TechSpot

Computer reboots too fast to run any scans - Vista Home Premium x64

Solved
By crains
Jul 9, 2012
  1. mse reported win64/sirefef.y and .b... now it will not stay up long enough to run any scans (windows has encountered a critical problem and will restart automatically in one minute. please save your work now.) because it reboots in aprox 2 minutes. it does this in all safe modes as well.

    if I try to do an f8 "repair your computer" the machine simply boots to normal os.

    if I boot to a vista home premium x64 dvd, the repair option is not offered (it goes strait from the keyboard option to partition options to install)
     
  2. crains

    crains TS Rookie Topic Starter Posts: 18

    what is wrong with this request? no one is even looking at it!!
     
  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.

    This is busy board. We would appreciate your patience, as we do this work for free and have non-internet lives to attend to.

    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Farbar Recovery Scan Tool

    Download Farbar Recovery Scan Tool and save it to a flash drive.

    Please make sure to download the 64-bit version.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button.
    • type exit and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
     
  4. crains

    crains TS Rookie Topic Starter Posts: 18

    hello dmjay - thank you for taking the time to help all of us floundering in the sea of malware...

    as I tried to make clear in the opening paragraph the f8 "repair your computer"... the machine simply boots to normal os.

    I do not get system recovery options when I boot to a vista home premium 64 dvd... although just for s&g I tried the 32 bit vista home premium version and did get the recovery console, but of course then it informed me I was using the wrong version disk to attempt this task...
     
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    We are going to be using a Windows Recovery Environment to help disinfect the system.

    Download the OTLPE Standard REATOGO Windows Recovery Environment.
    • Place a blank CD-R disc in to your CD burning drive.
    • Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
    • Reboot your system using the boot CD you just created.

      Note : If you do not know how to set your computer to boot from CD follow the steps here
    • Your system should now display a REATOGO-X-PE desktop.
    • Double-click on the OTLPE icon.
    • When asked "Do you wish to load the remote registry", select Yes
    • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
    • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start. Change the following settings
      • Change Drivers to Non-Microsoft
      • Press Run Scan to start the scan.
      • When finished, the file will be saved in drive C:\_OTL\MovedFiles
      • Copy this file to your USB drive if you do not have internet connection on this system
      • Please post the contents of the OTL.txt file in your reply.
     
  6. crains

    crains TS Rookie Topic Starter Posts: 18

    ok... thank you... I booted to otlpe and opened the the otlpe app... the first option is "browse for folder - choose windows directory"... I chose "os (c)" clicked ok and it comes back with target is not windows 2000 or later..
     
  7. crains

    crains TS Rookie Topic Starter Posts: 18

    took boot disk out and rebooted just to make sure vista was still there... booted to vista...
     
  8. crains

    crains TS Rookie Topic Starter Posts: 18

    am back in oltpe now...
     
  9. crains

    crains TS Rookie Topic Starter Posts: 18

    changed dir to c:\windows... yes... ok... version 3.1.48.0... driver options are none, use safelist, all... changed to none... clicked run scan...

    here is the report:

    OTL logfile created on: 7/10/2012 12:46:46 PM - Run
    OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
    64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
    Internet Explorer (Version = 8.0.6001.19272)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
    3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 298.09 Gb Total Space | 203.56 Gb Free Space | 68.29% Space Free | Partition Type: NTFS
    Drive D: | 14.91 Gb Total Space | 2.99 Gb Free Space | 20.05% Space Free | Partition Type: FAT32
    Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
    Using ControlSet: ControlSet002

    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
    SRV:64bit: - [2011/06/13 22:21:14 | 000,343,856 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
    SRV:64bit: - [2011/05/24 23:18:38 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2007/06/29 09:11:36 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Disabled] -- C:\Windows\System32\drivers\XAudio64.exe -- (XAudioService)
    SRV:64bit: - [2006/11/02 07:16:05 | 000,046,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\rundll32.exe -- (yksvc)
    SRV - [2012/06/24 06:21:35 | 000,113,120 | ---- | M] (Mozilla Foundation) [Disabled] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/06/23 14:31:53 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/02/10 00:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Disabled] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/02/09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Disabled] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/20 19:05:18 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2009/04/10 23:28:18 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/05/05 18:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [Disabled] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0711&m=lx6200-01


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Carol_P_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
    IE - HKU\Carol_P_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\Carol_P_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/default.aspx
    IE - HKU\Carol_P_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\Carol_P_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
    IE - HKU\Carol_P_ON_C\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - Reg Error: Key error. File not found
    IE - HKU\Carol_P_ON_C\..\URLSearchHook: {b843a48a-b70f-45cd-a15a-6c2b30c2c11e} - Reg Error: Key error. File not found
    IE - HKU\Carol_P_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0





    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://my.msn.com/"
    FF - prefs.js..network.proxy.type: 0

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_3_300_262.dll ()
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Carol P\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Carol P\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/28 18:54:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/06/24 07:02:32 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/24 06:21:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/24 06:21:38 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2011/09/20 21:22:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carol P\AppData\Roaming\Mozilla\Extensions
    [2012/06/24 07:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carol P\AppData\Roaming\Mozilla\Firefox\Profiles\lr6saxe1.default\extensions
    [2012/05/25 07:21:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Carol P\AppData\Roaming\Mozilla\Firefox\Profiles\lr6saxe1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2012/05/10 04:18:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/05/10 04:18:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
    [2012/05/10 04:18:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    File not found (No name found) --
    () (No name found) -- C:\USERS\CAROL P\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LR6SAXE1.DEFAULT\EXTENSIONS\{AFE43E80-0ABC-4DF2-81A0-3FE44B74ABE8}.XPI
    () (No name found) -- C:\USERS\CAROL P\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LR6SAXE1.DEFAULT\EXTENSIONS\XPIRFTOOLBAR@ROBOFORM.COM.XPI
    [2011/07/16 02:42:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2012/06/24 06:21:37 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/06/24 06:21:30 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/06/24 06:21:30 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Gamers Unite! Snag Bar BHO) - {26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll ()
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (Gamers Unite! Snag Bar) - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll ()
    O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\Carol_P_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\Carol_P_ON_C\..\Toolbar\WebBrowser: (Gamers Unite! Snag Bar) - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll ()
    O3:64bit: - HKU\Carol_P_ON_C\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O3 - HKU\Carol_P_ON_C\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKU\Carol_P_ON_C\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Trigger New Acer AlaunchX] C:\ACER\Preload\Command\AlaunchX\AppInRun.exe (Acer Inc.)
    O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\UpdatusUser_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8:64bit: - Extra context menu item: Identities Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
    O8:64bit: - Extra context menu item: Passcards Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
    O8:64bit: - Extra context menu item: Reset Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html ()
    O8:64bit: - Extra context menu item: RoboForm Options - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
    O8:64bit: - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
    O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8 - Extra context menu item: Identities Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
    O8 - Extra context menu item: Passcards Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
    O8 - Extra context menu item: Reset Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html ()
    O8 - Extra context menu item: RoboForm Options - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
    O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
    O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: &Sync RoboForm - {320AF880-6646-11D3-ABEE-C5DBF3571F4D} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Sync RoboForm Data - {320AF880-6646-11D3-ABEE-C5DBF3571F4D} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
    O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra Button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
    O9 - Extra 'Tools' menuitem : RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
    O9 - Extra Button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O9 - Extra 'Tools' menuitem : Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O9 - Extra Button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
    O9 - Extra 'Tools' menuitem : RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
    O9 - Extra Button: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html ()
    O9 - Extra 'Tools' menuitem : Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html ()
    O9 - Extra Button: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
    O9 - Extra 'Tools' menuitem : Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
    O9 - Extra Button: Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComLogoff.html ()
    O9 - Extra 'Tools' menuitem : Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComLogoff.html ()
    O9 - Extra Button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
    O9 - Extra 'Tools' menuitem : Passcards Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
    O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O13:64bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
    O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.0)
    O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.0)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper:
    O24 - Desktop BackupWallPaper:
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2012/01/30 11:39:44 | 000,000,706 | ---- | M] () - D:\autorun.inf -- [ FAT32 ]
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O33 - MountPoints2\{4c3abaec-ad12-11e0-bd35-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{4c3abaec-ad12-11e0-bd35-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
    O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe
    O33 - MountPoints2\J\Shell\phone\command - "" = J:\autorun.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
    64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 7 Days ==========

