Author Topic: After running superantispyware my pc won't boot OS and blue screens! (Read 12792 times)

CuNaMo · « **on:** January 15, 2012, 11:12:32 AM »

Hello.

Recently I was infected with a virus called "Microsoft Security Center 2012," or something very similar to that. I clicked on a link in an email I thought was from a friend of mine and voila! So, I ran MBAM, and Superantispyware (not at the same time), and both programs needed to reboot to finish cleaning. Afterwards, I go to reboot my computer one more time and suddenly I get a blue screen and the following error:

STOP: C0000135 Program can't start because %hs is missing. Try reinstalling the program

Seeing this error, I first tried booting from the Windows 7 install disc, but when I went to the repair option it didn't detect my OS/hard drive! After searching some forums (including this one) I found a few tricks to make my install disc see my OS/hard drive, but none of them worked. So I decided that it was time to see what the antivirus programs did.

I used a bootable USB with xubuntu on it to access the files on my computer. I was able to look at the spyware logs and the problem revealed itself in the superantispyware log. Superantispyware deleted a file called “consrv.dll.” After some more research I found that this infected dll file makes edits to the registry that must be fixed BEFORE deleting the file, otherwise the above stop-error occurs. I am not entirely sure what those edits are, because it seems they might be different depending on the computer infected, but I have seen other people solve the problem by editing the registry from outside windows.

Here is where I need your help! I don’t know how to look at or edit the registry outside of windows, and I wouldn’t know what was missing even if I did. Additionally, there may still be other problems with my PC that I am not aware of, because this one will not even let me boot the OS! I have placed a link describing someone else's experience with the consrv.dll issue from another forum. Please help me, and thank you!

http://forum.avast.com/index.php?topic=87852.0

http://answers.microsoft.com/en-us/windows/forum/windows_7-system/stop-c0000135-program-cant-start-because-hs-is/5cea7ee8-d931-462c-a8fa-06d3444fad48

SuperDave · « **Reply #1 on:** January 15, 2012, 11:17:57 AM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please do not do anything in the Registry.

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

Place a blank CD-R disc in to your CD burning drive.
Download OTLPEStd.exe and double-click on it to burn to a CD using an ISO Burner. One can be found here.
Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
Your system should now display a REATOGO-X-PE desktop.
Double-click on the OTLPE icon.
When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start. Change the following settings
Change Drivers to Non-Microsoft
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\_OTL\MovedFiles
Copy this file to your USB drive if you do not have internet connection on this system
Please post the contents of the OTL.txt file in your reply.

CuNaMo · « **Reply #2 on:** January 15, 2012, 07:04:25 PM »

Hello and thanks for replying so quickly!

I made the OTLPE CD like you said, booted with it, and ran OTLPE from the desktop. However, there were some complications:

First, OTLPE never asked to "load remote registry." When I double-clicked on it it opened a browser window and I had to navigate to the Windows folder where my OS is. I assume this is because I have two hard drives on my computer.

Second, there was no "non-Microsoft" option under the drivers section in OTLPE. The only options were: "none," "safelist," and "all." I left it on "safelist."

Finally, I had trouble getting the OTLPE program to recognize my USB flashdrive. I had to use disk management to see the drive and open to save my OTL log file on my flashdrive.

So after all that here is the log:

OTL logfile created on: 1/15/2012 5:28:37 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): c:\pagefile.sys 9216 18432 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 73.82 Mb Free Space | 73.82% Space Free | Partition Type: NTFS
Drive D: | 931.50 Gb Total Space | 329.34 Gb Free Space | 35.36% Space Free | Partition Type: NTFS
Drive E: | 931.41 Gb Total Space | 104.96 Gb Free Space | 11.27% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/09 18:40:36 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto] -- E:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/11/26 01:47:36 | 000,665,320 | ---- | M] () [Auto] -- E:\Windows\System32\atwtusb.exe -- (WTService)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/12/15 04:39:18 | 000,008,192 | ---- | M] () [Auto] -- E:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand] -- E:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/03 06:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto] -- E:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 05:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto] -- E:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/07/12 19:27:09 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand] -- E:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/06 14:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/09/21 13:02:02 | 000,393,216 | ---- | M] (NetGear) [Auto] -- E:\Windows\SysWOW64\WN311BFCS.exe -- (WN311BFCS)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/01 17:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- E:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- E:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/10 04:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/01/19 20:47:18 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto] -- E:\Windows\System32\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/11/20 06:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/04/27 18:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 18:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 16:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 16:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/04/03 05:31:50 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\WN311B64.SYS -- (NTG43XX)
DRV:64bit: - [2009/08/26 00:15:10 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- E:\Windows\System32\drivers\walvhid.sys -- (vhidmini)
DRV:64bit: - [2009/07/08 03:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/01 14:20:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- E:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/14 11:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand] -- E:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/03/08 06:16:14 | 000,007,680 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- E:\Windows\System32\drivers\moufiltr.sys -- (moufiltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Curtis_&_Andrea_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\Curtis_&_Andrea_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Curtis_&_Andrea_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 E4 5B BA 76 D0 CB 01 [binary data]
IE - HKU\Curtis_&_Andrea_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.260.0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: E:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: E:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: E:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: E:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: E:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: E:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: E:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: E:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/04/26 14:45:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/04/26 14:45:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/02 12:39:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/15 16:17:27 | 000,000,000 | ---D | M]

