After running superantispyware my pc won't boot OS and blue screens!

[CuNaMo]

Hello.

Recently I was infected with a virus called "Microsoft Security Center 2012," or something very similar to that. I clicked on a link in an email I thought was from a friend of mine and voila! So, I ran MBAM, and Superantispyware (not at the same time), and both programs needed to reboot to finish cleaning. Afterwards, I go to reboot my computer one more time and suddenly I get a blue screen and the following error:

STOP: C0000135 Program can't start because %hs is missing. Try reinstalling the program

Seeing this error, I first tried booting from the Windows 7 install disc, but when I went  to the repair option it didn't detect my OS/hard drive! After searching some forums (including this one) I found a few tricks to make my install disc see my OS/hard drive, but none of them worked. So I decided that it was time to see what the antivirus programs did.

I used a bootable USB with xubuntu on it to access the files on my computer. I was able to look at the spyware logs and the problem revealed itself in the superantispyware log. Superantispyware deleted a file called “consrv.dll.” After some more research I found that this infected dll file makes edits to the registry that must be fixed BEFORE deleting the file, otherwise the above stop-error occurs. I am not entirely sure what those edits are, because it seems they might be different depending on the computer infected, but I have seen other people solve the problem by editing the registry from outside windows.

Here is where I need your help! I don’t know how to look at or edit the registry outside of windows, and I wouldn’t know what was missing even if I did. Additionally, there may still be other problems with my PC that I am not aware of, because this one will not even let me boot the OS! I have placed a link describing someone else's experience with the consrv.dll issue from another forum. Please help me, and thank you!

http://forum.avast.com/index.php?topic=87852.0

http://answers.microsoft.com/en-us/windows/forum/windows_7-system/stop-c0000135-program-cant-start-because-hs-is/5cea7ee8-d931-462c-a8fa-06d3444fad48

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please do not do anything in the Registry.

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

• Place a blank CD-R disc in to your CD burning drive.
• Download OTLPEStd.exe and double-click on it to burn to a CD using an ISO Burner. One can be found here.
  
• Reboot your system using the boot CD you just created.
• Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a REATOGO-X-PE desktop.
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start. Change the following settings
  
• Change Drivers to Non-Microsoft
  
• Press Run Scan to start the scan.
  
• When finished, the file will be saved  in drive C:\_OTL\MovedFiles
  
• Copy this file to your USB drive if you do not have internet connection on this system
• Please post the contents of the OTL.txt file in your reply.
  

[CuNaMo]

Hello and thanks for replying so quickly!

I made the OTLPE CD like you said, booted with it, and ran OTLPE from the desktop. However, there were some complications:

First, OTLPE never asked to "load remote registry." When I double-clicked on it it opened a browser window and I had to navigate to the Windows folder where my OS is. I assume this is because I have two hard drives on my computer.

Second, there was no "non-Microsoft" option under the drivers section in OTLPE. The only options were: "none," "safelist," and "all." I left it on "safelist."

Finally, I had trouble getting the OTLPE program to recognize my USB flashdrive. I had to use disk management to see the drive and open to save my OTL log file on my flashdrive.

So after all that here is the log:

OTL logfile created on: 1/15/2012 5:28:37 PM - Run
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): c:\pagefile.sys 9216 18432 [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 73.82 Mb Free Space | 73.82% Space Free | Partition Type: NTFS
Drive D: | 931.50 Gb Total Space | 329.34 Gb Free Space | 35.36% Space Free | Partition Type: NTFS
Drive E: | 931.41 Gb Total Space | 104.96 Gb Free Space | 11.27% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/11/09 18:40:36 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto] -- E:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/11/26 01:47:36 | 000,665,320 | ---- | M] () [Auto] -- E:\Windows\System32\atwtusb.exe -- (WTService)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/12/15 04:39:18 | 000,008,192 | ---- | M] () [Auto] -- E:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand] -- E:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/03 06:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto] -- E:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 05:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto] -- E:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/07/12 19:27:09 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand] -- E:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/06 14:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/09/21 13:02:02 | 000,393,216 | ---- | M] (NetGear) [Auto] -- E:\Windows\SysWOW64\WN311BFCS.exe -- (WN311BFCS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/08/01 17:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- E:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- E:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/10 04:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/01/19 20:47:18 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto] -- E:\Windows\System32\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/11/20 06:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/04/27 18:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 18:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 16:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 16:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/04/03 05:31:50 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\WN311B64.SYS -- (NTG43XX)
DRV:64bit: - [2009/08/26 00:15:10 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- E:\Windows\System32\drivers\walvhid.sys -- (vhidmini)
DRV:64bit: - [2009/07/08 03:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/01 14:20:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- E:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/14 11:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand] -- E:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/03/08 06:16:14 | 000,007,680 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- E:\Windows\System32\drivers\moufiltr.sys -- (moufiltr)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Curtis_&_Andrea_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\Curtis_&_Andrea_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Curtis_&_Andrea_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 E4 5B BA 76 D0 CB 01  [binary data]
IE - HKU\Curtis_&_Andrea_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.260.0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: E:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@checkpoint.com/FFApi:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: E:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: E:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: E:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: E:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: E:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: E:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: E:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/04/26 14:45:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/04/26 14:45:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/02 12:39:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/15 16:17:27 | 000,000,000 | ---D | M]
 