    [2012/07/09 14:28:26 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2012/07/09 13:26:10 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT
    [2012/07/09 11:09:38 | 004,574,937 | R--- | C] (Swearware) -- C:\Users\Carol P\Desktop\ComboFix.exe
    [2012/07/08 20:37:34 | 000,000,000 | ---D | C] -- C:\Users\Carol P\Desktop\new rkill
    [2012/07/08 20:03:16 | 001,096,176 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA64.sys
    [2012/07/08 20:03:15 | 000,453,896 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS64.sys
    [2012/07/08 20:03:13 | 000,426,616 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore64.sys
    [2012/07/08 20:03:10 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD64.sys
    [2012/07/08 20:03:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
    [2012/07/08 20:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
    [2012/07/08 20:02:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2012/07/08 20:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2012/07/08 20:02:30 | 000,000,000 | ---D | C] -- C:\Users\Carol P\AppData\Roaming\TestApp
    [2012/07/08 20:00:14 | 000,000,000 | ---D | C] -- C:\Users\Carol P\Desktop\new fix
    [2012/07/08 19:40:11 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.63496115D08FAD5D
    [2012/07/08 19:26:27 | 000,000,000 | ---D | C] -- C:\Users\Carol P\AppData\Roaming\DriverCure
    [2012/07/08 19:26:26 | 000,000,000 | ---D | C] -- C:\Users\Carol P\AppData\Roaming\SpeedyPC Software
    [2012/07/08 19:26:17 | 000,000,000 | ---D | C] -- C:\Users\Carol P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
    [2012/07/08 19:26:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
    [2012/07/08 19:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
    [2012/07/08 19:26:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
    [2012/07/08 19:25:43 | 000,000,000 | ---D | C] -- C:\Users\Carol P\Desktop\win64-sirfef.y b
    [2012/07/08 15:53:15 | 000,000,000 | ---D | C] -- C:\Users\Carol P\Desktop\RKill
    [2012/07/08 15:43:58 | 000,000,000 | ---D | C] -- C:\Users\Carol P\AppData\Roaming\SUPERAntiSpyware.com
    [2012/07/08 15:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012/07/08 15:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2012/07/08 15:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/07/08 15:26:55 | 000,000,000 | ---D | C] -- C:\Users\Carol P\Desktop\TDSSKiller
    [2012/07/08 15:04:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/08 15:04:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/08 15:04:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/08 14:57:19 | 000,000,000 | ---D | C] -- C:\Users\Carol P\Desktop\new malware remove
    [2012/07/08 14:53:32 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/08 14:50:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/07 15:39:55 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.52C74B45B7E23DDE
    [2012/07/07 14:52:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/07/07 14:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/07/07 14:47:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2012/07/07 04:00:13 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2012/07/07 04:00:13 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2012/07/07 03:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2012/07/05 20:51:02 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
    [2010/02/04 00:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 7 Days ==========

    [2012/07/10 09:47:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/10 09:47:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/10 09:47:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/09 18:42:09 | 000,384,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
    [2012/07/09 14:31:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/09 13:27:03 | 000,001,887 | ---- | M] () -- C:\Windows\diagwrn.xml
    [2012/07/09 13:27:03 | 000,001,887 | ---- | M] () -- C:\Windows\diagerr.xml
    [2012/07/09 13:19:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-418972822-4011934444-250511128-1000UA.job
    [2012/07/09 10:16:18 | 004,574,937 | R--- | M] (Swearware) -- C:\Users\Carol P\Desktop\ComboFix.exe
    [2012/07/08 21:01:00 | 000,000,260 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
    [2012/07/08 19:42:03 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
    [2012/07/08 19:42:03 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
    [2012/07/08 19:42:03 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
    [2012/07/08 19:40:11 | 000,384,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.63496115D08FAD5D
    [2012/07/08 19:39:55 | 000,001,032 | ---- | M] () -- C:\Users\Carol P\Desktop\SpeedyPC Pro.lnk
    [2012/07/08 15:43:48 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/07/08 15:43:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012/07/08 14:45:58 | 000,605,866 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/07/08 14:45:58 | 000,104,836 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/07/07 17:50:36 | 000,000,905 | ---- | M] () -- C:\Users\Carol P\Desktop\magicJack.lnk
    [2012/07/07 15:39:55 | 000,384,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.52C74B45B7E23DDE
    [2012/07/07 15:22:44 | 000,001,828 | ---- | M] () -- C:\Users\Carol P\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Security Essentials.lnk
    [2012/07/07 14:52:42 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/07/07 14:52:31 | 000,001,828 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/07/07 14:52:25 | 000,722,496 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/07/06 20:19:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-418972822-4011934444-250511128-1000Core.job
    [2012/07/05 22:09:08 | 000,047,204 | ---- | M] () -- C:\Users\Carol P\Desktop\Family Educational.pdf
    [2012/07/05 22:08:02 | 000,029,230 | ---- | M] () -- C:\Users\Carol P\Desktop\FERPA Primer The Basics and Beyond.odt
    [2012/07/05 05:32:06 | 000,000,016 | ---- | M] () -- C:\Windows\popcinfo.dat
    [2012/07/04 19:31:10 | 000,586,275 | ---- | M] () -- C:\Users\Carol P\Desktop\Changing Dynamics in State Oversight of For-Profit Colleges.pdf
    [2012/07/04 18:36:52 | 000,404,864 | ---- | M] () -- C:\Users\Carol P\Desktop\SUMMARY OF COMPLIANCE-2011V2 CAN.pdf
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/09 13:19:44 | 000,001,887 | ---- | C] () -- C:\Windows\diagwrn.xml
    [2012/07/09 13:19:44 | 000,001,887 | ---- | C] () -- C:\Windows\diagerr.xml
    [2012/07/08 19:26:30 | 000,000,496 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
    [2012/07/08 19:26:17 | 000,001,032 | ---- | C] () -- C:\Users\Carol P\Desktop\SpeedyPC Pro.lnk
    [2012/07/08 19:26:14 | 000,000,468 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
    [2012/07/08 19:26:13 | 000,000,424 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
    [2012/07/08 15:43:48 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/07/08 15:04:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/08 15:04:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/08 15:04:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/08 15:04:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/08 15:04:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/07 15:22:44 | 000,001,828 | ---- | C] () -- C:\Users\Carol P\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Security Essentials.lnk
    [2012/07/07 14:52:30 | 000,001,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/07/05 22:09:08 | 000,047,204 | ---- | C] () -- C:\Users\Carol P\Desktop\Family Educational.pdf
    [2012/07/05 22:07:59 | 000,029,230 | ---- | C] () -- C:\Users\Carol P\Desktop\FERPA Primer The Basics and Beyond.odt
    [2012/07/04 19:31:10 | 000,586,275 | ---- | C] () -- C:\Users\Carol P\Desktop\Changing Dynamics in State Oversight of For-Profit Colleges.pdf
    [2012/07/04 18:36:52 | 000,404,864 | ---- | C] () -- C:\Users\Carol P\Desktop\SUMMARY OF COMPLIANCE-2011V2 CAN.pdf
    [2012/04/28 08:51:08 | 000,004,096 | -H-- | C] () -- C:\Users\Carol P\AppData\Local\keyfile3.drm
    [2012/03/26 18:44:10 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2012/03/23 22:48:30 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
    [2012/03/17 06:13:14 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
    [2012/03/17 06:13:14 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
    [2012/03/17 06:13:13 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
    [2012/03/17 06:13:13 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
    [2012/03/17 06:13:13 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
    [2012/03/17 06:13:13 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
    [2012/03/17 06:13:13 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
    [2012/03/17 06:13:13 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
    [2012/03/17 06:13:13 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
    [2012/03/17 06:13:13 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
    [2012/03/17 06:13:13 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
    [2012/03/17 06:13:13 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
    [2012/03/17 06:13:13 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
    [2012/03/17 06:13:13 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
    [2012/03/17 06:13:13 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
    [2012/03/17 06:13:13 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
    [2012/03/17 06:11:18 | 000,000,079 | ---- | C] () -- C:\Windows\EPWF600.ini
    [2012/02/09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2011/07/30 02:17:48 | 000,007,168 | ---- | C] () -- C:\Users\Carol P\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/07/29 22:27:58 | 000,000,815 | ---- | C] () -- C:\Windows\wininit.ini
    [2011/07/19 14:22:34 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2011/07/19 14:21:51 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2011/07/19 14:20:41 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
    [2011/07/15 17:18:19 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
    [2011/07/13 05:09:38 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
    [2011/07/13 01:58:11 | 000,000,680 | ---- | C] () -- C:\Users\Carol P\AppData\Local\d3d9caps.dat
    [2011/07/13 01:36:42 | 000,722,496 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/07/12 23:04:25 | 000,000,732 | ---- | C] () -- C:\Users\Carol P\AppData\Local\d3d9caps64.dat
    [2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
    [2011/04/27 11:21:38 | 003,268,096 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
    [2011/04/27 00:08:34 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2010/03/15 05:31:48 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2008/08/21 01:52:02 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
    [2008/08/21 01:40:53 | 000,581,120 | ---- | C] () -- C:\Windows\mHotkey.exe
    [2008/08/21 01:40:53 | 000,294,912 | ---- | C] () -- C:\Windows\PIC.dll
    [2008/08/21 01:40:53 | 000,036,864 | ---- | C] () -- C:\Windows\LchDrvKey.exe
    [2008/08/21 01:40:53 | 000,000,870 | ---- | C] () -- C:\Windows\mhotkey_reg.ini
    [2008/08/21 01:33:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
    [2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 11:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
    [2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