[2011/02/19 22:42:19 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2011/02/19 22:42:19 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\mw8e0m5g.default\extensions
[2011/11/09 20:58:15 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
File not found (No name found) -- E:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) -- E:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/01/02 12:39:40 | 000,121,816 | ---- | M] (Mozilla Foundation) -- E:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/10 11:57:33 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- E:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/05/04 06:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/04 01:01:42 | 000,002,252 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 20:58:14 | 000,002,040 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - E:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - E:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O4:64bit: - HKLM..\Run: [IntelliPoint] E:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MacroKeyManager] E:\Windows\System32\WTMKM.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] E:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] E:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [amd_dc_opt] E:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AS00_WN311B] E:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe (NetGear)
O4 - HKLM..\Run: [DivXUpdate] E:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKU\UpdatusUser_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_E..\RunOnce: [mctadmin] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Administrator_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 0
O7 - HKU\Curtis_&_Andrea_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Curtis_&_Andrea_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Curtis_&_Andrea_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - E:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/14 18:47:53 | 000,000,000 | ---D | C] -- E:\.Trash-999
[2011/12/18 23:45:16 | 000,000,000 | ---D | C] -- E:\Users\Curtis & Andrea\Documents\Amazon MP3
[2011/12/18 23:45:16 | 000,000,000 | ---D | C] -- E:\Users\Curtis & Andrea\AppData\Roaming\Amazon
[2011/12/18 23:44:46 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2011/12/18 23:44:45 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Amazon
[3 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
[1 E:\Windows\SysWow64\*.tmp files -> E:\Windows\SysWow64\*.tmp -> ]
[1 E:\Windows\System32\drivers\*.tmp files -> E:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/15 02:14:35 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2012/01/15 02:14:28 | 535,683,071 | -HS- | M] () -- E:\hiberfil.sys
[2012/01/02 18:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At80.job
[2012/01/02 18:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At32.job
[2012/01/02 18:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At79.job
[2012/01/02 18:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At31.job
[2012/01/02 17:41:09 | 000,000,064 | ---- | M] () -- E:\Windows\SysWow64\rp_stats.dat
[2012/01/02 17:41:09 | 000,000,044 | ---- | M] () -- E:\Windows\SysWow64\rp_rules.dat
[2012/01/02 17:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At78.job
[2012/01/02 17:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At30.job
[2012/01/02 17:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At77.job
[2012/01/02 17:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At29.job
[2012/01/02 16:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At76.job
[2012/01/02 16:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At28.job
[2012/01/02 16:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At75.job
[2012/01/02 16:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At27.job
[2012/01/02 16:09:31 | 000,014,224 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/02 16:09:31 | 000,014,224 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/02 16:06:50 | 000,675,566 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2012/01/02 16:06:50 | 000,442,594 | ---- | M] () -- E:\Windows\System32\perfh012.dat
[2012/01/02 16:06:50 | 000,431,000 | ---- | M] () -- E:\Windows\System32\perfh011.dat
[2012/01/02 16:06:50 | 000,415,426 | ---- | M] () -- E:\Windows\System32\prfh0404.dat
[2012/01/02 16:06:50 | 000,398,324 | ---- | M] () -- E:\Windows\System32\prfh0804.dat
[2012/01/02 16:06:50 | 000,126,238 | ---- | M] () -- E:\Windows\System32\perfc011.dat
[2012/01/02 16:06:50 | 000,126,238 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2012/01/02 16:06:50 | 000,124,526 | ---- | M] () -- E:\Windows\System32\perfc012.dat
[2012/01/02 16:06:50 | 000,124,098 | ---- | M] () -- E:\Windows\System32\prfc0804.dat
[2012/01/02 16:06:50 | 000,119,184 | ---- | M] () -- E:\Windows\System32\prfc0404.dat
[2012/01/02 15:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At74.job
[2012/01/02 15:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At26.job
[2012/01/02 15:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At73.job
[2012/01/02 15:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At25.job
[2012/01/02 14:19:55 | 001,008,141 | ---- | M] () -- E:\Users\Curtis & Andrea\Desktop\rkill.com
[2012/01/02 14:17:40 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- E:\Users\Curtis & Andrea\Desktop\TDSSKiller.exe
[2012/01/02 14:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At72.job
[2012/01/02 14:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At24.job
[2012/01/02 14:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At71.job
[2012/01/02 14:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At23.job
[2012/01/02 14:11:46 | 000,001,120 | ---- | M] () -- E:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/02 14:11:46 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/02 13:52:30 | 000,002,056 | ---- | M] () -- E:\Users\Curtis & Andrea\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/02 13:51:22 | 000,004,976 | -HS- | M] () -- E:\Users\Curtis & Andrea\AppData\Local\381wif72x512qf62m5wdo2u735427n12o0160
[2012/01/02 13:51:22 | 000,004,976 | -HS- | M] () -- E:\ProgramData\381wif72x512qf62m5wdo2u735427n12o0160
[2012/01/02 12:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At68.job
[2012/01/02 12:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At20.job
[2012/01/02 12:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At67.job
[2012/01/02 12:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At19.job
[2012/01/02 11:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At66.job
[2012/01/02 11:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At18.job
[2012/01/02 11:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At65.job
[2012/01/02 11:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At17.job
[2012/01/02 10:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At64.job
[2012/01/02 10:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At16.job
[2012/01/02 10:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At63.job
[2012/01/02 10:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At15.job
[2012/01/02 09:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At62.job
[2012/01/02 09:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At14.job
[2012/01/02 09:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At61.job
[2012/01/02 09:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At13.job
[2012/01/02 08:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At60.job
[2012/01/02 08:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At12.job
[2012/01/02 08:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At59.job
[2012/01/02 08:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At11.job
[2012/01/02 07:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At58.job
[2012/01/02 07:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At10.job
[2012/01/02 07:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At9.job
[2012/01/02 07:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At57.job
[2012/01/02 06:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At8.job
[2012/01/02 06:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At56.job
[2012/01/02 06:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At7.job
[2012/01/02 06:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At55.job
[2012/01/02 05:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At6.job
[2012/01/02 05:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At54.job
[2012/01/02 05:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At53.job
[2012/01/02 05:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At5.job
[2012/01/02 04:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At52.job
[2012/01/02 04:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At4.job
[2012/01/02 04:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At51.job
[2012/01/02 04:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At3.job
[2012/01/02 03:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At50.job
[2012/01/02 03:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At2.job
[2012/01/02 03:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At49.job
[2012/01/02 03:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At1.job
[2012/01/02 02:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At96.job
[2012/01/02 02:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At48.job
[2012/01/02 02:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At95.job
[2012/01/02 02:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At47.job
[2012/01/02 01:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At94.job
[2012/01/02 01:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At46.job
[2012/01/02 01:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At93.job
[2012/01/02 01:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At45.job
[2012/01/02 00:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At92.job
[2012/01/02 00:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At44.job
[2012/01/02 00:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At91.job
[2012/01/02 00:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At43.job
[2012/01/01 23:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At90.job
[2012/01/01 23:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At42.job
[2012/01/01 23:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At89.job
[2012/01/01 23:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At41.job
[2012/01/01 22:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At88.job
[2012/01/01 22:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At40.job
[2012/01/01 22:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At87.job
[2012/01/01 22:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At39.job
[2012/01/01 21:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At86.job
[2012/01/01 21:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At38.job
[2012/01/01 21:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At85.job
[2012/01/01 21:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At37.job
[2012/01/01 20:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At84.job
[2012/01/01 20:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At36.job
[2012/01/01 20:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At83.job
[2012/01/01 20:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At35.job
[2012/01/01 19:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At82.job
[2012/01/01 19:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At34.job
[2012/01/01 19:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At81.job
[2012/01/01 19:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At33.job
[2012/01/01 13:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At70.job
[2012/01/01 13:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\tasks\At22.job
[2012/01/01 13:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At69.job
[2012/01/01 13:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\tasks\At21.job
[2011/12/31 00:19:28 | 000,001,674 | -HS- | M] () -- E:\Users\Curtis & Andrea\AppData\Local\s88mw2s78q
[2011/12/31 00:19:28 | 000,001,674 | -HS- | M] () -- E:\ProgramData\s88mw2s78q
[2011/12/28 04:12:19 | 000,002,052 | -HS- | M] () -- E:\Users\Curtis & Andrea\AppData\Local\le2sw25wpe16000eq3d62u3e361d6d868423f5o4g3goj
[2011/12/28 04:12:19 | 000,002,052 | -HS- | M] () -- E:\ProgramData\le2sw25wpe16000eq3d62u3e361d6d868423f5o4g3goj
[2011/12/26 23:24:21 | 000,009,530 | -HS- | M] () -- E:\ProgramData\dd36rm417bn1dh83kl0kjq27l5kl3207o3jv40n0318j3
[2011/12/22 00:32:00 | 000,937,264 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
[2011/12/22 00:27:04 | 000,000,118 | ---- | M] () -- E:\Windows\System32\MRT.INI
[2011/12/18 23:44:46 | 000,002,222 | ---- | M] () -- E:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2011/12/18 23:44:46 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[3 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
[1 E:\Windows\SysWow64\*.tmp files -> E:\Windows\SysWow64\*.tmp -> ]
[1 E:\Windows\System32\drivers\*.tmp files -> E:\Windows\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/02 14:19:57 | 001,008,141 | ---- | C] () -- E:\Users\Curtis & Andrea\Desktop\rkill.com
[2012/01/02 14:11:46 | 000,001,120 | ---- | C] () -- E:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/02 12:53:15 | 000,004,976 | -HS- | C] () -- E:\Users\Curtis & Andrea\AppData\Local\381wif72x512qf62m5wdo2u735427n12o0160
[2012/01/02 12:53:15 | 000,004,976 | -HS- | C] () -- E:\ProgramData\381wif72x512qf62m5wdo2u735427n12o0160
[2011/12/31 00:19:01 | 000,001,674 | -HS- | C] () -- E:\Users\Curtis & Andrea\AppData\Local\s88mw2s78q