[2011/02/19 22:42:19 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2011/02/19 22:42:19 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mw8e0m5g.default\extensions
[2011/11/09 20:58:15 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
File not found (No name found) -- E:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) -- E:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/01/02 12:39:40 | 000,121,816 | ---- | M] (Mozilla Foundation) -- E:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/10 11:57:33 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- E:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/05/04 06:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/04 01:01:42 | 000,002,252 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 20:58:14 | 000,002,040 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
Hosts file not found
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - E:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - E:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O4:64bit: - HKLM..\Run: [IntelliPoint] E:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MacroKeyManager] E:\Windows\System32\WTMKM.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] E:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] E:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [amd_dc_opt] E:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AS00_WN311B] E:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe (NetGear)
O4 - HKLM..\Run: [DivXUpdate] E:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKU\UpdatusUser_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_E..\RunOnce: [mctadmin]  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Administrator_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 0
O7 - HKU\Curtis_&_Andrea_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Curtis_&_Andrea_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Curtis_&_Andrea_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - E:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/14 18:47:53 | 000,000,000 | ---D | C] -- E:\.Trash-999
[2011/12/18 23:45:16 | 000,000,000 | ---D | C] -- E:\Users\Curtis & Andrea\Documents\Amazon MP3
[2011/12/18 23:45:16 | 000,000,000 | ---D | C] -- E:\Users\Curtis & Andrea\AppData\Roaming\Amazon
[2011/12/18 23:44:46 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2011/12/18 23:44:45 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Amazon
[3 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
[1 E:\Windows\SysWow64\*.tmp files -> E:\Windows\SysWow64\*.tmp -> ]
[1 E:\Windows\System32\drivers\*.tmp files -> E:\Windows\System32\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/15 02:14:35 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2012/01/15 02:14:28 | 535,683,071 | -HS- | M] () -- E:\hiberfil.sys
[2012/01/02 18:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At80.job
[2012/01/02 18:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At32.job
[2012/01/02 18:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At79.job
[2012/01/02 18:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At31.job
[2012/01/02 17:41:09 | 000,000,064 | ---- | M] () -- E:\Windows\SysWow64\rp_stats.dat
[2012/01/02 17:41:09 | 000,000,044 | ---- | M] () -- E:\Windows\SysWow64\rp_rules.dat
[2012/01/02 17:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At78.job
[2012/01/02 17:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At30.job
[2012/01/02 17:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At77.job
[2012/01/02 17:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At29.job
[2012/01/02 16:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At76.job
[2012/01/02 16:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At28.job
[2012/01/02 16:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At75.job
[2012/01/02 16:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At27.job
[2012/01/02 16:09:31 | 000,014,224 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/02 16:09:31 | 000,014,224 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/02 16:06:50 | 000,675,566 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2012/01/02 16:06:50 | 000,442,594 | ---- | M] () -- E:\Windows\System32\perfh012.dat
[2012/01/02 16:06:50 | 000,431,000 | ---- | M] () -- E:\Windows\System32\perfh011.dat
[2012/01/02 16:06:50 | 000,415,426 | ---- | M] () -- E:\Windows\System32\prfh0404.dat
[2012/01/02 16:06:50 | 000,398,324 | ---- | M] () -- E:\Windows\System32\prfh0804.dat
[2012/01/02 16:06:50 | 000,126,238 | ---- | M] () -- E:\Windows\System32\perfc011.dat
[2012/01/02 16:06:50 | 000,126,238 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2012/01/02 16:06:50 | 000,124,526 | ---- | M] () -- E:\Windows\System32\perfc012.dat
[2012/01/02 16:06:50 | 000,124,098 | ---- | M] () -- E:\Windows\System32\prfc0804.dat
[2012/01/02 16:06:50 | 000,119,184 | ---- | M] () -- E:\Windows\System32\prfc0404.dat
[2012/01/02 15:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At74.job
[2012/01/02 15:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At26.job
[2012/01/02 15:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At73.job
[2012/01/02 15:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At25.job
[2012/01/02 14:19:55 | 001,008,141 | ---- | M] () -- E:\Users\Curtis & Andrea\Desktop\rkill.com
[2012/01/02 14:17:40 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- E:\Users\Curtis & Andrea\Desktop\TDSSKiller.exe
[2012/01/02 14:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At72.job
[2012/01/02 14:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At24.job
[2012/01/02 14:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At71.job
[2012/01/02 14:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At23.job
[2012/01/02 14:11:46 | 000,001,120 | ---- | M] () -- E:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/02 14:11:46 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/02 13:52:30 | 000,002,056 | ---- | M] () -- E:\Users\Curtis & Andrea\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/02 13:51:22 | 000,004,976 | -HS- | M] () -- E:\Users\Curtis & Andrea\AppData\Local\381wif72x512qf62m5wdo2u735427n12o0160
[2012/01/02 13:51:22 | 000,004,976 | -HS- | M] () -- E:\ProgramData\381wif72x512qf62m5wdo2u735427n12o0160
[2012/01/02 12:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At68.job
[2012/01/02 12:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At20.job
[2012/01/02 12:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At67.job
[2012/01/02 12:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At19.job
[2012/01/02 11:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At66.job
[2012/01/02 11:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At18.job
[2012/01/02 11:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At65.job