    ========== LOP Check ==========

    [2012/07/08 19:26:27 | 000,000,000 | ---D | M] -- C:\Users\Carol P\AppData\Roaming\DriverCure
    [2012/03/23 22:33:01 | 000,000,000 | ---D | M] -- C:\Users\Carol P\AppData\Roaming\Epson
    [2011/12/29 09:03:46 | 000,000,000 | ---D | M] -- C:\Users\Carol P\AppData\Roaming\FlixsterCollections
    [2012/01/28 11:26:41 | 000,000,000 | ---D | M] -- C:\Users\Carol P\AppData\Roaming\Foxit Software
    [2011/10/10 07:52:45 | 000,000,000 | ---D | M] -- C:\Users\Carol P\AppData\Roaming\GiftBoxPlus
    [2012/07/07 03:19:03 | 000,000,000 | ---D | M] -- C:\Users\Carol P\AppData\Roaming\GoodSync
    [2011/08/06 16:28:43 | 000,000,000 | ---D | M] -- C:\Users\Carol P\AppData\Roaming\LaunchPad
    [2012/03/23 15:35:05 | 000,000,000 | ---D | M] -- C:\Users\Carol P\AppData\Roaming\Leadertech
    [2012/03/25 08:05:57 | 000,000,000 | ---D | M] -- C:\Users\Carol P\AppData\Roaming\LibreOffice
    [2012/07/07 17:50:39 | 000,000,000 | ---D | M] -- C:\Users\Carol P\AppData\Roaming\mjusbsp
    [2011/08/10 10:12:20 | 000,000,000 | ---D | M] -- C:\Users\Carol P\AppData\Roaming\RoboForm
    [2012/07/08 19:26:26 | 000,000,000 | ---D | M] -- C:\Users\Carol P\AppData\Roaming\SpeedyPC Software
    [2012/07/08 20:02:30 | 000,000,000 | ---D | M] -- C:\Users\Carol P\AppData\Roaming\TestApp
    [2011/07/30 02:34:04 | 000,000,000 | ---D | M] -- C:\Users\Carol P\AppData\Roaming\VistaCodecs
    [2012/03/08 08:34:05 | 000,000,000 | ---D | M] -- C:\Users\Carol P\AppData\Roaming\Windows Live Writer
    [2011/07/13 02:45:26 | 000,000,000 | ---D | M] -- C:\ProgramData\AMD
    [2011/07/12 23:05:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data
    [2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
    [2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
    [2012/03/23 21:39:10 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON
    [2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
    [2011/08/12 10:26:36 | 000,000,000 | ---D | M] -- C:\ProgramData\GoodSync
    [2011/07/13 00:51:53 | 000,000,000 | ---D | M] -- C:\ProgramData\magicJack
    [2011/07/13 10:06:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Napster
    [2011/07/12 23:38:56 | 000,000,000 | ---D | M] -- C:\ProgramData\RoboForm
    [2012/07/08 19:26:12 | 000,000,000 | ---D | M] -- C:\ProgramData\SpeedyPC Software
    [2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
    [2011/08/17 14:14:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer
    [2012/07/08 20:28:57 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
    [2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
    [2012/03/29 08:27:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Viper
    [2012/05/08 18:04:40 | 000,000,000 | ---D | M] -- C:\ProgramData\VistaCodecs
    [2008/08/21 01:55:57 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
    [2011/10/25 05:08:37 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
    [2008/08/21 02:09:28 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    [2012/05/08 05:16:28 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\GoodSync - RoboForm Online.job
    [2012/07/10 09:47:41 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/07/08 19:42:03 | 000,000,424 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Pro.job
    [2012/07/08 19:42:03 | 000,000,496 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Registration3.job
    [2012/07/08 19:42:03 | 000,000,468 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job
    [2012/06/30 14:59:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\TuneUpMedic_scan_schedule_task_0b376ef0-5ff1-4233-ac54-6209f2b73b3e.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    < End of report >
     
  10. crains

    crains TS Rookie Topic Starter Posts: 18

    if I used the wrong options; here are the ones offered since your some of your directions don't match them:

    (button)
    services: none, use safelist, all
    drivers: none, use safelist, all
    standard registry: none, use safelist, all
    extra registry: none, use safelist, all
    (dropdown)
    file age: 1, 14,30, 60, 90, 100, 360 days
    (check mark)
    use company-name whitelist
    skip microsoft files
    use no-company-name whitelist
    (button)
    files created within: none, file age, all
    (button)
    files modified within: none, file age, all
    (checkmark)
    LOP Check
    Purity Check
     
  11. crains

    crains TS Rookie Topic Starter Posts: 18

    dmjay - this is my sister-in-laws computer that we are working on and I am corresponding with you on my win 7 next to it... she is in a nursing program and has already missed a major test... I must have this to her this evening... PLEASE respond asap to let me know what to do next or let me know that you are too busy to help so that I may take other measures... thanks

    I will be dedicated to real time correspondence the rest of the afternoon if you are willing
     
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello

    For OTLPE, this is the fix to do:

    • Copy the commands below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      :OTL
      IE - HKU\Carol_P_ON_C\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - Reg Error: Key error. File not found
      IE - HKU\Carol_P_ON_C\..\URLSearchHook: {b843a48a-b70f-45cd-a15a-6c2b30c2c11e} - Reg Error: Key error. File not found
      () (No name found) -- C:\USERS\CAROL P\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LR6SAXE1.DEFAULT\EXTENSIONS\{AFE43E80-0ABC-4DF2-81A0-3FE44B74ABE8}.XPI
      O2 - BHO: (Gamers Unite! Snag Bar BHO) - {26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll ()
      O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (Gamers Unite! Snag Bar) - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll ()
      O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKU\Carol_P_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O3 - HKU\Carol_P_ON_C\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O4 - HKLM..\Run: [] File not found
      O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
      O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
      O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.0)
      O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
      O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.0)
      [2012/07/08 19:40:11 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.63496115D08FAD5D
      [2012/07/07 15:39:55 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.52C74B45B7E23DDE

      :commands
      [emptytemp]

    • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
    • Click the Run Fix button.
    • A fix log in Notepad will appear. Save that to a flash drive so you can post it in your next reply.
    • Keep OTLPE open, copy and paste the following in the Custom Scans/Fixes box:
      Then, press Run Scan. A log will launch eventually, please post that in your next reply. (Save that to a flash drive so you can post it in your next reply.)
    • Close OTL
     
  13. crains

    crains TS Rookie Topic Starter Posts: 18

    fix log:

    ========== OTL ==========
    Registry key HKEY_USERS\Carol_P_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ not found.
    Registry key HKEY_USERS\Carol_P_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b843a48a-b70f-45cd-a15a-6c2b30c2c11e}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26A7CA19-7D58-411D-B2DA-F1B0324CBFFC}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26A7CA19-7D58-411D-B2DA-F1B0324CBFFC}\ deleted successfully.
    C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{25515A79-C1C7-4B97-97F8-31A711694487} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25515A79-C1C7-4B97-97F8-31A711694487}\ deleted successfully.
    File C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
    Registry key HKEY_USERS\Carol_P_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry key HKEY_USERS\Carol_P_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_USERS\Carol_P_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_USERS\UpdatusUser_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_USERS\Carol_P_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_USERS\UpdatusUser_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_USERS\Carol_P_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_USERS\UpdatusUser_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_USERS\Carol_P_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_USERS\UpdatusUser_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_USERS\Carol_P_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_USERS\UpdatusUser_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_USERS\Carol_P_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_USERS\UpdatusUser_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\Carol_P_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\UpdatusUser_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\Carol_P_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\UpdatusUser_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\Carol_P_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\UpdatusUser_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\Carol_P_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\UpdatusUser_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\Carol_P_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\UpdatusUser_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\Carol_P_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_USERS\UpdatusUser_ON_C\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Item C:\Windows\SysWow64\services.exe is whitelisted and cannot be moved.
    Item C:\Windows\SysWow64\services.exe is whitelisted and cannot be moved.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData

    User: Carol P
    ->Temp folder emptied: 66001293 bytes
    ->Temporary Internet Files folder emptied: 1398392 bytes
    ->FireFox cache emptied: 51028917 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 57006 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56478 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56475 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 239382566 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 54949805 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 636 bytes

    Total Files Cleaned = 394.00 mb


    OTLPE by OldTimer - Version 3.1.48.0 log created on 07102012_173313
     
  14. crains

    crains TS Rookie Topic Starter Posts: 18

    scan still running... will post when finished...
     
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Now, just waiting on the full scan with the Custom Scans included.*

    *Edit: Gotcha!
     