[2011/12/31 00:19:01 | 000,001,674 | -HS- | C] () -- E:\ProgramData\s88mw2s78q
[2011/12/28 04:11:47 | 000,002,052 | -HS- | C] () -- E:\Users\Curtis & Andrea\AppData\Local\le2sw25wpe16000eq3d62u3e361d6d868423f5o4g3goj
[2011/12/28 04:11:47 | 000,002,052 | -HS- | C] () -- E:\ProgramData\le2sw25wpe16000eq3d62u3e361d6d868423f5o4g3goj
[2011/12/26 22:36:14 | 000,009,530 | -HS- | C] () -- E:\ProgramData\dd36rm417bn1dh83kl0kjq27l5kl3207o3jv40n0318j3
[2011/12/22 00:27:04 | 000,000,118 | ---- | C] () -- E:\Windows\System32\MRT.INI
[2011/12/18 23:44:46 | 000,002,222 | ---- | C] () -- E:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2011/12/12 20:35:01 | 000,008,988 | -HS- | C] () -- E:\ProgramData\nyvwwc4t3eyg0eco4bml8d514w2m
[2011/12/11 11:50:50 | 000,010,930 | -HS- | C] () -- E:\ProgramData\kkkyie8v2dkr8ipq7ofa1g307g6b
[2011/11/08 23:10:19 | 001,764,864 | ---- | C] () -- E:\Windows\SysWow64\ippmmG55sQ6dE8f.exe
[2011/11/08 21:23:05 | 001,764,864 | ---- | C] () -- E:\Windows\SysWow64\DlllOBBtzP0yA1.exe
[2011/11/08 10:33:40 | 001,764,864 | ---- | C] () -- E:\Windows\SysWow64\DlllONNtxP0cS1.exe
[2011/11/08 02:25:39 | 001,764,864 | ---- | C] () -- E:\Windows\SysWow64\DllOOBttzPycAiv.exe
[2011/11/08 02:17:23 | 001,764,864 | ---- | C] () -- E:\Windows\SysWow64\dllOOBttzP0cAiD.exe
[2011/09/28 19:44:14 | 000,179,271 | ---- | C] () -- E:\Windows\SysWow64\xlive.dll.cat
[2011/08/03 05:31:54 | 000,311,912 | ---- | C] () -- E:\Windows\SysWow64\nvStreaming.exe
[2011/06/27 14:44:15 | 000,256,512 | ---- | C] () -- E:\Windows\PEV.exe
[2011/06/27 14:44:15 | 000,208,896 | ---- | C] () -- E:\Windows\MBR.exe
[2011/06/27 14:44:15 | 000,098,816 | ---- | C] () -- E:\Windows\sed.exe
[2011/06/27 14:44:15 | 000,080,412 | ---- | C] () -- E:\Windows\grep.exe
[2011/06/27 14:44:15 | 000,068,096 | ---- | C] () -- E:\Windows\zip.exe
[2011/06/03 19:41:12 | 000,155,745 | ---- | C] () -- E:\Windows\SysWow64\installservice.exe
[2011/05/24 01:49:53 | 000,085,504 | ---- | C] () -- E:\Windows\SysWow64\ff_vfw.dll
[2011/05/02 16:40:30 | 000,000,064 | ---- | C] () -- E:\Windows\SysWow64\rp_stats.dat
[2011/05/02 16:40:30 | 000,000,044 | ---- | C] () -- E:\Windows\SysWow64\rp_rules.dat
[2011/04/29 03:19:00 | 000,004,096 | ---- | C] () -- E:\Windows\d3dx.dat
[2011/04/19 15:23:11 | 000,008,229 | ---- | C] () -- E:\Windows\aiptbl.ini
[2011/02/23 21:06:35 | 000,061,440 | ---- | C] () -- E:\Windows\SysWow64\FDI.exe
[2011/02/23 20:28:56 | 000,252,928 | ---- | C] () -- E:\Windows\SysWow64\DShowRdpFilter.dll
[2011/02/19 22:42:19 | 000,000,000 | ---- | C] () -- E:\Windows\nsreg.dat
[2011/02/19 21:44:01 | 000,008,192 | ---- | C] () -- E:\Windows\SysWow64\srvany.exe
[2011/02/19 17:54:26 | 000,640,957 | ---- | C] () -- E:\Windows\unins000.exe
[2011/02/19 17:54:26 | 000,000,805 | ---- | C] () -- E:\Windows\unins000.dat
[2011/02/19 17:06:06 | 000,073,220 | ---- | C] () -- E:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/02/19 17:06:06 | 000,031,053 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern131.dat
[2011/02/19 17:06:06 | 000,029,114 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern1.dat
[2011/02/19 17:06:06 | 000,027,417 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern121.dat
[2011/02/19 17:06:06 | 000,021,021 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern3.dat
[2011/02/19 17:06:06 | 000,015,670 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern5.dat
[2011/02/19 17:06:06 | 000,013,280 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern2.dat
[2011/02/19 17:06:06 | 000,010,673 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern4.dat
[2011/02/19 17:06:06 | 000,004,943 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern6.dat
[2011/02/19 17:06:06 | 000,001,140 | ---- | C] () -- E:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/02/19 17:06:06 | 000,001,140 | ---- | C] () -- E:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/02/19 17:06:06 | 000,001,137 | ---- | C] () -- E:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/02/19 17:06:06 | 000,001,130 | ---- | C] () -- E:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/02/19 17:06:06 | 000,001,130 | ---- | C] () -- E:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/02/19 17:06:06 | 000,001,104 | ---- | C] () -- E:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/02/19 17:06:06 | 000,000,097 | ---- | C] () -- E:\Windows\SysWow64\PICSDK.ini
[2011/02/19 15:43:12 | 002,870,032 | ---- | C] () -- E:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/19 15:39:01 | 000,921,665 | ---- | C] () -- E:\Windows\SysWow64\msvcrt-ruby18.dll
[2011/02/19 15:39:01 | 000,271,264 | ---- | C] () -- E:\Windows\SysWow64\vbrun100.dll
[2011/02/19 15:39:01 | 000,210,944 | ---- | C] () -- E:\Windows\SysWow64\msvcrt10.dll
[2011/02/19 15:39:01 | 000,027,136 | ---- | C] () -- E:\Windows\SysWow64\pythonw.exe
[2011/02/19 15:39:01 | 000,026,624 | ---- | C] () -- E:\Windows\SysWow64\python.exe
[2011/02/19 15:39:01 | 000,020,537 | ---- | C] () -- E:\Windows\SysWow64\rubyw.exe
[2011/02/19 15:39:01 | 000,020,536 | ---- | C] () -- E:\Windows\SysWow64\ruby.exe
[2009/11/10 22:28:02 | 000,129,768 | ---- | C] () -- E:\Windows\RmTablet.exe
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- E:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- E:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- E:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- E:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2011/05/29 01:27:26 | 000,000,000 | ---D | M] -- E:\ProgramData\AVAST Software
[2011/02/19 16:42:50 | 000,000,000 | ---D | M] -- E:\ProgramData\CheckPoint
[2011/09/09 15:15:36 | 000,000,000 | ---D | M] -- E:\ProgramData\DAEMON Tools Lite
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2011/07/05 21:15:40 | 000,000,000 | ---D | M] -- E:\ProgramData\eMule
[2011/02/19 17:05:59 | 000,000,000 | ---D | M] -- E:\ProgramData\EPSON
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2011/05/25 19:18:20 | 000,000,000 | ---D | M] -- E:\ProgramData\IObit
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2011/04/19 15:23:48 | 000,000,000 | ---D | M] -- E:\ProgramData\Tablet
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2011/12/17 03:56:28 | 000,000,000 | ---D | M] -- E:\ProgramData\Zoom Player
[2012/01/02 03:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At1.job
[2012/01/02 07:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At10.job
[2012/01/02 08:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At11.job
[2012/01/02 08:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At12.job
[2012/01/02 09:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At13.job
[2012/01/02 09:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At14.job
[2012/01/02 10:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At15.job
[2012/01/02 10:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At16.job
[2012/01/02 11:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At17.job
[2012/01/02 11:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At18.job
[2012/01/02 12:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At19.job
[2012/01/02 03:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At2.job
[2012/01/02 12:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At20.job
[2012/01/01 13:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At21.job
[2012/01/01 13:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At22.job
[2012/01/02 14:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At23.job
[2012/01/02 14:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At24.job
[2012/01/02 15:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At25.job
[2012/01/02 15:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At26.job
[2012/01/02 16:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At27.job
[2012/01/02 16:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At28.job
[2012/01/02 17:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At29.job
[2012/01/02 04:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At3.job
[2012/01/02 17:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At30.job
[2012/01/02 18:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At31.job
[2012/01/02 18:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At32.job
[2012/01/01 19:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At33.job
[2012/01/01 19:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At34.job
[2012/01/01 20:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At35.job
[2012/01/01 20:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At36.job
[2012/01/01 21:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At37.job
[2012/01/01 21:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At38.job
[2012/01/01 22:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At39.job
[2012/01/02 04:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At4.job
[2012/01/01 22:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At40.job
[2012/01/01 23:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At41.job
[2012/01/01 23:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At42.job
[2012/01/02 00:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At43.job
[2012/01/02 00:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At44.job
[2012/01/02 01:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At45.job
[2012/01/02 01:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At46.job
[2012/01/02 02:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At47.job
[2012/01/02 02:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At48.job
[2012/01/02 03:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At49.job
[2012/01/02 05:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At5.job
[2012/01/02 03:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At50.job
[2012/01/02 04:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At51.job
[2012/01/02 04:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At52.job
[2012/01/02 05:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At53.job
[2012/01/02 05:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At54.job
[2012/01/02 06:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At55.job
[2012/01/02 06:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At56.job
[2012/01/02 07:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At57.job
[2012/01/02 07:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At58.job
[2012/01/02 08:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At59.job
[2012/01/02 05:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At6.job
[2012/01/02 08:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At60.job
[2012/01/02 09:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At61.job
[2012/01/02 09:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At62.job
[2012/01/02 10:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At63.job
[2012/01/02 10:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At64.job
[2012/01/02 11:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At65.job
[2012/01/02 11:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At66.job
[2012/01/02 12:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At67.job
[2012/01/02 12:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At68.job
[2012/01/01 13:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At69.job
[2012/01/02 06:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At7.job
[2012/01/01 13:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At70.job
[2012/01/02 14:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At71.job
[2012/01/02 14:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At72.job
[2012/01/02 15:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At73.job
[2012/01/02 15:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At74.job
[2012/01/02 16:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At75.job
[2012/01/02 16:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At76.job
[2012/01/02 17:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At77.job
[2012/01/02 17:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At78.job
[2012/01/02 18:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At79.job
[2012/01/02 06:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At8.job
[2012/01/02 18:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At80.job
[2012/01/01 19:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At81.job
[2012/01/01 19:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At82.job
[2012/01/01 20:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At83.job
[2012/01/01 20:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At84.job
[2012/01/01 21:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At85.job
[2012/01/01 21:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At86.job
[2012/01/01 22:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At87.job
[2012/01/01 22:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At88.job
[2012/01/01 23:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At89.job
[2012/01/02 07:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At9.job
[2012/01/01 23:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At90.job
[2012/01/02 00:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At91.job
[2012/01/02 00:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At92.job
[2012/01/02 01:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At93.job
[2012/01/02 01:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At94.job
[2012/01/02 02:13:00 | 000,000,352 | ---- | M] () -- E:\Windows\Tasks\At95.job
[2012/01/02 02:13:00 | 000,000,354 | ---- | M] () -- E:\Windows\Tasks\At96.job
[2011/07/27 14:07:16 | 000,032,544 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