[2012/01/02 11:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At17.job
[2012/01/02 10:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At64.job
[2012/01/02 10:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At16.job
[2012/01/02 10:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At63.job
[2012/01/02 10:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At15.job
[2012/01/02 09:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At62.job
[2012/01/02 09:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At14.job
[2012/01/02 09:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At61.job
[2012/01/02 09:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At13.job
[2012/01/02 08:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At60.job
[2012/01/02 08:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At12.job
[2012/01/02 08:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At59.job
[2012/01/02 08:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At11.job
[2012/01/02 07:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At58.job
[2012/01/02 07:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At10.job
[2012/01/02 07:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At9.job
[2012/01/02 07:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At57.job
[2012/01/02 06:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At8.job
[2012/01/02 06:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At56.job
[2012/01/02 06:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At7.job
[2012/01/02 06:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At55.job
[2012/01/02 05:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At6.job
[2012/01/02 05:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At54.job
[2012/01/02 05:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At53.job
[2012/01/02 05:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At5.job
[2012/01/02 04:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At52.job
[2012/01/02 04:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At4.job
[2012/01/02 04:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At51.job
[2012/01/02 04:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At3.job
[2012/01/02 03:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At50.job
[2012/01/02 03:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At2.job
[2012/01/02 03:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At49.job
[2012/01/02 03:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At1.job
[2012/01/02 02:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At96.job
[2012/01/02 02:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At48.job
[2012/01/02 02:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At95.job
[2012/01/02 02:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At47.job
[2012/01/02 01:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At94.job
[2012/01/02 01:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At46.job
[2012/01/02 01:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At93.job
[2012/01/02 01:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At45.job
[2012/01/02 00:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At92.job
[2012/01/02 00:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At44.job
[2012/01/02 00:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At91.job
[2012/01/02 00:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At43.job
[2012/01/01 23:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At90.job
[2012/01/01 23:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At42.job
[2012/01/01 23:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At89.job
[2012/01/01 23:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At41.job
[2012/01/01 22:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At88.job
[2012/01/01 22:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At40.job
[2012/01/01 22:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At87.job
[2012/01/01 22:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At39.job
[2012/01/01 21:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At86.job
[2012/01/01 21:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At38.job
[2012/01/01 21:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At85.job
[2012/01/01 21:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At37.job
[2012/01/01 20:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At84.job
[2012/01/01 20:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At36.job
[2012/01/01 20:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At83.job
[2012/01/01 20:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At35.job
[2012/01/01 19:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At82.job
[2012/01/01 19:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At34.job
[2012/01/01 19:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At81.job
[2012/01/01 19:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At33.job
[2012/01/01 13:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At70.job
[2012/01/01 13:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At22.job
[2012/01/01 13:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At69.job
[2012/01/01 13:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At21.job
[2011/12/31 00:19:28 | 000,001,674 | -HS- | M] () -- E:\Users\Curtis & Andrea\AppData\Local\s88mw2s78q
[2011/12/31 00:19:28 | 000,001,674 | -HS- | M] () -- E:\ProgramData\s88mw2s78q
[2011/12/28 04:12:19 | 000,002,052 | -HS- | M] () -- E:\Users\Curtis & Andrea\AppData\Local\le2sw25wpe16000eq3d62u3e361d6d868423f5o4g3goj
[2011/12/28 04:12:19 | 000,002,052 | -HS- | M] () -- E:\ProgramData\le2sw25wpe16000eq3d62u3e361d6d868423f5o4g3goj
[2011/12/26 23:24:21 | 000,009,530 | -HS- | M] () -- E:\ProgramData\dd36rm417bn1dh83kl0kjq27l5kl3207o3jv40n0318j3
[2011/12/22 00:32:00 | 000,937,264 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
[2011/12/22 00:27:04 | 000,000,118 | ---- | M] () -- E:\Windows\System32\MRT.INI
[2011/12/18 23:44:46 | 000,002,222 | ---- | M] () -- E:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2011/12/18 23:44:46 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[3 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
[1 E:\Windows\SysWow64\*.tmp files -> E:\Windows\SysWow64\*.tmp -> ]
[1 E:\Windows\System32\drivers\*.tmp files -> E:\Windows\System32\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/01/02 14:19:57 | 001,008,141 | ---- | C] () -- E:\Users\Curtis & Andrea\Desktop\rkill.com
[2012/01/02 14:11:46 | 000,001,120 | ---- | C] () -- E:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/02 12:53:15 | 000,004,976 | -HS- | C] () -- E:\Users\Curtis & Andrea\AppData\Local\381wif72x512qf62m5wdo2u735427n12o0160
[2012/01/02 12:53:15 | 000,004,976 | -HS- | C] () -- E:\ProgramData\381wif72x512qf62m5wdo2u735427n12o0160