  16. crains

    crains TS Rookie Topic Starter Posts: 18

    scan timed out - rebooted and here it is:

    OTL logfile created on: 7/10/2012 7:04:35 PM - Run
    OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
    64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
    Internet Explorer (Version = 8.0.6001.19272)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
    3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 298.09 Gb Total Space | 203.95 Gb Free Space | 68.42% Space Free | Partition Type: NTFS
    Drive H: | 14.91 Gb Total Space | 2.99 Gb Free Space | 20.05% Space Free | Partition Type: FAT32
    Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet002

    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
    SRV:64bit: - [2011/06/13 22:21:14 | 000,343,856 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
    SRV:64bit: - [2011/05/24 23:18:38 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2007/06/29 09:11:36 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Disabled] -- C:\Windows\System32\drivers\XAudio64.exe -- (XAudioService)
    SRV:64bit: - [2006/11/02 07:16:05 | 000,046,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\rundll32.exe -- (yksvc)
    SRV - [2012/06/24 06:21:35 | 000,113,120 | ---- | M] (Mozilla Foundation) [Disabled] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/06/23 14:31:53 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/02/10 00:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Disabled] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/02/09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Disabled] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/20 19:05:18 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2009/04/10 23:28:18 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/05/05 18:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [Disabled] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/01/17 08:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\System32\drivers\amdiox64.sys -- (amdiox64)
    DRV:64bit: - [2008/08/12 20:13:23 | 000,181,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
    DRV:64bit: - [2008/08/05 04:03:00 | 000,392,192 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\Windows\System32\drivers\yk60x64.sys -- (yukonx64)
    DRV:64bit: - [2008/07/22 10:58:24 | 004,647,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2008/06/04 02:06:54 | 000,204,288 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RTS5121.sys -- (RSUSBSTOR)
    DRV:64bit: - [2008/04/27 21:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
    DRV:64bit: - [2007/06/29 09:11:24 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio64.sys -- (XAudio)
    DRV:64bit: - [2007/06/20 04:32:58 | 001,478,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CAX_DPV.sys -- (HSF_DPV)
    DRV:64bit: - [2007/06/20 04:30:22 | 000,409,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CAXHWBS2.sys -- (CAXHWBS2)
    DRV:64bit: - [2007/06/20 04:29:14 | 000,740,352 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CAX_CNXT.sys -- (winachsf)
    DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0711&m=lx6200-01


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Carol_P_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
    IE - HKU\Carol_P_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\Carol_P_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/default.aspx
    IE - HKU\Carol_P_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\Carol_P_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
    IE - HKU\Carol_P_ON_C\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - Reg Error: Key error. File not found
    IE - HKU\Carol_P_ON_C\..\URLSearchHook: {b843a48a-b70f-45cd-a15a-6c2b30c2c11e} - Reg Error: Key error. File not found
    IE - HKU\Carol_P_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
  17. crains

    crains TS Rookie Topic Starter Posts: 18

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://my.msn.com/"
    FF - prefs.js..network.proxy.type: 0

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_3_300_262.dll ()
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
    FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Carol P\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Carol P\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/28 18:54:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/06/24 07:02:32 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/24 06:21:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/24 06:21:38 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2011/09/20 21:22:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carol P\AppData\Roaming\Mozilla\Extensions
    [2012/06/24 07:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carol P\AppData\Roaming\Mozilla\Firefox\Profiles\lr6saxe1.default\extensions
    [2012/05/25 07:21:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Carol P\AppData\Roaming\Mozilla\Firefox\Profiles\lr6saxe1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2012/05/10 04:18:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/05/10 04:18:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
    [2012/05/10 04:18:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    File not found (No name found) --
    () (No name found) -- C:\USERS\CAROL P\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LR6SAXE1.DEFAULT\EXTENSIONS\{AFE43E80-0ABC-4DF2-81A0-3FE44B74ABE8}.XPI
    () (No name found) -- C:\USERS\CAROL P\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LR6SAXE1.DEFAULT\EXTENSIONS\XPIRFTOOLBAR@ROBOFORM.COM.XPI
    [2011/07/16 02:42:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2012/06/24 06:21:37 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/06/24 06:21:30 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/06/24 06:21:30 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Gamers Unite! Snag Bar BHO) - {26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} - File not found
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (Gamers Unite! Snag Bar) - {25515A79-C1C7-4B97-97F8-31A711694487} - File not found
    O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
    O3 - HKU\Carol_P_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\Carol_P_ON_C\..\Toolbar\WebBrowser: (Gamers Unite! Snag Bar) - {25515A79-C1C7-4B97-97F8-31A711694487} - File not found
    O3:64bit: - HKU\Carol_P_ON_C\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O3 - HKU\Carol_P_ON_C\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKU\Carol_P_ON_C\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Trigger New Acer AlaunchX] C:\ACER\Preload\Command\AlaunchX\AppInRun.exe (Acer Inc.)
    O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\UpdatusUser_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8:64bit: - Extra context menu item: Identities Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
    O8:64bit: - Extra context menu item: Passcards Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
    O8:64bit: - Extra context menu item: Reset Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html ()
    O8:64bit: - Extra context menu item: RoboForm Options - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
    O8:64bit: - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
    O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8 - Extra context menu item: Identities Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
    O8 - Extra context menu item: Passcards Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
    O8 - Extra context menu item: Reset Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html ()
    O8 - Extra context menu item: RoboForm Options - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
    O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
    O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: &Sync RoboForm - {320AF880-6646-11D3-ABEE-C5DBF3571F4D} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Sync RoboForm Data - {320AF880-6646-11D3-ABEE-C5DBF3571F4D} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
    O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra Button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
    O9 - Extra 'Tools' menuitem : RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
    O9 - Extra Button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O9 - Extra 'Tools' menuitem : Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O9 - Extra Button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
    O9 - Extra 'Tools' menuitem : RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
    O9 - Extra Button: Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html ()
    O9 - Extra 'Tools' menuitem : Reset Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F53} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComResetFields.html ()
    O9 - Extra Button: Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
    O9 - Extra 'Tools' menuitem : Clear Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F54} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
    O9 - Extra Button: Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComLogoff.html ()
    O9 - Extra 'Tools' menuitem : Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComLogoff.html ()
    O9 - Extra Button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
    O9 - Extra 'Tools' menuitem : Passcards Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
    O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O13:64bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
    O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.0)
    O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.0)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper:
    O24 - Desktop BackupWallPaper:
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2012/01/30 11:39:44 | 000,000,706 | ---- | M] () - H:\autorun.inf -- [ FAT32 ]
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O33 - MountPoints2\{4c3abaec-ad12-11e0-bd35-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{4c3abaec-ad12-11e0-bd35-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
    O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe
    O33 - MountPoints2\J\Shell\phone\command - "" = J:\autorun.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
    64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/10 17:33:13 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/07/09 14:28:26 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2012/07/09 13:26:10 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT
    [2012/07/09 11:09:38 | 004,574,937 | R--- | C] (Swearware) -- C:\Users\Carol P\Desktop\ComboFix.exe
    [2012/07/08 20:37:34 | 000,000,000 | ---D | C] -- C:\Users\Carol P\Desktop\new rkill
    [2012/07/08 20:03:16 | 001,096,176 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA64.sys
    [2012/07/08 20:03:15 | 000,453,896 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS64.sys
    [2012/07/08 20:03:13 | 000,426,616 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore64.sys
    [2012/07/08 20:03:10 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD64.sys
    [2012/07/08 20:03:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
    [2012/07/08 20:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
    [2012/07/08 20:02:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2012/07/08 20:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2012/07/08 20:02:30 | 000,000,000 | ---D | C] -- C:\Users\Carol P\AppData\Roaming\TestApp
    [2012/07/08 20:00:14 | 000,000,000 | ---D | C] -- C:\Users\Carol P\Desktop\new fix
    [2012/07/08 19:40:11 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.63496115D08FAD5D
    [2012/07/08 19:26:27 | 000,000,000 | ---D | C] -- C:\Users\Carol P\AppData\Roaming\DriverCure
    [2012/07/08 19:26:26 | 000,000,000 | ---D | C] -- C:\Users\Carol P\AppData\Roaming\SpeedyPC Software
    [2012/07/08 19:26:17 | 000,000,000 | ---D | C] -- C:\Users\Carol P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
    [2012/07/08 19:26:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
    [2012/07/08 19:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
    [2012/07/08 19:26:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
    [2012/07/08 19:25:43 | 000,000,000 | ---D | C] -- C:\Users\Carol P\Desktop\win64-sirfef.y b
    [2012/07/08 15:53:15 | 000,000,000 | ---D | C] -- C:\Users\Carol P\Desktop\RKill
    [2012/07/08 15:43:58 | 000,000,000 | ---D | C] -- C:\Users\Carol P\AppData\Roaming\SUPERAntiSpyware.com
    [2012/07/08 15:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012/07/08 15:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2012/07/08 15:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/07/08 15:26:55 | 000,000,000 | ---D | C] -- C:\Users\Carol P\Desktop\TDSSKiller
    [2012/07/08 15:04:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/08 15:04:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/08 15:04:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/08 14:57:19 | 000,000,000 | ---D | C] -- C:\Users\Carol P\Desktop\new malware remove
    [2012/07/08 14:53:32 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/08 14:50:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/07 15:39:55 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe.52C74B45B7E23DDE
    [2012/07/07 14:52:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/07/07 14:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/07/07 14:47:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2012/07/07 04:00:13 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2012/07/07 04:00:13 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2012/07/07 03:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2012/07/05 20:51:02 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
    [2012/06/29 17:29:37 | 000,000,000 | ---D | C] -- C:\Users\Carol P\Desktop\Term2 Syllabi
    [2012/06/29 10:34:12 | 000,000,000 | ---D | C] -- C:\Users\Carol P\AppData\Local\{A4DA9060-3C9C-4D6D-91AD-E95C46A1D738}
    [2012/06/26 06:48:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
    [2012/06/24 07:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AI RoboForm
    [2012/06/21 02:48:14 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
    [2012/06/21 02:48:14 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
    [2012/06/21 02:48:13 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
    [2012/06/21 02:47:51 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
    [2012/06/21 02:47:50 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
    [2012/06/21 02:47:50 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
    [2012/06/21 02:47:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
    [2012/06/12 18:41:54 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/06/12 18:41:51 | 000,742,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2012/06/12 18:41:50 | 000,629,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
    [2012/06/12 18:41:48 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
    [2012/06/12 18:41:47 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
    [2012/06/12 18:41:47 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
    [2012/06/12 18:41:47 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/06/12 18:41:46 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2012/06/12 18:41:46 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2012/06/12 18:41:45 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2012/06/12 18:41:45 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
    [2012/06/12 18:41:44 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2012/06/12 18:41:44 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/06/12 18:41:44 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
    [2012/06/12 18:41:44 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2012/06/12 18:41:43 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
    [2012/06/12 18:41:43 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2012/06/12 18:41:42 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
    [2012/06/12 18:41:42 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
    [2012/06/12 18:41:42 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/06/12 18:41:42 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2012/06/12 18:41:42 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2012/06/12 18:41:42 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2012/06/12 18:41:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2012/06/12 18:41:42 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2012/06/12 18:41:42 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
    [2012/06/12 18:41:41 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
    [2012/06/12 18:41:41 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2012/06/12 18:41:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
    [2012/06/12 18:41:41 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    [2012/06/12 18:41:32 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll
    [2012/06/12 18:41:31 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptnet.dll
    [2012/06/12 18:12:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
    [2012/06/12 18:12:35 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
    [2012/06/12 18:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2012/06/12 18:08:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
    [2012/06/12 18:07:30 | 000,000,000 | RH-D | C] -- C:\MSOCache
    [2012/06/12 16:27:34 | 000,000,000 | ---D | C] -- C:\Users\Carol P\AppData\Local\MicrosoftStore
    [2010/02/04 00:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll
     
