb...Ayfw&st=sb&n=77de608e&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis
IE - HKCU\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebsearch.com/myweb...Ayfw&st=sb&n=77de608e&searchfor={searchTerms}
FF - prefs.js..extensions.enabledAddons: ddaldjizbp@ddaldjizbp.org:2.5
[1832/11/28 21:37:17 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\ddaldjizbp@ddaldjizbp.org.xpi
[2011/09/02 09:14:05 | 000,000,000 | ---D | M] (Toolbar - Big Fish Games) -- C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}
FF - prefs.js..extensions.enabledAddons: {6847DFAE-037A-400c-A524-27F0A281B692}:2.2
FF - prefs.js..extensions.enabledItems: {6847DFAE-037A-400c-A524-27F0A281B692}:2.2
O2 - BHO: (Reg Error: Value error.) - {0CF7685E-757D-4B78-84C0-713A40E92C2f} - C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-032.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Toolbar - Big Fish Games) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dll ()
O3 - HKLM\..\Toolbar: (Toolbar - Big Fish Games) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[2012/10/28 13:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\bobipandkcjsylf
[2012/11/01 16:48:12 | 000,001,940 | ---- | M] () -- C:\Users\RoseyB\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2012/10/28 13:36:13 | 000,097,640 | ---- | M] () -- C:\ProgramData\yeplmhpycrkhtgt
@Alternate Data Stream - 254 bytes -> C:\ProgramData\TEMP:2B40A7DB
@Alternate Data Stream - 253 bytes -> C:\ProgramData\TEMP:E8AEB2BF
@Alternate Data Stream - 253 bytes -> C:\ProgramData\TEMP:A71DCB33
@Alternate Data Stream - 251 bytes -> C:\ProgramData\TEMP:6A9CA6CB
@Alternate Data Stream - 249 bytes -> C:\ProgramData\TEMP:2CB9631F
@Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:2E636DD9
@Alternate Data Stream - 246 bytes -> C:\ProgramData\TEMP:934CA750
@Alternate Data Stream - 244 bytes -> C:\ProgramData\TEMP:95D421DF
@Alternate Data Stream - 243 bytes -> C:\ProgramData\TEMP:5E73E1C2
@Alternate Data Stream - 243 bytes -> C:\ProgramData\TEMP:4C9782FB
@Alternate Data Stream - 243 bytes -> C:\ProgramData\TEMP:120B3AFD
@Alternate Data Stream - 242 bytes -> C:\ProgramData\TEMP:94A31742
@Alternate Data Stream - 242 bytes -> C:\ProgramData\TEMP:6DD124E2
@Alternate Data Stream - 241 bytes -> C:\ProgramData\TEMP:C6920A5D
@Alternate Data Stream - 241 bytes -> C:\ProgramData\TEMP:0E22C5DB
@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:12258D63
@Alternate Data Stream - 240 bytes -> C:\ProgramData\TEMP:084612C9
@Alternate Data Stream - 239 bytes -> C:\ProgramData\TEMP:93F3E4C9
@Alternate Data Stream - 239 bytes -> C:\ProgramData\TEMP:1A15E356
@Alternate Data Stream - 238 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 238 bytes -> C:\ProgramData\TEMP:5FC043A8
@Alternate Data Stream - 237 bytes -> C:\ProgramData\TEMP:70E897B5
@Alternate Data Stream - 237 bytes -> C:\ProgramData\TEMP:53B8C5D2
@Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:E732B44B
@Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:3D4B733E
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:FBA79096
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:58E38390
@Alternate Data Stream - 233 bytes -> C:\ProgramData\TEMP:1B96CF22
@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:A3B8F70C
@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:10CB85CA
@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:A9562832
@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:6294B369
@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:E6C6EB3B
@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:53BA2DF6
@Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:F89F2593
@Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:BEE39E9B
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:4EFA2FC7
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:25249477
@Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:FAB64002
@Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:4A448DB2
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:EC2381A4
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:BDCD8531
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:927EC486
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:55F44B88
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:FAFEC4B9
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:BCFEA004
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:E4EE99EF
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:AD2DB2F9
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:4911BB5C
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:ECFD9449
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:6F55EB66
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP31BE97C
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:CBAF0C30
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:6A0A47E7
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:EC3A9923
@Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:2F141B68
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:CB0EB1DE
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:A4AF8D0D
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:7A0EFE63
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:4DCAC4BC
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:14362DF8
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:A4F63AED
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:12F3508C
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:43301D1D
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:0AC32449
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:E51234A9
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:0ED4AC2F
@Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:FB97DB91
@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:462A7C89
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:88E3B9B6
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:5ACE199E
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:EFBD4447
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:E265ED33
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:2636DE16
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:CAE2C3A5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:0F64164E
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:3BC173E4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E2CFA9CD
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A384652A
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A3E39C6A

:files
ipconfig /flushdns /c

:commands
[emptytemp]
[reboot]

Then click the Run Fix button at the top.

Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.

Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

Troyce Brooks · Nov 5, 2012

Here's the latest. Seems to have rebooted just fine. Thanks

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cca2e567-1987-4100-a3c6-5b4267084510}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cca2e567-1987-4100-a3c6-5b4267084510}\ not found.
Prefs.js: ddaldjizbp@ddaldjizbp.org:2.5 removed from extensions.enabledAddons
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\ddaldjizbp@ddaldjizbp.org.xpi moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\components folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\skin\whatsnew folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\skin\topgames\fg folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\skin\topgames\bg folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\skin\topgames folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\skin\options folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\skin\newgames\fg folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\skin\newgames\bg folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\skin\newgames folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\skin\lib\uwa folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\skin\lib\radio\images folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\skin\lib\radio\css folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\skin\lib\radio folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\skin\lib\panels\images folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\skin\lib\panels\default folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\skin\lib\panels\css folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\skin\lib\panels folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\skin\lib folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\skin\bigfishgames folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\skin folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\content\modules folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\content\lib folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\content\data\search folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\content\data\feeds folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\content\data folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome\content folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\chrome folder moved successfully.
C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692} folder moved successfully.
Prefs.js: {6847DFAE-037A-400c-A524-27F0A281B692}:2.2 removed from extensions.enabledAddons
Prefs.js: {6847DFAE-037A-400c-A524-27F0A281B692}:2.2 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CF7685E-757D-4B78-84C0-713A40E92C2f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CF7685E-757D-4B78-84C0-713A40E92C2f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7C9FC25-88B0-4682-9C9F-2608E9117647}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7C9FC25-88B0-4682-9C9F-2608E9117647}\ deleted successfully.
C:\Program Files (x86)\bfgbartb\BfgBarDx.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C7C9FC25-88B0-4682-9C9F-2608E9117647} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7C9FC25-88B0-4682-9C9F-2608E9117647}\ not found.
File C:\Program Files (x86)\bfgbartb\BfgBarDx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
C:\ProgramData\bobipandkcjsylf folder moved successfully.
C:\Users\RoseyB\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini moved successfully.
C:\ProgramData\yeplmhpycrkhtgt moved successfully.
ADS C:\ProgramData\TEMP:2B40A7DB deleted successfully.
ADS C:\ProgramData\TEMP:E8AEB2BF deleted successfully.
ADS C:\ProgramData\TEMP:A71DCB33 deleted successfully.
ADS C:\ProgramData\TEMP:6A9CA6CB deleted successfully.
ADS C:\ProgramData\TEMP:2CB9631F deleted successfully.
ADS C:\ProgramData\TEMP:2E636DD9 deleted successfully.
ADS C:\ProgramData\TEMP:934CA750 deleted successfully.
ADS C:\ProgramData\TEMP:95D421DF deleted successfully.
ADS C:\ProgramData\TEMP:5E73E1C2 deleted successfully.
ADS C:\ProgramData\TEMP:4C9782FB deleted successfully.
ADS C:\ProgramData\TEMP:120B3AFD deleted successfully.
ADS C:\ProgramData\TEMP:94A31742 deleted successfully.
ADS C:\ProgramData\TEMP:6DD124E2 deleted successfully.