[2011/12/31 00:19:01 | 000,001,674 | -HS- | C] () -- E:\Users\Curtis & Andrea\AppData\Local\s88mw2s78q
[2011/12/31 00:19:01 | 000,001,674 | -HS- | C] () -- E:\ProgramData\s88mw2s78q
[2011/12/28 04:11:47 | 000,002,052 | -HS- | C] () -- E:\Users\Curtis & Andrea\AppData\Local\le2sw25wpe16000eq3d62u3e361d6d868423f5o4g3goj
[2011/12/28 04:11:47 | 000,002,052 | -HS- | C] () -- E:\ProgramData\le2sw25wpe16000eq3d62u3e361d6d868423f5o4g3goj
[2011/12/26 22:36:14 | 000,009,530 | -HS- | C] () -- E:\ProgramData\dd36rm417bn1dh83kl0kjq27l5kl3207o3jv40n0318j3
[2011/12/22 00:27:04 | 000,000,118 | ---- | C] () -- E:\Windows\System32\MRT.INI
[2011/12/18 23:44:46 | 000,002,222 | ---- | C] () -- E:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2011/12/12 20:35:01 | 000,008,988 | -HS- | C] () -- E:\ProgramData\nyvwwc4t3eyg0eco4bml8d514w2m
[2011/12/11 11:50:50 | 000,010,930 | -HS- | C] () -- E:\ProgramData\kkkyie8v2dkr8ipq7ofa1g307g6b
[2011/11/08 23:10:19 | 001,764,864 | ---- | C] () -- E:\Windows\SysWow64\ippmmG55sQ6dE8f.exe
[2011/11/08 21:23:05 | 001,764,864 | ---- | C] () -- E:\Windows\SysWow64\DlllOBBtzP0yA1.exe
[2011/11/08 10:33:40 | 001,764,864 | ---- | C] () -- E:\Windows\SysWow64\DlllONNtxP0cS1.exe
[2011/11/08 02:25:39 | 001,764,864 | ---- | C] () -- E:\Windows\SysWow64\DllOOBttzPycAiv.exe
[2011/11/08 02:17:23 | 001,764,864 | ---- | C] () -- E:\Windows\SysWow64\dllOOBttzP0cAiD.exe
[2011/09/28 19:44:14 | 000,179,271 | ---- | C] () -- E:\Windows\SysWow64\xlive.dll.cat
[2011/08/03 05:31:54 | 000,311,912 | ---- | C] () -- E:\Windows\SysWow64\nvStreaming.exe
[2011/06/27 14:44:15 | 000,256,512 | ---- | C] () -- E:\Windows\PEV.exe
[2011/06/27 14:44:15 | 000,208,896 | ---- | C] () -- E:\Windows\MBR.exe
[2011/06/27 14:44:15 | 000,098,816 | ---- | C] () -- E:\Windows\sed.exe
[2011/06/27 14:44:15 | 000,080,412 | ---- | C] () -- E:\Windows\grep.exe
[2011/06/27 14:44:15 | 000,068,096 | ---- | C] () -- E:\Windows\zip.exe
[2011/06/03 19:41:12 | 000,155,745 | ---- | C] () -- E:\Windows\SysWow64\installservice.exe
[2011/05/24 01:49:53 | 000,085,504 | ---- | C] () -- E:\Windows\SysWow64\ff_vfw.dll
[2011/05/02 16:40:30 | 000,000,064 | ---- | C] () -- E:\Windows\SysWow64\rp_stats.dat
[2011/05/02 16:40:30 | 000,000,044 | ---- | C] () -- E:\Windows\SysWow64\rp_rules.dat
[2011/04/29 03:19:00 | 000,004,096 | ---- | C] () -- E:\Windows\d3dx.dat
[2011/04/19 15:23:11 | 000,008,229 | ---- | C] () -- E:\Windows\aiptbl.ini
[2011/02/23 21:06:35 | 000,061,440 | ---- | C] () -- E:\Windows\SysWow64\FDI.exe
[2011/02/23 20:28:56 | 000,252,928 | ---- | C] () -- E:\Windows\SysWow64\DShowRdpFilter.dll
[2011/02/19 22:42:19 | 000,000,000 | ---- | C] () -- E:\Windows\nsreg.dat
[2011/02/19 21:44:01 | 000,008,192 | ---- | C] () -- E:\Windows\SysWow64\srvany.exe
[2011/02/19 17:54:26 | 000,640,957 | ---- | C] () -- E:\Windows\unins000.exe
[2011/02/19 17:54:26 | 000,000,805 | ---- | C] () -- E:\Windows\unins000.dat
[2011/02/19 17:06:06 | 000,073,220 | ---- | C] () -- E:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/02/19 17:06:06 | 000,031,053 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern131.dat
[2011/02/19 17:06:06 | 000,029,114 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern1.dat
[2011/02/19 17:06:06 | 000,027,417 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern121.dat
[2011/02/19 17:06:06 | 000,021,021 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern3.dat
[2011/02/19 17:06:06 | 000,015,670 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern5.dat
[2011/02/19 17:06:06 | 000,013,280 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern2.dat
[2011/02/19 17:06:06 | 000,010,673 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern4.dat
[2011/02/19 17:06:06 | 000,004,943 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern6.dat
[2011/02/19 17:06:06 | 000,001,140 | ---- | C] () -- E:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/02/19 17:06:06 | 000,001,140 | ---- | C] () -- E:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/02/19 17:06:06 | 000,001,137 | ---- | C] () -- E:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/02/19 17:06:06 | 000,001,130 | ---- | C] () -- E:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/02/19 17:06:06 | 000,001,130 | ---- | C] () -- E:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/02/19 17:06:06 | 000,001,104 | ---- | C] () -- E:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/02/19 17:06:06 | 000,000,097 | ---- | C] () -- E:\Windows\SysWow64\PICSDK.ini
[2011/02/19 15:43:12 | 002,870,032 | ---- | C] () -- E:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/19 15:39:01 | 000,921,665 | ---- | C] () -- E:\Windows\SysWow64\msvcrt-ruby18.dll
[2011/02/19 15:39:01 | 000,271,264 | ---- | C] () -- E:\Windows\SysWow64\vbrun100.dll
[2011/02/19 15:39:01 | 000,210,944 | ---- | C] () -- E:\Windows\SysWow64\msvcrt10.dll
[2011/02/19 15:39:01 | 000,027,136 | ---- | C] () -- E:\Windows\SysWow64\pythonw.exe
[2011/02/19 15:39:01 | 000,026,624 | ---- | C] () -- E:\Windows\SysWow64\python.exe
[2011/02/19 15:39:01 | 000,020,537 | ---- | C] () -- E:\Windows\SysWow64\rubyw.exe
[2011/02/19 15:39:01 | 000,020,536 | ---- | C] () -- E:\Windows\SysWow64\ruby.exe
[2009/11/10 22:28:02 | 000,129,768 | ---- | C] () -- E:\Windows\RmTablet.exe
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- E:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- E:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- E:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- E:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2011/05/29 01:27:26 | 000,000,000 | ---D | M] -- E:\ProgramData\AVAST Software
[2011/02/19 16:42:50 | 000,000,000 | ---D | M] -- E:\ProgramData\CheckPoint
[2011/09/09 15:15:36 | 000,000,000 | ---D | M] -- E:\ProgramData\DAEMON Tools Lite
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2011/07/05 21:15:40 | 000,000,000 | ---D | M] -- E:\ProgramData\eMule
[2011/02/19 17:05:59 | 000,000,000 | ---D | M] -- E:\ProgramData\EPSON
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2011/05/25 19:18:20 | 000,000,000 | ---D | M] -- E:\ProgramData\IObit
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2011/04/19 15:23:48 | 000,000,000 | ---D | M] -- E:\ProgramData\Tablet
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2011/12/17 03:56:28 | 000,000,000 | ---D | M] -- E:\ProgramData\Zoom Player
[2012/01/02 03:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At1.job
[2012/01/02 07:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At10.job
[2012/01/02 08:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At11.job
[2012/01/02 08:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At12.job
[2012/01/02 09:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At13.job
[2012/01/02 09:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At14.job
[2012/01/02 10:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At15.job