  18. crains

    crains TS Rookie Topic Starter Posts: 18

    ========== Files - Modified Within 30 Days ==========

    [2012/07/10 09:47:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/10 09:47:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/10 09:47:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/09 18:42:09 | 000,384,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
    [2012/07/09 14:31:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/09 13:27:03 | 000,001,887 | ---- | M] () -- C:\Windows\diagwrn.xml
    [2012/07/09 13:27:03 | 000,001,887 | ---- | M] () -- C:\Windows\diagerr.xml
    [2012/07/09 13:19:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-418972822-4011934444-250511128-1000UA.job
    [2012/07/09 10:16:18 | 004,574,937 | R--- | M] (Swearware) -- C:\Users\Carol P\Desktop\ComboFix.exe
    [2012/07/08 21:01:00 | 000,000,260 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
    [2012/07/08 19:42:03 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
    [2012/07/08 19:42:03 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
    [2012/07/08 19:42:03 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
    [2012/07/08 19:40:11 | 000,384,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.63496115D08FAD5D
    [2012/07/08 19:39:55 | 000,001,032 | ---- | M] () -- C:\Users\Carol P\Desktop\SpeedyPC Pro.lnk
    [2012/07/08 15:43:48 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/07/08 15:43:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012/07/08 14:45:58 | 000,605,866 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/07/08 14:45:58 | 000,104,836 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/07/07 17:50:36 | 000,000,905 | ---- | M] () -- C:\Users\Carol P\Desktop\magicJack.lnk
    [2012/07/07 15:39:55 | 000,384,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe.52C74B45B7E23DDE
    [2012/07/07 15:22:44 | 000,001,828 | ---- | M] () -- C:\Users\Carol P\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Security Essentials.lnk
    [2012/07/07 14:52:42 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/07/07 14:52:31 | 000,001,828 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/07/07 14:52:25 | 000,722,496 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/07/06 20:19:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-418972822-4011934444-250511128-1000Core.job
    [2012/07/05 22:09:08 | 000,047,204 | ---- | M] () -- C:\Users\Carol P\Desktop\Family Educational.pdf
    [2012/07/05 22:08:02 | 000,029,230 | ---- | M] () -- C:\Users\Carol P\Desktop\FERPA Primer The Basics and Beyond.odt
    [2012/07/05 05:32:06 | 000,000,016 | ---- | M] () -- C:\Windows\popcinfo.dat
    [2012/07/04 19:31:10 | 000,586,275 | ---- | M] () -- C:\Users\Carol P\Desktop\Changing Dynamics in State Oversight of For-Profit Colleges.pdf
    [2012/07/04 18:36:52 | 000,404,864 | ---- | M] () -- C:\Users\Carol P\Desktop\SUMMARY OF COMPLIANCE-2011V2 CAN.pdf
    [2012/07/03 00:21:57 | 000,002,054 | ---- | M] () -- C:\Users\Carol P\Desktop\Google Chrome.lnk
    [2012/07/03 00:21:57 | 000,002,016 | ---- | M] () -- C:\Users\Carol P\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/06/30 14:59:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\TuneUpMedic_scan_schedule_task_0b376ef0-5ff1-4233-ac54-6209f2b73b3e.job
    [2012/06/27 04:17:25 | 000,001,774 | ---- | M] () -- C:\Users\Public\Desktop\Rainlendar2.lnk
    [2012/06/26 08:22:30 | 010,328,618 | ---- | M] () -- C:\Users\Carol P\Desktop\PN ADULT MEDICAL SURGICAL NURSING.pdf
    [2012/06/26 05:28:55 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/06/24 07:02:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AI RoboForm
    [2012/06/23 14:31:52 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2012/06/23 14:31:51 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/06/18 14:50:37 | 000,011,464 | ---- | M] () -- C:\Users\Carol P\Documents\Foreclosure.odt
    [2012/06/13 04:44:05 | 000,011,081 | ---- | M] () -- C:\Users\Carol P\Documents\Cver Page proj.5.odt
    [2012/06/13 04:16:37 | 000,384,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/06/13 00:45:14 | 000,013,762 | ---- | M] () -- C:\Users\Carol P\Documents\Follow-up letter final.odt
    [2012/06/13 00:22:09 | 000,012,473 | ---- | M] () -- C:\Users\Carol P\Documents\Carol Prew 1234 Bartholf Ave.odt
    [2012/06/12 18:27:10 | 000,001,135 | ---- | M] () -- C:\Users\Carol P\Desktop\Microsoft Office - Shortcut.lnk
    [2012/06/12 18:13:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