ADS C:\ProgramData\TEMP:C6920A5D deleted successfully.
ADS C:\ProgramData\TEMP:0E22C5DB deleted successfully.
ADS C:\ProgramData\TEMP:12258D63 deleted successfully.
ADS C:\ProgramData\TEMP:084612C9 deleted successfully.
ADS C:\ProgramData\TEMP:93F3E4C9 deleted successfully.
ADS C:\ProgramData\TEMP:1A15E356 deleted successfully.
ADS C:\ProgramData\TEMP:8E5EA40F deleted successfully.
ADS C:\ProgramData\TEMP:5FC043A8 deleted successfully.
ADS C:\ProgramData\TEMP:70E897B5 deleted successfully.
ADS C:\ProgramData\TEMP:53B8C5D2 deleted successfully.
ADS C:\ProgramData\TEMP:E732B44B deleted successfully.
ADS C:\ProgramData\TEMP:3D4B733E deleted successfully.
ADS C:\ProgramData\TEMP:FBA79096 deleted successfully.
ADS C:\ProgramData\TEMP:58E38390 deleted successfully.
ADS C:\ProgramData\TEMP:1B96CF22 deleted successfully.
ADS C:\ProgramData\TEMP:A3B8F70C deleted successfully.
ADS C:\ProgramData\TEMP:10CB85CA deleted successfully.
ADS C:\ProgramData\TEMP:A9562832 deleted successfully.
ADS C:\ProgramData\TEMP:6294B369 deleted successfully.
ADS C:\ProgramData\TEMP:E6C6EB3B deleted successfully.
ADS C:\ProgramData\TEMP:53BA2DF6 deleted successfully.
ADS C:\ProgramData\TEMP:F89F2593 deleted successfully.
ADS C:\ProgramData\TEMP:BEE39E9B deleted successfully.
ADS C:\ProgramData\TEMP:2AE74FF9 deleted successfully.
ADS C:\ProgramData\TEMP:4EFA2FC7 deleted successfully.
ADS C:\ProgramData\TEMP:25249477 deleted successfully.
ADS C:\ProgramData\TEMP:FAB64002 deleted successfully.
ADS C:\ProgramData\TEMP:4A448DB2 deleted successfully.
ADS C:\ProgramData\TEMP:EC2381A4 deleted successfully.
ADS C:\ProgramData\TEMP:BDCD8531 deleted successfully.
ADS C:\ProgramData\TEMP:C22674B6 deleted successfully.
ADS C:\ProgramData\TEMP:927EC486 deleted successfully.
ADS C:\ProgramData\TEMP:55F44B88 deleted successfully.
ADS C:\ProgramData\TEMP:206470A5 deleted successfully.
ADS C:\ProgramData\TEMP:FAFEC4B9 deleted successfully.
ADS C:\ProgramData\TEMP:BCFEA004 deleted successfully.
ADS C:\ProgramData\TEMP:E4EE99EF deleted successfully.
ADS C:\ProgramData\TEMP:AD2DB2F9 deleted successfully.
ADS C:\ProgramData\TEMP:4911BB5C deleted successfully.
ADS C:\ProgramData\TEMP:ECFD9449 deleted successfully.
ADS C:\ProgramData\TEMP:6F55EB66 deleted successfully.
ADS C:\ProgramData\TEMP31BE97C deleted successfully.
ADS C:\ProgramData\TEMP:F84B8DB5 deleted successfully.
ADS C:\ProgramData\TEMP:CBAF0C30 deleted successfully.
ADS C:\ProgramData\TEMP:6A0A47E7 deleted successfully.
ADS C:\ProgramData\TEMP:EC3A9923 deleted successfully.
ADS C:\ProgramData\TEMP:2F141B68 deleted successfully.
ADS C:\ProgramData\TEMP:CB0EB1DE deleted successfully.
ADS C:\ProgramData\TEMP:A4AF8D0D deleted successfully.
ADS C:\ProgramData\TEMP:7A0EFE63 deleted successfully.
ADS C:\ProgramData\TEMP:4DCAC4BC deleted successfully.
ADS C:\ProgramData\TEMP:14362DF8 deleted successfully.
ADS C:\ProgramData\TEMP:A4F63AED deleted successfully.
ADS C:\ProgramData\TEMP:12F3508C deleted successfully.
ADS C:\ProgramData\TEMP:43301D1D deleted successfully.
ADS C:\ProgramData\TEMP:0AC32449 deleted successfully.
ADS C:\ProgramData\TEMP:E51234A9 deleted successfully.
ADS C:\ProgramData\TEMP:0ED4AC2F deleted successfully.
ADS C:\ProgramData\TEMP:260575F1 deleted successfully.
ADS C:\ProgramData\TEMP:FB97DB91 deleted successfully.
ADS C:\ProgramData\TEMP:462A7C89 deleted successfully.
ADS C:\ProgramData\TEMP:88E3B9B6 deleted successfully.
ADS C:\ProgramData\TEMP:5ACE199E deleted successfully.
ADS C:\ProgramData\TEMP:EFBD4447 deleted successfully.
ADS C:\ProgramData\TEMP:E265ED33 deleted successfully.
ADS C:\ProgramData\TEMP:2636DE16 deleted successfully.
ADS C:\ProgramData\TEMP:CAE2C3A5 deleted successfully.
ADS C:\ProgramData\TEMP:0F64164E deleted successfully.
ADS C:\ProgramData\TEMP:3BC173E4 deleted successfully.
ADS C:\ProgramData\TEMP:E2CFA9CD deleted successfully.
ADS C:\ProgramData\TEMP:A384652A deleted successfully.
ADS C:\ProgramData\TEMP:A3E39C6A deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\RoseyB\Downloads\cmd.bat deleted successfully.
C:\Users\RoseyB\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: RoseyB
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2441618 bytes
->Java cache emptied: 582740981 bytes
->FireFox cache emptied: 267640314 bytes
->Flash cache emptied: 112043 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66784 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 122151 bytes