SuperDave · « **Reply #3 on:** January 15, 2012, 07:34:25 PM »

Quote

First, OTLPE never asked to "load remote registry." When I double-clicked on it it opened a browser window and I had to navigate to the Windows folder where my OS is. I assume this is because I have two hard drives on my computer.

Second, there was no "non-Microsoft" option under the drivers section in OTLPE. The only options were: "none," "safelist," and "all." I left it on "safelist."

The program may have changed since those instructions were written.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)

:files 
E:\Windows\tasks\At80.job
E:\Windows\tasks\At32.job
E:\Windows\tasks\At79.job
E:\Windows\tasks\At31.job
E:\Windows\tasks\At78.job
E:\Windows\tasks\At30.job
E:\Windows\tasks\At77.job
E:\Windows\tasks\At29.job
E:\Windows\tasks\At76.job
E:\Windows\tasks\At28.job
E:\Windows\tasks\At75.job
E:\Windows\tasks\At27.job
E:\Windows\tasks\At74.job
E:\Windows\tasks\At26.job
E:\Windows\tasks\At73.job
E:\Windows\tasks\At25.job
E:\Windows\tasks\At72.job
E:\Windows\tasks\At24.job
E:\Windows\tasks\At71.job
E:\Windows\tasks\At23.job
E:\Windows\tasks\At68.job
E:\Windows\tasks\At20.job
E:\Windows\tasks\At67.job
E:\Windows\tasks\At19.job
E:\Windows\tasks\At66.job
E:\Windows\tasks\At18.job
E:\Windows\tasks\At65.job
E:\Windows\tasks\At17.job
E:\Windows\tasks\At64.job
E:\Windows\tasks\At16.job
E:\Windows\tasks\At63.job
E:\Windows\tasks\At15.job
E:\Windows\tasks\At62.job
E:\Windows\tasks\At14.job
E:\Windows\tasks\At61.job
E:\Windows\tasks\At13.job
E:\Windows\tasks\At60.job
E:\Windows\tasks\At12.job
E:\Windows\tasks\At59.job
E:\Windows\tasks\At11.job
E:\Windows\tasks\At58.job
E:\Windows\tasks\At10.job
E:\Windows\tasks\At9.job
E:\Windows\tasks\At57.job
E:\Windows\tasks\At8.job
E:\Windows\tasks\At56.job
E:\Windows\tasks\At7.job
E:\Windows\tasks\At55.job
E:\Windows\tasks\At6.job
E:\Windows\tasks\At54.job
E:\Windows\tasks\At53.job
E:\Windows\tasks\At5.job
E:\Windows\tasks\At52.job
E:\Windows\tasks\At4.job
E:\Windows\tasks\At51.job
E:\Windows\tasks\At3.job
E:\Windows\tasks\At50.job
E:\Windows\tasks\At2.job
E:\Windows\tasks\At49.job
E:\Windows\tasks\At1.job
E:\Windows\tasks\At96.job
E:\Windows\tasks\At48.job
E:\Windows\tasks\At95.job
E:\Windows\tasks\At47.job
E:\Windows\tasks\At94.job
E:\Windows\tasks\At46.job
E:\Windows\tasks\At93.job
E:\Windows\tasks\At45.job
E:\Windows\tasks\At92.job
E:\Windows\tasks\At44.job
E:\Windows\tasks\At91.job
E:\Windows\tasks\At43.job
E:\Windows\tasks\At90.job
E:\Windows\tasks\At42.job
E:\Windows\tasks\At89.job
E:\Windows\tasks\At41.job
E:\Windows\tasks\At88.job
E:\Windows\tasks\At40.job
E:\Windows\tasks\At87.job
E:\Windows\tasks\At39.job
E:\Windows\tasks\At86.job
E:\Windows\tasks\At38.job
E:\Windows\tasks\At85.job
E:\Windows\tasks\At37.job
E:\Windows\tasks\At84.job
E:\Windows\tasks\At36.job
E:\Windows\tasks\At83.job
E:\Windows\tasks\At35.job
E:\Windows\tasks\At82.job
E:\Windows\tasks\At34.job
E:\Windows\tasks\At81.job
E:\Windows\tasks\At33.job
E:\Windows\tasks\At70.job
E:\Windows\tasks\At22.job
E:\Windows\tasks\At69.job
E:\Windows\tasks\At21.job

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.