[2012/01/02 10:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At16.job
[2012/01/02 11:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At17.job
[2012/01/02 11:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At18.job
[2012/01/02 12:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At19.job
[2012/01/02 03:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At2.job
[2012/01/02 12:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At20.job
[2012/01/01 13:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At21.job
[2012/01/01 13:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At22.job
[2012/01/02 14:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At23.job
[2012/01/02 14:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At24.job
[2012/01/02 15:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At25.job
[2012/01/02 15:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At26.job
[2012/01/02 16:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At27.job
[2012/01/02 16:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At28.job
[2012/01/02 17:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At29.job
[2012/01/02 04:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At3.job
[2012/01/02 17:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At30.job
[2012/01/02 18:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At31.job
[2012/01/02 18:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At32.job
[2012/01/01 19:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At33.job
[2012/01/01 19:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At34.job
[2012/01/01 20:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At35.job
[2012/01/01 20:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At36.job
[2012/01/01 21:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At37.job
[2012/01/01 21:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At38.job
[2012/01/01 22:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At39.job
[2012/01/02 04:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At4.job
[2012/01/01 22:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At40.job
[2012/01/01 23:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At41.job
[2012/01/01 23:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At42.job
[2012/01/02 00:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At43.job
[2012/01/02 00:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At44.job
[2012/01/02 01:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At45.job
[2012/01/02 01:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At46.job
[2012/01/02 02:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At47.job
[2012/01/02 02:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At48.job
[2012/01/02 03:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At49.job
[2012/01/02 05:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At5.job
[2012/01/02 03:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At50.job
[2012/01/02 04:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At51.job
[2012/01/02 04:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At52.job
[2012/01/02 05:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At53.job
[2012/01/02 05:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At54.job
[2012/01/02 06:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At55.job
[2012/01/02 06:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At56.job
[2012/01/02 07:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At57.job
[2012/01/02 07:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At58.job
[2012/01/02 08:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At59.job
[2012/01/02 05:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At6.job
[2012/01/02 08:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At60.job
[2012/01/02 09:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At61.job
[2012/01/02 09:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At62.job
[2012/01/02 10:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At63.job
[2012/01/02 10:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At64.job
[2012/01/02 11:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At65.job
[2012/01/02 11:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At66.job
[2012/01/02 12:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At67.job
[2012/01/02 12:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At68.job
[2012/01/01 13:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At69.job
[2012/01/02 06:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At7.job
[2012/01/01 13:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At70.job
[2012/01/02 14:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At71.job
[2012/01/02 14:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At72.job
[2012/01/02 15:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At73.job
[2012/01/02 15:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At74.job
[2012/01/02 16:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At75.job
[2012/01/02 16:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At76.job
[2012/01/02 17:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At77.job
[2012/01/02 17:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At78.job
[2012/01/02 18:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At79.job
[2012/01/02 06:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At8.job
[2012/01/02 18:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At80.job
[2012/01/01 19:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At81.job
[2012/01/01 19:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At82.job
[2012/01/01 20:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At83.job
[2012/01/01 20:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At84.job
[2012/01/01 21:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At85.job
[2012/01/01 21:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At86.job
[2012/01/01 22:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At87.job
[2012/01/01 22:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At88.job
[2012/01/01 23:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At89.job
[2012/01/02 07:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At9.job
[2012/01/01 23:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At90.job
[2012/01/02 00:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At91.job
[2012/01/02 00:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At92.job
[2012/01/02 01:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At93.job
[2012/01/02 01:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At94.job
[2012/01/02 02:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At95.job
[2012/01/02 02:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At96.job
[2011/07/27 14:07:16 | 000,032,544 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