    ========== Files Created - No Company Name ==========

    [2012/07/09 13:19:44 | 000,001,887 | ---- | C] () -- C:\Windows\diagwrn.xml
    [2012/07/09 13:19:44 | 000,001,887 | ---- | C] () -- C:\Windows\diagerr.xml
    [2012/07/08 19:26:30 | 000,000,496 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
    [2012/07/08 19:26:17 | 000,001,032 | ---- | C] () -- C:\Users\Carol P\Desktop\SpeedyPC Pro.lnk
    [2012/07/08 19:26:14 | 000,000,468 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
    [2012/07/08 19:26:13 | 000,000,424 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
    [2012/07/08 15:43:48 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/07/08 15:04:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/08 15:04:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/08 15:04:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/08 15:04:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/08 15:04:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/07 15:22:44 | 000,001,828 | ---- | C] () -- C:\Users\Carol P\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Security Essentials.lnk
    [2012/07/07 14:52:30 | 000,001,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/07/05 22:09:08 | 000,047,204 | ---- | C] () -- C:\Users\Carol P\Desktop\Family Educational.pdf
    [2012/07/05 22:07:59 | 000,029,230 | ---- | C] () -- C:\Users\Carol P\Desktop\FERPA Primer The Basics and Beyond.odt
    [2012/07/04 19:31:10 | 000,586,275 | ---- | C] () -- C:\Users\Carol P\Desktop\Changing Dynamics in State Oversight of For-Profit Colleges.pdf
    [2012/07/04 18:36:52 | 000,404,864 | ---- | C] () -- C:\Users\Carol P\Desktop\SUMMARY OF COMPLIANCE-2011V2 CAN.pdf
    [2012/06/26 08:22:30 | 010,328,618 | ---- | C] () -- C:\Users\Carol P\Desktop\PN ADULT MEDICAL SURGICAL NURSING.pdf
    [2012/06/18 14:50:35 | 000,011,464 | ---- | C] () -- C:\Users\Carol P\Documents\Foreclosure.odt
    [2012/06/13 04:44:02 | 000,011,081 | ---- | C] () -- C:\Users\Carol P\Documents\Cver Page proj.5.odt
    [2012/06/13 00:21:57 | 000,012,473 | ---- | C] () -- C:\Users\Carol P\Documents\Carol Prew 1234 Bartholf Ave.odt
    [2012/06/12 23:14:13 | 000,013,762 | ---- | C] () -- C:\Users\Carol P\Documents\Follow-up letter final.odt
    [2012/06/12 18:27:10 | 000,001,135 | ---- | C] () -- C:\Users\Carol P\Desktop\Microsoft Office - Shortcut.lnk
    [2012/04/28 08:51:08 | 000,004,096 | -H-- | C] () -- C:\Users\Carol P\AppData\Local\keyfile3.drm
    [2012/03/26 18:44:10 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2012/03/23 22:48:30 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
    [2012/03/17 06:13:14 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
    [2012/03/17 06:13:14 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
    [2012/03/17 06:13:13 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
    [2012/03/17 06:13:13 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
    [2012/03/17 06:13:13 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
    [2012/03/17 06:13:13 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
    [2012/03/17 06:13:13 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
    [2012/03/17 06:13:13 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
    [2012/03/17 06:13:13 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
    [2012/03/17 06:13:13 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
    [2012/03/17 06:13:13 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
    [2012/03/17 06:13:13 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
    [2012/03/17 06:13:13 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
    [2012/03/17 06:13:13 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
    [2012/03/17 06:13:13 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
    [2012/03/17 06:13:13 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
    [2012/03/17 06:11:18 | 000,000,079 | ---- | C] () -- C:\Windows\EPWF600.ini
    [2012/02/09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2011/07/30 02:17:48 | 000,007,168 | ---- | C] () -- C:\Users\Carol P\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/07/29 22:27:58 | 000,000,815 | ---- | C] () -- C:\Windows\wininit.ini
    [2011/07/19 14:22:34 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2011/07/19 14:21:51 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2011/07/19 14:20:41 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
    [2011/07/15 17:18:19 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
    [2011/07/13 05:09:38 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
    [2011/07/13 01:58:11 | 000,000,680 | ---- | C] () -- C:\Users\Carol P\AppData\Local\d3d9caps.dat
    [2011/07/13 01:36:42 | 000,722,496 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/07/12 23:04:25 | 000,000,732 | ---- | C] () -- C:\Users\Carol P\AppData\Local\d3d9caps64.dat
    [2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
    [2011/04/27 11:21:38 | 003,268,096 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
    [2011/04/27 00:08:34 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2010/03/15 05:31:48 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2008/08/21 01:52:02 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
    [2008/08/21 01:40:53 | 000,581,120 | ---- | C] () -- C:\Windows\mHotkey.exe
    [2008/08/21 01:40:53 | 000,294,912 | ---- | C] () -- C:\Windows\PIC.dll
    [2008/08/21 01:40:53 | 000,036,864 | ---- | C] () -- C:\Windows\LchDrvKey.exe
    [2008/08/21 01:40:53 | 000,000,870 | ---- | C] () -- C:\Windows\mhotkey_reg.ini
    [2008/08/21 01:33:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
    [2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 11:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
    [2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

    ========== LOP Check ==========

    [2012/07/08 19:26:27 | 000,000,000 | ---D | M] -- C:\Users\Carol P\AppData\Roaming\DriverCure
    [2012/03/23 22:33:01 | 000,000,000 | ---D | M] -- C:\Users\Carol P\AppData\Roaming\Epson
    [2011/12/29 09:03:46 | 000,000,000 | ---D | M] -- C:\Users\Carol P\AppData\Roaming\FlixsterCollections
    [2012/01/28 11:26:41 | 000,000,000 | ---D | M] -- C:\Users\Carol P\AppData\Roaming\Foxit Software
    [2011/10/10 07:52:45 | 000,000,000 | ---D | M] -- C:\Users\Carol P\AppData\Roaming\GiftBoxPlus
    [2012/07/07 03:19:03 | 000,000,000 | ---D | M] -- C:\Users\Carol P\AppData\Roaming\GoodSync
    [2011/08/06 16:28:43 | 000,000,000 | ---D | M] -- C:\Users\Carol P\AppData\Roaming\LaunchPad
    [2012/03/23 15:35:05 | 000,000,000 | ---D | M] -- C:\Users\Carol P\AppData\Roaming\Leadertech
    [2012/03/25 08:05:57 | 000,000,000 | ---D | M] -- C:\Users\Carol P\AppData\Roaming\LibreOffice
    [2012/07/07 17:50:39 | 000,000,000 | ---D | M] -- C:\Users\Carol P\AppData\Roaming\mjusbsp
    [2011/08/10 10:12:20 | 000,000,000 | ---D | M] -- C:\Users\Carol P\AppData\Roaming\RoboForm
    [2012/07/08 19:26:26 | 000,000,000 | ---D | M] -- C:\Users\Carol P\AppData\Roaming\SpeedyPC Software
    [2012/07/08 20:02:30 | 000,000,000 | ---D | M] -- C:\Users\Carol P\AppData\Roaming\TestApp
    [2011/07/30 02:34:04 | 000,000,000 | ---D | M] -- C:\Users\Carol P\AppData\Roaming\VistaCodecs
    [2012/03/08 08:34:05 | 000,000,000 | ---D | M] -- C:\Users\Carol P\AppData\Roaming\Windows Live Writer
    [2011/07/13 02:45:26 | 000,000,000 | ---D | M] -- C:\ProgramData\AMD
    [2011/07/12 23:05:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data
    [2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
    [2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
    [2012/03/23 21:39:10 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON
    [2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
    [2011/08/12 10:26:36 | 000,000,000 | ---D | M] -- C:\ProgramData\GoodSync
    [2011/07/13 00:51:53 | 000,000,000 | ---D | M] -- C:\ProgramData\magicJack
    [2011/07/13 10:06:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Napster
    [2011/07/12 23:38:56 | 000,000,000 | ---D | M] -- C:\ProgramData\RoboForm
    [2012/07/08 19:26:12 | 000,000,000 | ---D | M] -- C:\ProgramData\SpeedyPC Software
    [2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
    [2011/08/17 14:14:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer
    [2012/07/08 20:28:57 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
    [2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
    [2012/03/29 08:27:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Viper
    [2012/05/08 18:04:40 | 000,000,000 | ---D | M] -- C:\ProgramData\VistaCodecs
    [2008/08/21 01:55:57 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
    [2011/10/25 05:08:37 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
    [2008/08/21 02:09:28 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    [2012/05/08 05:16:28 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\GoodSync - RoboForm Online.job
    [2012/07/10 09:47:41 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/07/08 19:42:03 | 000,000,424 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Pro.job
    [2012/07/08 19:42:03 | 000,000,496 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Registration3.job
    [2012/07/08 19:42:03 | 000,000,468 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job
    [2012/06/30 14:59:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\TuneUpMedic_scan_schedule_task_0b376ef0-5ff1-4233-ac54-6209f2b73b3e.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    Invalid Environment Variable: %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\

    Invalid Environment Variable: %AppData%\Local\

    < %systemroot%\system32\sysprep >

    < *.xpi /md5 >

    < %systemroot%\Downloaded Program Files\ >

    < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/05/14 23:25:37 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/05/14 23:25:37 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/05/14 23:25:37 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/05/15 02:37:18 | 000,638,048 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: FIREFOX.EXE
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: FIREFOX.EXE
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/05/14 20:40:10 | 000,070,656 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/05/14 20:40:10 | 000,070,656 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/05/14 20:40:10 | 000,070,656 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/05/15 02:37:18 | 000,638,048 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: IEXPLORE.EXE

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /90 >
    [2012/04/23 12:36:50 | 000,426,616 | ---- | M] (PC Tools) -- C:\Windows\system32\drivers\PCTCore64.sys
    [2012/05/11 11:14:26 | 000,251,528 | ---- | M] (PC Tools) -- C:\Windows\system32\drivers\PCTSD64.sys
    [2012/05/01 10:29:44 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rdpwd.sys

    < %systemroot%\System32\config\*.sav >
    [2008/01/21 00:14:16 | 026,247,168 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/21 00:13:53 | 000,110,592 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/21 00:14:16 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 08:50:51 | 019,435,520 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 08:50:51 | 001,806,336 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %SYSTEMDRIVE%\*.exe /md5 >

    Invalid Environment Variable: %WinDir%\$NtUninstallKB*$. /30

    < %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

    < %systemroot%\*. /mp /s >

    < %systemroot%\*. /rp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    Invalid Environment Variable: %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.*