CuNaMo · « **Reply #4 on:** January 15, 2012, 07:44:08 PM »

Allright, ran the fix and here is the report. Just FYI, I don't know how to get my wireless internet working within the OTL temporary OS, so I am transferring everything onto a flashdrive and then updating my post from my laptop. I don't know is this changes any of the directions you give me, but just wanted to let you know!

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_USERS\Administrator_ON_E\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_USERS\Curtis_&_Andrea_ON_E\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_USERS\LocalService_ON_E\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_USERS\NetworkService_ON_E\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_USERS\systemprofile_ON_E\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_USERS\UpdatusUser_ON_E\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_USERS\Administrator_ON_E\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_USERS\Curtis_&_Andrea_ON_E\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_USERS\LocalService_ON_E\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_USERS\NetworkService_ON_E\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_USERS\systemprofile_ON_E\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_USERS\UpdatusUser_ON_E\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error.\ not found.
========== FILES ==========
E:\Windows\tasks\At80.job moved successfully.
E:\Windows\tasks\At32.job moved successfully.
E:\Windows\tasks\At79.job moved successfully.
E:\Windows\tasks\At31.job moved successfully.
E:\Windows\tasks\At78.job moved successfully.
E:\Windows\tasks\At30.job moved successfully.
E:\Windows\tasks\At77.job moved successfully.
E:\Windows\tasks\At29.job moved successfully.
E:\Windows\tasks\At76.job moved successfully.
E:\Windows\tasks\At28.job moved successfully.
E:\Windows\tasks\At75.job moved successfully.
E:\Windows\tasks\At27.job moved successfully.
E:\Windows\tasks\At74.job moved successfully.
E:\Windows\tasks\At26.job moved successfully.
E:\Windows\tasks\At73.job moved successfully.
E:\Windows\tasks\At25.job moved successfully.
E:\Windows\tasks\At72.job moved successfully.
E:\Windows\tasks\At24.job moved successfully.
E:\Windows\tasks\At71.job moved successfully.
E:\Windows\tasks\At23.job moved successfully.
E:\Windows\tasks\At68.job moved successfully.
E:\Windows\tasks\At20.job moved successfully.
E:\Windows\tasks\At67.job moved successfully.
E:\Windows\tasks\At19.job moved successfully.
E:\Windows\tasks\At66.job moved successfully.
E:\Windows\tasks\At18.job moved successfully.
E:\Windows\tasks\At65.job moved successfully.
E:\Windows\tasks\At17.job moved successfully.
E:\Windows\tasks\At64.job moved successfully.
E:\Windows\tasks\At16.job moved successfully.
E:\Windows\tasks\At63.job moved successfully.
E:\Windows\tasks\At15.job moved successfully.
E:\Windows\tasks\At62.job moved successfully.
E:\Windows\tasks\At14.job moved successfully.
E:\Windows\tasks\At61.job moved successfully.
E:\Windows\tasks\At13.job moved successfully.
E:\Windows\tasks\At60.job moved successfully.
E:\Windows\tasks\At12.job moved successfully.
E:\Windows\tasks\At59.job moved successfully.
E:\Windows\tasks\At11.job moved successfully.
E:\Windows\tasks\At58.job moved successfully.
E:\Windows\tasks\At10.job moved successfully.
E:\Windows\tasks\At9.job moved successfully.
E:\Windows\tasks\At57.job moved successfully.
E:\Windows\tasks\At8.job moved successfully.
E:\Windows\tasks\At56.job moved successfully.
E:\Windows\tasks\At7.job moved successfully.
E:\Windows\tasks\At55.job moved successfully.
E:\Windows\tasks\At6.job moved successfully.
E:\Windows\tasks\At54.job moved successfully.
E:\Windows\tasks\At53.job moved successfully.
E:\Windows\tasks\At5.job moved successfully.
E:\Windows\tasks\At52.job moved successfully.
E:\Windows\tasks\At4.job moved successfully.
E:\Windows\tasks\At51.job moved successfully.
E:\Windows\tasks\At3.job moved successfully.
E:\Windows\tasks\At50.job moved successfully.
E:\Windows\tasks\At2.job moved successfully.
E:\Windows\tasks\At49.job moved successfully.
E:\Windows\tasks\At1.job moved successfully.
E:\Windows\tasks\At96.job moved successfully.
E:\Windows\tasks\At48.job moved successfully.
E:\Windows\tasks\At95.job moved successfully.
E:\Windows\tasks\At47.job moved successfully.
E:\Windows\tasks\At94.job moved successfully.
E:\Windows\tasks\At46.job moved successfully.
E:\Windows\tasks\At93.job moved successfully.
E:\Windows\tasks\At45.job moved successfully.
E:\Windows\tasks\At92.job moved successfully.
E:\Windows\tasks\At44.job moved successfully.
E:\Windows\tasks\At91.job moved successfully.
E:\Windows\tasks\At43.job moved successfully.
E:\Windows\tasks\At90.job moved successfully.
E:\Windows\tasks\At42.job moved successfully.
E:\Windows\tasks\At89.job moved successfully.
E:\Windows\tasks\At41.job moved successfully.
E:\Windows\tasks\At88.job moved successfully.
E:\Windows\tasks\At40.job moved successfully.
E:\Windows\tasks\At87.job moved successfully.
E:\Windows\tasks\At39.job moved successfully.
E:\Windows\tasks\At86.job moved successfully.
E:\Windows\tasks\At38.job moved successfully.
E:\Windows\tasks\At85.job moved successfully.
E:\Windows\tasks\At37.job moved successfully.
E:\Windows\tasks\At84.job moved successfully.
E:\Windows\tasks\At36.job moved successfully.
E:\Windows\tasks\At83.job moved successfully.
E:\Windows\tasks\At35.job moved successfully.
E:\Windows\tasks\At82.job moved successfully.
E:\Windows\tasks\At34.job moved successfully.
E:\Windows\tasks\At81.job moved successfully.
E:\Windows\tasks\At33.job moved successfully.
E:\Windows\tasks\At70.job moved successfully.
E:\Windows\tasks\At22.job moved successfully.
E:\Windows\tasks\At69.job moved successfully.
E:\Windows\tasks\At21.job moved successfully.
========== COMMANDS ==========
HOSTS file reset successfully

OTLPE by OldTimer - Version 3.1.48.0 log created on 01152012_184152

SuperDave · « **Reply #5 on:** January 15, 2012, 07:50:42 PM »

Any changes? Can you boot the computer?

CuNaMo · « **Reply #6 on:** January 15, 2012, 08:02:46 PM »

Oops! Sorry, forgot to check it! When I rebooted it asked me if I wanted to launch startup repair or if I wanted to start normally. I was replying to your post when it automatically started the repair! Should I stop it?

EDIT: Startup repair could not fix it, and upon rebooting I receive the same blue screen stop error as described in my first post!

SuperDave · « **Reply #7 on:** January 16, 2012, 04:29:28 PM »

Can you boot in Safe Mode?

CuNaMo · « **Reply #8 on:** January 16, 2012, 09:43:37 PM »

I don't know how to boot in safe mode without MSConfig. When I press F8 on my PC it goes to a boot device menu and doesn't have the option for safe mode! Is there a third way to boot safe mode?