[SuperDave]

First, OTLPE never asked to "load remote registry." When I double-clicked on it it opened a browser window and I had to navigate to the Windows folder where my OS is. I assume this is because I have two hard drives on my computer.

Second, there was no "non-Microsoft" option under the drivers section in OTLPE. The only options were: "none," "safelist," and "all." I left it on "safelist."

The program may have changed since those instructions were written.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)

:files
E:\Windows\tasks\At80.job
E:\Windows\tasks\At32.job
E:\Windows\tasks\At79.job
E:\Windows\tasks\At31.job
E:\Windows\tasks\At78.job
E:\Windows\tasks\At30.job
E:\Windows\tasks\At77.job
E:\Windows\tasks\At29.job
E:\Windows\tasks\At76.job
E:\Windows\tasks\At28.job
E:\Windows\tasks\At75.job
E:\Windows\tasks\At27.job
E:\Windows\tasks\At74.job
E:\Windows\tasks\At26.job
E:\Windows\tasks\At73.job
E:\Windows\tasks\At25.job
E:\Windows\tasks\At72.job
E:\Windows\tasks\At24.job
E:\Windows\tasks\At71.job
E:\Windows\tasks\At23.job
E:\Windows\tasks\At68.job
E:\Windows\tasks\At20.job
E:\Windows\tasks\At67.job
E:\Windows\tasks\At19.job
E:\Windows\tasks\At66.job
E:\Windows\tasks\At18.job
E:\Windows\tasks\At65.job
E:\Windows\tasks\At17.job
E:\Windows\tasks\At64.job
E:\Windows\tasks\At16.job
E:\Windows\tasks\At63.job
E:\Windows\tasks\At15.job
E:\Windows\tasks\At62.job
E:\Windows\tasks\At14.job
E:\Windows\tasks\At61.job
E:\Windows\tasks\At13.job
E:\Windows\tasks\At60.job
E:\Windows\tasks\At12.job
E:\Windows\tasks\At59.job
E:\Windows\tasks\At11.job
E:\Windows\tasks\At58.job
E:\Windows\tasks\At10.job
E:\Windows\tasks\At9.job
E:\Windows\tasks\At57.job
E:\Windows\tasks\At8.job
E:\Windows\tasks\At56.job
E:\Windows\tasks\At7.job
E:\Windows\tasks\At55.job
E:\Windows\tasks\At6.job
E:\Windows\tasks\At54.job
E:\Windows\tasks\At53.job
E:\Windows\tasks\At5.job
E:\Windows\tasks\At52.job
E:\Windows\tasks\At4.job
E:\Windows\tasks\At51.job
E:\Windows\tasks\At3.job
E:\Windows\tasks\At50.job
E:\Windows\tasks\At2.job
E:\Windows\tasks\At49.job
E:\Windows\tasks\At1.job
E:\Windows\tasks\At96.job
E:\Windows\tasks\At48.job
E:\Windows\tasks\At95.job
E:\Windows\tasks\At47.job
E:\Windows\tasks\At94.job
E:\Windows\tasks\At46.job
E:\Windows\tasks\At93.job
E:\Windows\tasks\At45.job
E:\Windows\tasks\At92.job
E:\Windows\tasks\At44.job
E:\Windows\tasks\At91.job
E:\Windows\tasks\At43.job
E:\Windows\tasks\At90.job
E:\Windows\tasks\At42.job
E:\Windows\tasks\At89.job
E:\Windows\tasks\At41.job
E:\Windows\tasks\At88.job
E:\Windows\tasks\At40.job
E:\Windows\tasks\At87.job
E:\Windows\tasks\At39.job
E:\Windows\tasks\At86.job
E:\Windows\tasks\At38.job
E:\Windows\tasks\At85.job
E:\Windows\tasks\At37.job
E:\Windows\tasks\At84.job
E:\Windows\tasks\At36.job
E:\Windows\tasks\At83.job
E:\Windows\tasks\At35.job
E:\Windows\tasks\At82.job
E:\Windows\tasks\At34.job
E:\Windows\tasks\At81.job
E:\Windows\tasks\At33.job
E:\Windows\tasks\At70.job
E:\Windows\tasks\At22.job
E:\Windows\tasks\At69.job
E:\Windows\tasks\At21.job