    Invalid Environment Variable: %USERPROFILE%\AppData\Local\

    < %systemroot%\Installer\ /s >

    < %systemroot%\system32\Cache\ /s >

    < %systemroot%\system32\config\systemprofile\Application Data /s >

    < %PROGRAMFILES%\*. >
    [2008/08/21 01:26:50 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
    [2011/07/13 02:45:32 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
    [2011/07/13 06:40:40 | 000,000,000 | ---D | M] -- C:\Program Files\BigFix
    [2012/06/26 05:28:54 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
    [2011/07/13 00:02:37 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
    [2011/07/13 02:57:19 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
    [2011/07/12 22:48:27 | 000,000,000 | ---D | M] -- C:\Program Files\Dolby
    [2011/07/12 23:05:16 | 000,000,000 | ---D | M] -- C:\Program Files\eBay
    [2011/07/13 01:39:17 | 000,000,000 | ---D | M] -- C:\Program Files\Google
    [2012/03/26 18:44:19 | 000,000,000 | ---D | M] -- C:\Program Files\HP
    [2012/06/13 04:14:29 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
    [2011/12/23 00:06:11 | 000,000,000 | ---D | M] -- C:\Program Files\Java
    [2011/10/28 13:40:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Fix it Center
    [2011/07/19 14:45:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
    [2012/06/12 18:08:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
    [2012/07/07 14:52:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Client
    [2011/07/19 14:47:33 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
    [2006/11/02 11:07:26 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
    [2012/02/21 13:57:48 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
    [2006/11/02 11:07:26 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
    [2012/05/08 05:10:38 | 000,000,000 | ---D | M] -- C:\Program Files\Siber Systems
    [2012/07/08 15:53:39 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
    [2006/11/02 11:44:54 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
    [2008/01/20 23:09:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
    [2011/07/19 14:47:26 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
    [2012/05/09 05:33:16 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
    [2011/09/23 10:59:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
    [2012/04/11 03:27:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
    [2011/07/19 14:47:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
    [2006/11/02 11:07:26 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
    [2011/07/19 14:47:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
    [2011/07/21 03:23:08 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
    [2011/07/19 14:47:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar

    Invalid Environment Variable: %appdata%\*.*


    < MD5 for: AFD.SYS >
    [2012/01/03 10:21:38 | 000,404,992 | ---- | M] (Microsoft Corporation) MD5=022ED7EB19DFECF39C106E0F9CF2BB19 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22770_none_362b4e6b2d472f6a\afd.sys
    [2011/04/21 10:20:24 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=0CC146C4ADDEA45791B18B1E2659F4A9 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_35be4fb214130ed1\afd.sys
    [2009/04/11 01:44:24 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=12415CCFD3E7CEC55B5184E67B039FE4 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_35f2572213ec5bd2\afd.sys
    [2009/04/10 22:44:26 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=12415CCFD3E7CEC55B5184E67B039FE4 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_35f2572213ec5bd2\afd.sys
    [2011/04/21 09:54:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=7B8E5F3A0626CA83B706F0738830845F -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_366a5ebb2d168a9d\afd.sys
    [2011/04/21 09:42:48 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=9BB97042FA331A0FB4BDD98B9280A50A -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_33ef7c5016dab752\afd.sys
    [2011/04/21 09:47:41 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=B53144D2EBB0843DD0436F5EA6953F65 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_34958b832fe3983b\afd.sys
    [2012/01/03 10:25:21 | 000,404,992 | ---- | M] (Microsoft Corporation) MD5=C4F6CE6087760AD70960C9EB130E7943 -- C:\Windows\System32\drivers\afd.sys
    [2012/01/03 10:25:21 | 000,404,992 | ---- | M] (Microsoft Corporation) MD5=C4F6CE6087760AD70960C9EB130E7943 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18564_none_35b080ce141ddbe4\afd.sys
    [2008/01/20 22:48:18 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=DB37041AB857ABC7E179E856D8E1582C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_3406de1616ca9086\afd.sys

    < MD5 for: ATAPI.SYS >
    [2008/01/20 22:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_1d87dda2\atapi.sys
    [2008/01/20 22:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
    [2008/02/22 01:29:46 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=2297D8A0E2F3E1BA55E1538BA33B9E86 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22120_none_39cac090f315177e\atapi.sys
    [2008/02/22 01:30:43 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=62BD869AFA2BF2E30F9D3FF428C87D5C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_83e39703\atapi.sys
    [2008/02/22 01:30:43 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=62BD869AFA2BF2E30F9D3FF428C87D5C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18023_none_394424a3d9f4c3b9\atapi.sys
    [2006/11/02 08:01:02 | 000,020,072 | ---- | M] (Microsoft Corporation) MD5=DF96CF8885724430024B7522E5C95722 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_f8cccc79\atapi.sys
    [2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
    [2009/04/11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\System32\drivers\atapi.sys
    [2009/04/11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b6d20d6f\atapi.sys
    [2009/04/11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

    < MD5 for: EXPLORER.EXE >
    [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
    [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
    [2008/10/29 02:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
    [2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
    [2011/09/14 10:05:26 | 001,008,092 | ---- | M] () MD5=645A8F39A10306D50382EB49A6C49AAB -- C:\Documents and Settings\Carol P\Desktop\RKill\eXplorer.exe
    [2011/09/14 10:05:26 | 001,008,092 | ---- | M] () MD5=645A8F39A10306D50382EB49A6C49AAB -- C:\Users\Carol P\Desktop\RKill\eXplorer.exe
    [2009/04/11 00:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
    [2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
    [2009/04/11 00:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
    [2008/10/27 22:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
    [2008/10/29 02:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
    [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
    [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
    [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
    [2008/10/30 01:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
    [2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
    [2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
    [2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

    < MD5 for: SERVICES.EXE >
    [2008/01/20 22:50:34 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    [2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
    [2009/04/11 00:10:52 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
    [2012/07/09 18:42:09 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=BC81150939BD52DBC7A08C245F1FB229 -- C:\Windows\System32\services.exe
    [2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2009/04/10 23:28:00 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SysWOW64\services.exe
    [2009/04/10 23:28:00 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2008/01/20 22:49:44 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe

    < MD5 for: SVCHOST.EXE >
    [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
    [2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
    [2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
    [2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\System32\svchost.exe
    [2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