CuNaMo · « **Reply #9 on:** January 16, 2012, 11:37:08 PM »

I figured out a way to see the safe mode menu. I had to disable "quick boot" and then on the second page of the boot menu F8 worked. However, the results were disappointing: it gives the same blue-screen stop error when I try to boot in safe mode!

SuperDave · « **Reply #10 on:** January 17, 2012, 11:54:59 AM »

Do you have your OS disk?

CuNaMo · « **Reply #11 on:** January 17, 2012, 11:57:01 PM »

Yes, and when I insert it to repair the OS it doesn't register that there is a copy of Windows installed, so I can't fix it. I don't want to reinstall, because I need my data on the hard drive and I don't have a portable hard drive to back it up on!

Is it hopeless doc?

SuperDave · « **Reply #12 on:** January 18, 2012, 12:21:36 PM »

Here's what I would recommend. First of all, boot your computer using the OTL rescue disk and you can save all your important data to DVD's or memory sticks. After that let's try another rescue disk.

Go to this link to create a Rescue CD or to this site to create a Rescue USB. Carefully follow all the instructions for whichever method you choose.

CuNaMo · « **Reply #13 on:** January 18, 2012, 11:32:03 PM »

Well, the amount of data I have on my computer would take several days to back up. Will the rescue CD/USB reformat, or anything like that? I made one, but I haven't used it yet.

SuperDave · « **Reply #14 on:** January 19, 2012, 11:25:58 AM »

Quote

Well, the amount of data I have on my computer would take several days to back up. Will the rescue CD/USB reformat, or anything like that? I made one, but I haven't used it yet.

The Rescue CD/USB will try to scan and clean your computer but it will not format. However, you really should take the time to backup your important data just in case everything goes south.

CuNaMo · « **Reply #15 on:** January 19, 2012, 09:38:29 PM »

Ok, that will take me a few days. Will you still be here? I should probably have it done by Sunday at the latest. I work during the day, that's why it will take so long.

SuperDave · « **Reply #16 on:** January 20, 2012, 11:43:00 AM »

Quote

Will you still be here?

Unless the Grim Reaper gets me.

CuNaMo · « **Reply #17 on:** January 23, 2012, 10:33:29 PM »

All right, well I ran the Dr. Web Live CD and the BitDefender bootable USB. Both of them found viruses/spyware and I deleted/cleaned all of them. Unfortunately, my system still does not boot in regular or safe mode!

I think I am missing a system file or something that tells my computer that an OS is installed. That's my best guess at least.

PS: thanks for waiting!

Some google searching showed me this website, which seems to confirm what I am suspecting. I think that Superantispyware did what this website says AVG does. I am missing a vital file for my computer to run which needs to be located and replaced. I haven't followed any other help sites or anything, I am just looking at information. Let me know what you think and thanks!

http://mikemstech.blogspot.com/2012/01/troubleshooting-0xc0000135.html

SuperDave · « **Reply #18 on:** January 24, 2012, 04:24:49 PM »

Please tell me what happens when you boot with the OS disk.

CuNaMo · « **Reply #19 on:** January 24, 2012, 11:08:03 PM »

When I boot the OS disk it goes to the install screen and I click the "repair" option in the bottom left. The next screen says "choose your OS" and has a little white box, but there is nothing in the box! There is no OS or anything. The other option in this screen is to "search for drivers." This allows me to search through my hard drive for a file, but I don't know which file I am supposed to find that will show that I have an OS installed.

When I was backing up my files I could navigate to the windows folder and look at all the system files I had there, so I know that my OS is still installed. A google search for this problem showed that a common cause of this problem is missing a DLL or some other system file so my computer/OS disk no longer recognizes the OS. I really do not want to format and reinstall!

When I try to boot into regular or safe mode I still get the same blue screen mentioned in my first post and the article I linked in my last post.

SuperDave · « **Reply #20 on:** January 25, 2012, 12:22:40 PM »

Here's a rescue disk that will let you boot your computer,run a scan and post the log. You can boot your computer again using this disk and save your important documents.

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

Place a blank CD-R disc in to your CD burning drive.
Download OTLPEStd.exe and double-click on it to burn to a CD using an ISO Burner. One can be found here.
Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
Your system should now display a REATOGO-X-PE desktop.
Double-click on the OTLPE icon.
When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start. Change the following settings
Change Drivers to Non-Microsoft
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\_OTL\MovedFiles
Copy this file to your USB drive if you do not have internet connection on this system
Please post the contents of the OTL.txt file in your reply.

CuNaMo · « **Reply #21 on:** January 30, 2012, 10:41:28 PM »

Sorry for the long wait. I have been busy at work. I did the scan with OTLPE as you said. Here is the log:

OTL logfile created on: 1/30/2012 9:20:38 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): c:\pagefile.sys 9216 18432 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 73.82 Mb Free Space | 73.82% Space Free | Partition Type: NTFS
Drive D: | 931.50 Gb Total Space | 312.03 Gb Free Space | 33.50% Space Free | Partition Type: NTFS
Drive E: | 931.41 Gb Total Space | 104.63 Gb Free Space | 11.23% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/09 18:40:36 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto] -- E:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/11/26 01:47:36 | 000,665,320 | ---- | M] () [Auto] -- E:\Windows\System32\atwtusb.exe -- (WTService)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/12/15 04:39:18 | 000,008,192 | ---- | M] () [Auto] -- E:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand] -- E:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/03 06:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto] -- E:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 05:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto] -- E:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/07/12 19:27:09 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand] -- E:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/06 14:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/09/21 13:02:02 | 000,393,216 | ---- | M] (NetGear) [Auto] -- E:\Windows\SysWOW64\WN311BFCS.exe -- (WN311BFCS)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/01 17:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- E:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- E:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/10 04:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/01/19 20:47:18 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto] -- E:\Windows\System32\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/11/20 06:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/04/27 18:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 18:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 16:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 16:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/04/03 05:31:50 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\WN311B64.SYS -- (NTG43XX)
DRV:64bit: - [2009/08/26 00:15:10 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- E:\Windows\System32\drivers\walvhid.sys -- (vhidmini)
DRV:64bit: - [2009/07/08 03:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/01 14:20:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- E:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/14 11:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand] -- E:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/03/08 06:16:14 | 000,007,680 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- E:\Windows\System32\drivers\moufiltr.sys -- (moufiltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Curtis_&_Andrea_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\Curtis_&_Andrea_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Curtis_&_Andrea_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 E4 5B BA 76 D0 CB 01 [binary data]
IE - HKU\Curtis_&_Andrea_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.260.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {1f91cde0-c040-11da-a94d-0800200c9a66}:4.1
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {2e61e246-e640-4c56-b1ed-f146dbed48cd}:1.2.1

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: E:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: E:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: E:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: E:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: E:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: E:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: E:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: E:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: E:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/04/26 14:45:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/04/26 14:45:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/02 12:39:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/15 16:17:27 | 000,000,000 | ---D | M]