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.

[CuNaMo]

Allright, ran the fix and here is the report. Just FYI, I don't know how to get my wireless internet working within the OTL temporary OS, so I am transferring everything onto a flashdrive and then updating my post from my laptop. I don't know is this changes any of the directions you give me, but just wanted to let you know!

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_USERS\Administrator_ON_E\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_USERS\Curtis_&_Andrea_ON_E\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_USERS\LocalService_ON_E\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_USERS\NetworkService_ON_E\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_USERS\systemprofile_ON_E\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_USERS\UpdatusUser_ON_E\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_USERS\Administrator_ON_E\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_USERS\Curtis_&_Andrea_ON_E\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_USERS\LocalService_ON_E\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_USERS\NetworkService_ON_E\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_USERS\systemprofile_ON_E\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_USERS\UpdatusUser_ON_E\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
========== FILES ==========
E:\Windows\tasks\At80.job moved successfully.
E:\Windows\tasks\At32.job moved successfully.
E:\Windows\tasks\At79.job moved successfully.
E:\Windows\tasks\At31.job moved successfully.
E:\Windows\tasks\At78.job moved successfully.
E:\Windows\tasks\At30.job moved successfully.
E:\Windows\tasks\At77.job moved successfully.
E:\Windows\tasks\At29.job moved successfully.
E:\Windows\tasks\At76.job moved successfully.
E:\Windows\tasks\At28.job moved successfully.
E:\Windows\tasks\At75.job moved successfully.
E:\Windows\tasks\At27.job moved successfully.
E:\Windows\tasks\At74.job moved successfully.
E:\Windows\tasks\At26.job moved successfully.
E:\Windows\tasks\At73.job moved successfully.
E:\Windows\tasks\At25.job moved successfully.
E:\Windows\tasks\At72.job moved successfully.
E:\Windows\tasks\At24.job moved successfully.
E:\Windows\tasks\At71.job moved successfully.
E:\Windows\tasks\At23.job moved successfully.
E:\Windows\tasks\At68.job moved successfully.
E:\Windows\tasks\At20.job moved successfully.
E:\Windows\tasks\At67.job moved successfully.
E:\Windows\tasks\At19.job moved successfully.
E:\Windows\tasks\At66.job moved successfully.
E:\Windows\tasks\At18.job moved successfully.
E:\Windows\tasks\At65.job moved successfully.
E:\Windows\tasks\At17.job moved successfully.
E:\Windows\tasks\At64.job moved successfully.
E:\Windows\tasks\At16.job moved successfully.
E:\Windows\tasks\At63.job moved successfully.
E:\Windows\tasks\At15.job moved successfully.
E:\Windows\tasks\At62.job moved successfully.
E:\Windows\tasks\At14.job moved successfully.
E:\Windows\tasks\At61.job moved successfully.
E:\Windows\tasks\At13.job moved successfully.
E:\Windows\tasks\At60.job moved successfully.
E:\Windows\tasks\At12.job moved successfully.
E:\Windows\tasks\At59.job moved successfully.
E:\Windows\tasks\At11.job moved successfully.
E:\Windows\tasks\At58.job moved successfully.
E:\Windows\tasks\At10.job moved successfully.
E:\Windows\tasks\At9.job moved successfully.
E:\Windows\tasks\At57.job moved successfully.
E:\Windows\tasks\At8.job moved successfully.
E:\Windows\tasks\At56.job moved successfully.
E:\Windows\tasks\At7.job moved successfully.
E:\Windows\tasks\At55.job moved successfully.
E:\Windows\tasks\At6.job moved successfully.
E:\Windows\tasks\At54.job moved successfully.
E:\Windows\tasks\At53.job moved successfully.
E:\Windows\tasks\At5.job moved successfully.
E:\Windows\tasks\At52.job moved successfully.
E:\Windows\tasks\At4.job moved successfully.
E:\Windows\tasks\At51.job moved successfully.
E:\Windows\tasks\At3.job moved successfully.
E:\Windows\tasks\At50.job moved successfully.
E:\Windows\tasks\At2.job moved successfully.