    < MD5 for: TCPIP.SYS >
    [2010/06/16 13:14:29 | 001,424,264 | ---- | M] (Microsoft Corporation) MD5=0011810B5211FDACD784DE585262ECFE -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_119c298735134c99\tcpip.sys
    [2010/04/06 04:35:06 | 001,423,752 | ---- | M] (Microsoft Corporation) MD5=150C1A66A7094F84560519261A309BC6 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22377_none_11681899353a0dd5\tcpip.sys
    [2011/06/17 16:14:30 | 001,424,272 | ---- | M] (Microsoft Corporation) MD5=19A7321E3A5F1DDB215D2815DCC8F8E4 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22662_none_116decc535366aa6\tcpip.sys
    [2011/09/20 17:06:18 | 001,426,304 | ---- | M] (Microsoft Corporation) MD5=2CC45D932BD193CD4117321D469AD6B2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_1121619c1be9f088\tcpip.sys
    [2010/02/18 11:01:57 | 001,420,688 | ---- | M] (Microsoft Corporation) MD5=30C4ABC8075DEA44D7E775D434AF1753 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_0f2e179c1ecd900b\tcpip.sys
    [2009/08/14 10:44:27 | 001,200,640 | ---- | M] (Microsoft Corporation) MD5=34B30202AECCB530FDDC6C6CCFA2FB46 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_bbc5fabc4a894d2a\tcpip.sys
    [2010/02/18 08:25:21 | 001,200,640 | ---- | M] (Microsoft Corporation) MD5=396CF3FD8D2A4FDF55570C01894DB9DF -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_bba931004aa006ed\tcpip.sys
    [2009/08/14 14:05:16 | 001,418,840 | ---- | M] (Microsoft Corporation) MD5=3BCD46BE9988B09D3510A0EF54F0D65B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_0f32e3e61ecadee9\tcpip.sys
    [2010/02/18 11:04:06 | 001,414,032 | ---- | M] (Microsoft Corporation) MD5=4680D08A2E8A2509CD9B751D7AF59606 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys
    [2012/03/30 08:45:03 | 001,423,744 | ---- | M] (Microsoft Corporation) MD5=46D448E9117464E4D3BBF36D7E3FA48E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18604_none_112731fc1be6530b\tcpip.sys
    [2010/02/18 10:22:15 | 001,423,752 | ---- | M] (Microsoft Corporation) MD5=4AD4600DF1F09EE7462152C061B683C8 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_118286a1352721f8\tcpip.sys
    [2011/06/17 16:14:30 | 001,427,344 | ---- | M] (Microsoft Corporation) MD5=4DAD14118FBCF7C609F2A4CE21FBCC5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18484_none_10d0aed01c273845\tcpip.sys
    [2011/09/20 17:06:18 | 001,423,744 | ---- | M] (Microsoft Corporation) MD5=73BED5067ED53A9DF05FA8EAB42578D0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_11ab004d35078d79\tcpip.sys
    [2009/08/14 12:42:31 | 001,413,208 | ---- | M] (Microsoft Corporation) MD5=74B776CA1B328095FE23A3306B1613A3 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_0f6c030d3823f645\tcpip.sys
    [2008/01/20 22:51:16 | 001,421,368 | ---- | M] (Microsoft Corporation) MD5=7A1183FBB802F5ABAD7FA18BC67E0858 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c\tcpip.sys
    [2010/02/18 08:27:40 | 001,198,080 | ---- | M] (Microsoft Corporation) MD5=7B0B928E318CADC23C87226BE0A1097D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_bc37d12363b92291\tcpip.sys
    [2010/06/16 12:40:37 | 001,420,176 | ---- | M] (Microsoft Corporation) MD5=7D86275FB640011B372FD566C0EAFA8D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_0ede67001f09ee46\tcpip.sys
    [2008/04/26 04:55:25 | 001,421,368 | ---- | M] (Microsoft Corporation) MD5=8E041924441FF8755E5B4F135C8C3767 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_0efecf2c1ef1a5d7\tcpip.sys
    [2010/04/05 13:13:35 | 001,414,024 | ---- | M] (Microsoft Corporation) MD5=8E7CD6BA2F09B46CE72D308F166C0B12 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_0f8a7609380d6a12\tcpip.sys
    [2010/06/16 13:11:35 | 001,426,816 | ---- | M] (Microsoft Corporation) MD5=973658A2EA9C06B2976884B9046DFC6C -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_10d97a5c1c20ef58\tcpip.sys
    [2009/04/11 03:15:48 | 001,426,408 | ---- | M] (Microsoft Corporation) MD5=99D07AD0EF2C535610F6573C29BC045E -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_112826e21be57d78\tcpip.sys
    [2009/04/11 00:15:50 | 001,426,408 | ---- | M] (Microsoft Corporation) MD5=99D07AD0EF2C535610F6573C29BC045E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_112826e21be57d78\tcpip.sys
    [2009/08/14 12:39:38 | 001,425,992 | ---- | M] (Microsoft Corporation) MD5=A7BFF59C2F610F62E6C292074FF36A1E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_10c2d66e1c321395\tcpip.sys
    [2012/03/30 08:45:03 | 001,422,720 | ---- | M] (Microsoft Corporation) MD5=AC8D5728E6AD6A7C4819D9A67008337A -- C:\Windows\System32\drivers\tcpip.sys
    [2012/03/30 08:45:03 | 001,422,720 | ---- | M] (Microsoft Corporation) MD5=AC8D5728E6AD6A7C4819D9A67008337A -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22828_none_119f31fd35108d3a\tcpip.sys
    [2010/02/18 10:28:06 | 001,427,336 | ---- | M] (Microsoft Corporation) MD5=B4B7B375FDD672AF79B0CBE9B9A48B47 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_112c2bd61be1dd22\tcpip.sys
    [2010/06/16 19:28:33 | 001,414,544 | ---- | M] (Microsoft Corporation) MD5=D43D5336BE9DD93E02EE124297295713 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys
    [2009/08/14 12:32:21 | 001,424,952 | ---- | M] (Microsoft Corporation) MD5=D45D67A18C9FD4CC637BC9D4585C0646 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_11acc42135079bb6\tcpip.sys
    [2009/08/15 18:55:23 | 001,196,032 | ---- | M] (Microsoft Corporation) MD5=D4E30E6BADFF21865C3A075457CF9C00 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_bc4f6fa963a72036\tcpip.sys
    [2008/04/26 04:47:15 | 001,421,368 | ---- | M] (Microsoft Corporation) MD5=F10A60005FB50698E33A1940C6EBB010 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_0f8c6d1f380baafd\tcpip.sys

    < MD5 for: USERINIT.EXE >
    [2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
    [2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
    [2011/09/14 10:06:16 | 001,008,092 | ---- | M] () MD5=645A8F39A10306D50382EB49A6C49AAB -- C:\Documents and Settings\Carol P\Desktop\RKill\uSeRiNiT.exe
    [2011/09/14 10:06:16 | 001,008,092 | ---- | M] () MD5=645A8F39A10306D50382EB49A6C49AAB -- C:\Users\Carol P\Desktop\RKill\uSeRiNiT.exe
    [2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\System32\userinit.exe
    [2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

    < MD5 for: VOLSNAP.SYS >
    [2009/04/11 03:15:45 | 000,269,288 | ---- | M] (Microsoft Corporation) MD5=5280AADA24AB36B01A84A6424C475C8D -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_73c0cc10b194374f\volsnap.sys
    [2009/04/11 00:15:46 | 000,269,288 | ---- | M] (Microsoft Corporation) MD5=5280AADA24AB36B01A84A6424C475C8D -- C:\Windows\System32\drivers\volsnap.sys
    [2009/04/11 00:15:46 | 000,269,288 | ---- | M] (Microsoft Corporation) MD5=5280AADA24AB36B01A84A6424C475C8D -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_d5525b4d\volsnap.sys
    [2009/04/11 00:15:46 | 000,269,288 | ---- | M] (Microsoft Corporation) MD5=5280AADA24AB36B01A84A6424C475C8D -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_73c0cc10b194374f\volsnap.sys
    [2006/11/02 07:51:39 | 000,247,912 | ---- | M] (Microsoft Corporation) MD5=D4674E125878F77EED0D87E6C46889AA -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_c52a9a32\volsnap.sys
    [2008/01/20 22:47:03 | 000,271,416 | ---- | M] (Microsoft Corporation) MD5=DE4307412D98050239026E56A7DFF3C0 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_47e59f7b\volsnap.sys
    [2008/01/20 22:47:03 | 000,271,416 | ---- | M] (Microsoft Corporation) MD5=DE4307412D98050239026E56A7DFF3C0 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_71d55304b4726c03\volsnap.sys

    < MD5 for: WININIT.EXE >
    [2008/01/20 22:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
    [2008/01/20 22:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
    [2008/01/20 22:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\System32\wininit.exe
    [2008/01/20 22:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe

    < MD5 for: WINLOGON.EXE >
    [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2011/09/14 10:06:26 | 001,008,092 | ---- | M] () MD5=645A8F39A10306D50382EB49A6C49AAB -- C:\Documents and Settings\Carol P\Desktop\RKill\WiNlOgOn.exe
    [2011/09/14 10:06:26 | 001,008,092 | ---- | M] () MD5=645A8F39A10306D50382EB49A6C49AAB -- C:\Users\Carol P\Desktop\RKill\WiNlOgOn.exe
    [2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
    [2009/04/11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\System32\winlogon.exe
    [2009/04/11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
    [2008/01/20 22:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
    [2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
    [2009/04/10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
    [2009/04/10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
    [2008/01/20 22:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
    [C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    < End of report >
     
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTLPE Fix

    Please run OTLPE
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)
     
  20. crains

    crains TS Rookie Topic Starter Posts: 18

    the scan completed and I clicked ok to reboot... the program froze...
     
  21. crains

    crains TS Rookie Topic Starter Posts: 18

    sorry... the fix completed and I clicked ok to reboot... the program froze and it is not rebooting
     
  22. crains

    crains TS Rookie Topic Starter Posts: 18

    manually rebooted and here is the log:

    ========== FILES ==========
    Invalid replace specification: C:\Windows\System32\services.exe C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData

    User: Carol P
    ->Temp folder emptied: 1718 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 318566 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes

    Total Files Cleaned = 0.00 mb


    OTLPE by OldTimer - Version 3.1.48.0 log created on 07102012_194156
     
  23. crains

    crains TS Rookie Topic Starter Posts: 18

    this forum has wasted over 15 hours of my time... I am hoping that it is just this mods slackness and failure to read (or comprehend) the words that were presented to him during the thread...

    you may close this thread!!
     
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Most of the time, when you have originally detected the malware issue, it means the computer is infected by malware of some sort. Antivirus scanners may not show a sign of the malware still being there, which could be a sign of a rootkit.

    Whenever rootkit scanners, and antivirus software scan for the rootkit, it gets as close to the system kernel as possible. If the rootkit is beyond that point, it will not be detected.

    Problem is, you could try to replace every file on the system, but still the rootkit will show its face. That is a primary problem we have in detecting malware. So, these scanners are engineered by our staff, and corresponding staff to help bypass malware, and fully detect it.

    So, the idea is, is when you post to a forum that you need help removing malware, it is best to stay with the helper, to ensure your computer is clean.It can take a lot of time, especially in the tech support field, to get responses.

    Many of us have jobs outside of our volunteer work on the forums. We cannot be here for a full time basis, especially if we have full-time jobs.

    We may have wasted your time, but at least you didn't waste money giving it to someone who probably wouldn't have known how to fix it anyway!!

    Since you choose not to continue, this topic will be marked solved.

    Since we're graceful, if you ever need any help in the future, you know where to come.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.