[2011/02/19 15:52:41 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Curtis & Andrea\AppData\Roaming\Mozilla\Extensions
[2011/12/25 00:40:16 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Curtis & Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\h1x3w93d.default\extensions
[2011/12/25 00:40:16 | 000,000,000 | ---D | M] (DownloadHelper) -- E:\Users\Curtis & Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\h1x3w93d.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/05/05 18:19:22 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Curtis & Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\h1x3w93d.default\extensions\nostmp
[2011/03/12 15:16:28 | 000,000,000 | ---D | M] (Personas) -- E:\Users\Curtis & Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\h1x3w93d.default\extensions\[email protected]
[2011/11/09 20:58:15 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- E:\USERS\CURTIS & ANDREA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H1X3W93D.DEFAULT\EXTENSIONS\{1F91CDE0-C040-11DA-A94D-0800200C9A66}.XPI
[2012/01/02 12:39:40 | 000,121,816 | ---- | M] (Mozilla Foundation) -- E:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/10 11:57:33 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- E:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/05/04 06:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/04 01:01:42 | 000,002,252 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 20:58:14 | 000,002,040 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/15 18:41:54 | 000,000,098 | ---- | M]) - E:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - E:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - E:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O4:64bit: - HKLM..\Run: [IntelliPoint] E:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MacroKeyManager] E:\Windows\System32\WTMKM.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] E:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] E:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [amd_dc_opt] E:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AS00_WN311B] E:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe (NetGear)
O4 - HKLM..\Run: [DivXUpdate] E:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKU\UpdatusUser_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_E..\RunOnce: [mctadmin] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\Administrator_ON_E\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Administrator_ON_E\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\Administrator_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 0
O7 - HKU\Curtis_&_Andrea_ON_E\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Curtis_&_Andrea_ON_E\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\Curtis_&_Andrea_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Curtis_&_Andrea_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Curtis_&_Andrea_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\LocalService_ON_E\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_E\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\NetworkService_ON_E\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_E\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\systemprofile_ON_E\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_E\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\UpdatusUser_ON_E\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\UpdatusUser_ON_E\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - E:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/15 18:41:52 | 000,000,000 | ---D | C] -- E:\_OTL
[2012/01/14 18:47:53 | 000,000,000 | ---D | C] -- E:\.Trash-999
[3 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
[1 E:\Windows\SysWow64\*.tmp files -> E:\Windows\SysWow64\*.tmp -> ]
[1 E:\Windows\System32\drivers\*.tmp files -> E:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/24 00:43:42 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2012/01/24 00:43:35 | 535,683,071 | -HS- | M] () -- E:\hiberfil.sys
[2012/01/02 17:41:09 | 000,000,064 | ---- | M] () -- E:\Windows\SysWow64\rp_stats.dat
[2012/01/02 17:41:09 | 000,000,044 | ---- | M] () -- E:\Windows\SysWow64\rp_rules.dat
[2012/01/02 16:09:31 | 000,014,224 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/02 16:09:31 | 000,014,224 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/02 16:06:50 | 000,675,566 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2012/01/02 16:06:50 | 000,442,594 | ---- | M] () -- E:\Windows\System32\perfh012.dat
[2012/01/02 16:06:50 | 000,431,000 | ---- | M] () -- E:\Windows\System32\perfh011.dat
[2012/01/02 16:06:50 | 000,415,426 | ---- | M] () -- E:\Windows\System32\prfh0404.dat
[2012/01/02 16:06:50 | 000,398,324 | ---- | M] () -- E:\Windows\System32\prfh0804.dat
[2012/01/02 16:06:50 | 000,126,238 | ---- | M] () -- E:\Windows\System32\perfc011.dat
[2012/01/02 16:06:50 | 000,126,238 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2012/01/02 16:06:50 | 000,124,526 | ---- | M] () -- E:\Windows\System32\perfc012.dat
[2012/01/02 16:06:50 | 000,124,098 | ---- | M] () -- E:\Windows\System32\prfc0804.dat
[2012/01/02 16:06:50 | 000,119,184 | ---- | M] () -- E:\Windows\System32\prfc0404.dat
[2012/01/02 14:19:55 | 001,008,141 | ---- | M] () -- E:\Users\Curtis & Andrea\Desktop\rkill.com
[2012/01/02 14:17:40 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- E:\Users\Curtis & Andrea\Desktop\TDSSKiller.exe
[2012/01/02 14:11:46 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/02 13:52:30 | 000,002,056 | ---- | M] () -- E:\Users\Curtis & Andrea\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/02 13:51:22 | 000,004,976 | -HS- | M] () -- E:\Users\Curtis & Andrea\AppData\Local\381wif72x512qf62m5wdo2u735427n12o0160
[2012/01/02 13:51:22 | 000,004,976 | -HS- | M] () -- E:\ProgramData\381wif72x512qf62m5wdo2u735427n12o0160
[3 E:\Windows\*.tmp files -> E:\Windows\*.tmp -> ]
[1 E:\Windows\SysWow64\*.tmp files -> E:\Windows\SysWow64\*.tmp -> ]
[1 E:\Windows\System32\drivers\*.tmp files -> E:\Windows\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/02 14:19:57 | 001,008,141 | ---- | C] () -- E:\Users\Curtis & Andrea\Desktop\rkill.com
[2012/01/02 12:53:15 | 000,004,976 | -HS- | C] () -- E:\Users\Curtis & Andrea\AppData\Local\381wif72x512qf62m5wdo2u735427n12o0160
[2012/01/02 12:53:15 | 000,004,976 | -HS- | C] () -- E:\ProgramData\381wif72x512qf62m5wdo2u735427n12o0160
[2011/12/31 00:19:01 | 000,001,674 | -HS- | C] () -- E:\Users\Curtis & Andrea\AppData\Local\s88mw2s78q
[2011/12/31 00:19:01 | 000,001,674 | -HS- | C] () -- E:\ProgramData\s88mw2s78q
[2011/12/28 04:11:47 | 000,002,052 | -HS- | C] () -- E:\Users\Curtis & Andrea\AppData\Local\le2sw25wpe16000eq3d62u3e361d6d868423f5o4g3goj
[2011/12/28 04:11:47 | 000,002,052 | -HS- | C] () -- E:\ProgramData\le2sw25wpe16000eq3d62u3e361d6d868423f5o4g3goj
[2011/12/26 22:36:14 | 000,009,530 | -HS- | C] () -- E:\ProgramData\dd36rm417bn1dh83kl0kjq27l5kl3207o3jv40n0318j3
[2011/12/12 20:35:01 | 000,008,988 | -HS- | C] () -- E:\ProgramData\nyvwwc4t3eyg0eco4bml8d514w2m
[2011/12/11 11:50:50 | 000,010,930 | -HS- | C] () -- E:\ProgramData\kkkyie8v2dkr8ipq7ofa1g307g6b
[2011/09/28 19:44:14 | 000,179,271 | ---- | C] () -- E:\Windows\SysWow64\xlive.dll.cat
[2011/08/03 05:31:54 | 000,311,912 | ---- | C] () -- E:\Windows\SysWow64\nvStreaming.exe
[2011/06/27 14:44:15 | 000,256,512 | ---- | C] () -- E:\Windows\PEV.exe
[2011/06/27 14:44:15 | 000,208,896 | ---- | C] () -- E:\Windows\MBR.exe
[2011/06/27 14:44:15 | 000,098,816 | ---- | C] () -- E:\Windows\sed.exe
[2011/06/27 14:44:15 | 000,080,412 | ---- | C] () -- E:\Windows\grep.exe
[2011/06/27 14:44:15 | 000,068,096 | ---- | C] () -- E:\Windows\zip.exe
[2011/06/03 19:41:12 | 000,155,745 | ---- | C] () -- E:\Windows\SysWow64\installservice.exe
[2011/05/24 01:49:53 | 000,085,504 | ---- | C] () -- E:\Windows\SysWow64\ff_vfw.dll
[2011/05/02 16:40:30 | 000,000,064 | ---- | C] () -- E:\Windows\SysWow64\rp_stats.dat
[2011/05/02 16:40:30 | 000,000,044 | ---- | C] () -- E:\Windows\SysWow64\rp_rules.dat
[2011/04/29 03:19:00 | 000,004,096 | ---- | C] () -- E:\Windows\d3dx.dat
[2011/04/19 15:23:11 | 000,008,229 | ---- | C] () -- E:\Windows\aiptbl.ini
[2011/02/23 21:06:35 | 000,061,440 | ---- | C] () -- E:\Windows\SysWow64\FDI.exe
[2011/02/23 20:28:56 | 000,252,928 | ---- | C] () -- E:\Windows\SysWow64\DShowRdpFilter.dll
[2011/02/19 22:42:19 | 000,000,000 | ---- | C] () -- E:\Windows\nsreg.dat
[2011/02/19 21:44:01 | 000,008,192 | ---- | C] () -- E:\Windows\SysWow64\srvany.exe
[2011/02/19 17:54:26 | 000,640,957 | ---- | C] () -- E:\Windows\unins000.exe
[2011/02/19 17:54:26 | 000,000,805 | ---- | C] () -- E:\Windows\unins000.dat
[2011/02/19 17:06:06 | 000,073,220 | ---- | C] () -- E:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/02/19 17:06:06 | 000,031,053 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern131.dat
[2011/02/19 17:06:06 | 000,029,114 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern1.dat
[2011/02/19 17:06:06 | 000,027,417 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern121.dat
[2011/02/19 17:06:06 | 000,021,021 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern3.dat
[2011/02/19 17:06:06 | 000,015,670 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern5.dat
[2011/02/19 17:06:06 | 000,013,280 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern2.dat
[2011/02/19 17:06:06 | 000,010,673 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern4.dat
[2011/02/19 17:06:06 | 000,004,943 | ---- | C] () -- E:\Windows\SysWow64\EPPICPattern6.dat
[2011/02/19 17:06:06 | 000,001,140 | ---- | C] () -- E:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/02/19 17:06:06 | 000,001,140 | ---- | C] () -- E:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/02/19 17:06:06 | 000,001,137 | ---- | C] () -- E:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/02/19 17:06:06 | 000,001,130 | ---- | C] () -- E:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/02/19 17:06:06 | 000,001,130 | ---- | C] () -- E:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/02/19 17:06:06 | 000,001,104 | ---- | C] () -- E:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/02/19 17:06:06 | 000,000,097 | ---- | C] () -- E:\Windows\SysWow64\PICSDK.ini
[2011/02/19 15:43:12 | 002,870,032 | ---- | C] () -- E:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/19 15:39:01 | 000,921,665 | ---- | C] () -- E:\Windows\SysWow64\msvcrt-ruby18.dll
[2011/02/19 15:39:01 | 000,271,264 | ---- | C] () -- E:\Windows\SysWow64\vbrun100.dll
[2011/02/19 15:39:01 | 000,210,944 | ---- | C] () -- E:\Windows\SysWow64\msvcrt10.dll
[2011/02/19 15:39:01 | 000,027,136 | ---- | C] () -- E:\Windows\SysWow64\pythonw.exe
[2011/02/19 15:39:01 | 000,026,624 | ---- | C] () -- E:\Windows\SysWow64\python.exe
[2011/02/19 15:39:01 | 000,020,537 | ---- | C] () -- E:\Windows\SysWow64\rubyw.exe
[2011/02/19 15:39:01 | 000,020,536 | ---- | C] () -- E:\Windows\SysWow64\ruby.exe
[2009/11/10 22:28:02 | 000,129,768 | ---- | C] () -- E:\Windows\RmTablet.exe
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- E:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- E:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- E:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- E:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2011/05/29 01:27:26 | 000,000,000 | ---D | M] -- E:\ProgramData\AVAST Software
[2011/02/19 16:42:50 | 000,000,000 | ---D | M] -- E:\ProgramData\CheckPoint
[2011/09/09 15:15:36 | 000,000,000 | ---D | M] -- E:\ProgramData\DAEMON Tools Lite
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2011/07/05 21:15:40 | 000,000,000 | ---D | M] -- E:\ProgramData\eMule
[2011/02/19 17:05:59 | 000,000,000 | ---D | M] -- E:\ProgramData\EPSON
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2011/05/25 19:18:20 | 000,000,000 | ---D | M] -- E:\ProgramData\IObit
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2011/04/19 15:23:48 | 000,000,000 | ---D | M] -- E:\ProgramData\Tablet
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2011/12/17 03:56:28 | 000,000,000 | ---D | M] -- E:\ProgramData\Zoom Player
[2011/07/27 14:07:16 | 000,032,544 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Computer still blue screens with same error upon boot and also with safe mode!