E:\Windows\tasks\At49.job moved successfully.
E:\Windows\tasks\At1.job moved successfully.
E:\Windows\tasks\At96.job moved successfully.
E:\Windows\tasks\At48.job moved successfully.
E:\Windows\tasks\At95.job moved successfully.
E:\Windows\tasks\At47.job moved successfully.
E:\Windows\tasks\At94.job moved successfully.
E:\Windows\tasks\At46.job moved successfully.
E:\Windows\tasks\At93.job moved successfully.
E:\Windows\tasks\At45.job moved successfully.
E:\Windows\tasks\At92.job moved successfully.
E:\Windows\tasks\At44.job moved successfully.
E:\Windows\tasks\At91.job moved successfully.
E:\Windows\tasks\At43.job moved successfully.
E:\Windows\tasks\At90.job moved successfully.
E:\Windows\tasks\At42.job moved successfully.
E:\Windows\tasks\At89.job moved successfully.
E:\Windows\tasks\At41.job moved successfully.
E:\Windows\tasks\At88.job moved successfully.
E:\Windows\tasks\At40.job moved successfully.
E:\Windows\tasks\At87.job moved successfully.
E:\Windows\tasks\At39.job moved successfully.
E:\Windows\tasks\At86.job moved successfully.
E:\Windows\tasks\At38.job moved successfully.
E:\Windows\tasks\At85.job moved successfully.
E:\Windows\tasks\At37.job moved successfully.
E:\Windows\tasks\At84.job moved successfully.
E:\Windows\tasks\At36.job moved successfully.
E:\Windows\tasks\At83.job moved successfully.
E:\Windows\tasks\At35.job moved successfully.
E:\Windows\tasks\At82.job moved successfully.
E:\Windows\tasks\At34.job moved successfully.
E:\Windows\tasks\At81.job moved successfully.
E:\Windows\tasks\At33.job moved successfully.
E:\Windows\tasks\At70.job moved successfully.
E:\Windows\tasks\At22.job moved successfully.
E:\Windows\tasks\At69.job moved successfully.
E:\Windows\tasks\At21.job moved successfully.
========== COMMANDS ==========
HOSTS file reset successfully
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 01152012_184152

[SuperDave]

Any changes? Can you boot the computer?

[CuNaMo]

Oops! Sorry, forgot to check it! When I rebooted it asked me if I wanted to launch startup repair or if I wanted to start normally. I was replying to your post when it automatically started the repair! Should I stop it?

EDIT: Startup repair could not fix it, and upon rebooting I receive the same blue screen stop error as described in my first post!

[SuperDave]

Can you boot in Safe Mode?

[CuNaMo]

I don't know how to boot in safe mode without MSConfig. When I press F8 on my PC it goes to a boot device menu and doesn't have the option for safe mode! Is there a third way to boot safe mode?

[CuNaMo]

I figured out a way to see the safe mode menu. I had to disable "quick boot" and then on the second page of the boot menu F8 worked. However, the results were disappointing: it gives the same blue-screen stop error when I try to boot in safe mode!

[SuperDave]

Do you have your OS disk?

[CuNaMo]

Yes, and when I insert it to repair the OS it doesn't register that there is a copy of Windows installed, so I can't fix it. I don't want to reinstall, because I need my data on the hard drive and I don't have a portable hard drive to back it up on!


Is it hopeless doc?

[SuperDave]

Here's what I would recommend. First of all, boot your computer using the OTL rescue disk and you can save all your important data to DVD's or memory sticks. After that let's try another rescue disk.

Go to this link to create a Rescue CD or to this site to create a Rescue USB. Carefully follow all the instructions for whichever method you choose.

[CuNaMo]

Well, the amount of data I have on my computer would take several days to back up. Will the rescue CD/USB reformat, or anything like that? I made one, but I haven't used it yet.

[SuperDave]

Well, the amount of data I have on my computer would take several days to back up. Will the rescue CD/USB reformat, or anything like that? I made one, but I haven't used it yet.

The Rescue CD/USB will try to scan and clean your computer but it will not format. However, you really should take the time to backup your important data just in case everything goes south.