Total Files Cleaned = 814.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11042012_211903

Files\Folders moved on Reboot...
File\Folder C:\Users\RoseyB\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Jay Pfoutz · Nov 5, 2012

Good. Please do the following again...

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use

Click Start

When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.

Click Start or wait for the scanner to load.

Make sure that the options Remove found threats and the option Scan unwanted applications are checked.

Click Scan (This scan can take several hours, so please be patient)

Once the scan is completed, there are a couple of things to keep in mind:

1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.

2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.

Open the logfile from wherever you saved it

Copy and paste the contents in your next reply.

Troyce Brooks · Nov 7, 2012

Here is the EST file

C:\Users\RoseyB\AppData\Local\Temp\0.7678232558540422 Win32/Olmarik.AYD trojan cleaned by deleting - quarantined

Jay Pfoutz · Nov 7, 2012

Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

Go to Control Panel and select System and Maintenance

Select System

On the left select Advance System Settings and accept the warning if you get one

Select System Protection Tab

Select Create at the bottom

Type in a name I.e. Clean

Select Create

Now we can purge the infected ones

Go back to the System and Maintenance page

Select Performance Information and Tools

On the left select Open Disk Cleanup

Select Files from all users and accept the warning if you get one

In the drop down box select your main drive I.e. C

For a few moments the system will make some calculations:

Select the More Options tab

In the System Restore and Shadow Backups select Clean up

Select Delete on the pop up

Select OK

Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.

Double click OTC.exe.

Click the CleanUp! button.

If you are prompted to Reboot during the cleanup, select Yes.

The tool will delete itself once it finishes.

Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

NOTE: If you already have this installed, you don't have to reinstall it.

Please download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

Double-click the CCleaner shortcut on the desktop to start the program.

A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.

On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.

Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.

Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Troyce Brooks · Nov 9, 2012

Here we go. Computer certainly seems to be running faster, mine seems quite slow compared to this one.

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Security Suite
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Treasure Seekers: Follow the Ghosts
Malwarebytes Anti-Malware version 1.65.1.1000
Java(TM) 7
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (16.0.2)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

Jay Pfoutz · Nov 10, 2012

Java Update!

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

Read more about Java exploit problems

Adobe Flash Player Update!

Please download the newest version of Adobe Flash Player from Adobe.com

Before installing: it is important to remove older versions of Flash Player since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Flash Player. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

Adobe Reader Update!

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Any other questions before I mark this topic solved?

Jay Pfoutz · Nov 15, 2012

Topic marked solved.

TechSpot

Welcome to TechSpot

Can not remove Trojan

Jay Pfoutz Malware Helper Posts: 4,286 +49

Troyce Brooks Newcomer, in training Posts: 20

Troyce Brooks Newcomer, in training Posts: 20

Troyce Brooks Newcomer, in training Posts: 20

Jay Pfoutz Malware Helper Posts: 4,286 +49

Troyce Brooks Newcomer, in training Posts: 20

Jay Pfoutz Malware Helper Posts: 4,286 +49

Troyce Brooks Newcomer, in training Posts: 20

Jay Pfoutz Malware Helper Posts: 4,286 +49

Troyce Brooks Newcomer, in training Posts: 20

Jay Pfoutz Malware Helper Posts: 4,286 +49

Jay Pfoutz Malware Helper Posts: 4,286 +49

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.