SuperDave · « **Reply #22 on:** January 31, 2012, 11:52:42 AM »

It appears that your OS is located on the E drive and there is only 11% free space on that drive. Windows requires at least 15% free space to operate which could be one of your problems. This is also why it cannot find the OS when you boot with the OS disk.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL

:Files

E:\ProgramData\nyvwwc4t3eyg0eco4bml8d514w2m
E:\ProgramData\kkkyie8v2dkr8ipq7ofa1g307g6b

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
*************************************************************
Please try re-booting in Normal Mode after doing the above.

CuNaMo · « **Reply #23 on:** February 04, 2012, 07:19:54 PM »

Sorry for the delay, I am still really busy. I have two jobs, and one of them is high school teacher, so I have grading and whatnot to do when I get home. I really appreciate your help, and I'm sorry to make you wait like this.

Here is the log from the fix you gave me. I also deleted some games and movies on my hard drive that I didn't need in the hopes of clearing some more space for the OS.

========== OTL ==========
========== FILES ==========
E:\ProgramData\nyvwwc4t3eyg0eco4bml8d514w2m moved successfully.
E:\ProgramData\kkkyie8v2dkr8ipq7ofa1g307g6b moved successfully.
========== COMMANDS ==========
E:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTLPE by OldTimer - Version 3.1.48.0 log created on 02042012_175645

Booting normally and in safe mode still give the same bluescreen, and the windows CD still doesn't detect the OS.

SuperDave · « **Reply #24 on:** February 04, 2012, 07:39:09 PM »

Quote

am still really busy. I have two jobs, and one of them is high school teacher, so I have grading and whatnot to do when I get home. I really appreciate your help, and I'm sorry to make you wait like this.

No need to apologize. Your job comes first especially in these trying times. I'm here every day.

Quote

and the windows CD still doesn't detect the OS.
Usually that means that the OS disk doesn't match the OS on the computer. In your case it's probably because the OS is on the E drive.

Download BlueScreenView to your desktop.
BlueScreenView
unzip downloaded file and double click on BlueScreenView.exe to run the program.
when scanning is done, go to EDIT - Select All
Go to FILE - SAVE Selected Items, and save the report as BSOD.txt
Open BSOD.txt in Notepad, copy all of the content, and paste it into your next reply.

CuNaMo · « **Reply #25 on:** February 04, 2012, 08:32:08 PM »

How am I supposed to run it? I tried running through the OTPLE startup disc, but it didn't do anything.

SuperDave · « **Reply #26 on:** February 05, 2012, 11:50:13 AM »

Unfortunately, we've come to the point where you should boot your computer using the OTLPE rescue disk and save all your important data to memory sticks or DVD's and prepare to reinstall your OS.

CuNaMo · « **Reply #27 on:** February 05, 2012, 03:03:37 PM »

SIGH, okay, well thank you for all your help.

SuperDave · « **Reply #28 on:** February 05, 2012, 07:09:17 PM »

Quote from: CuNaMo on February 05, 2012, 03:03:37 PM

SIGH, okay, well thank you for all your help.

You're welcome. Sometimes you win some and sometimes you lose.

Computer Hope Forum

News:

Author Topic: After running superantispyware my pc won't boot OS and blue screens! (Read 12792 times)

CuNaMo

SuperDave

CuNaMo

SuperDave

CuNaMo

SuperDave

CuNaMo

SuperDave

CuNaMo

CuNaMo

SuperDave

CuNaMo

SuperDave

CuNaMo

SuperDave

CuNaMo

SuperDave

CuNaMo

SuperDave

CuNaMo

SuperDave

CuNaMo

SuperDave

CuNaMo

SuperDave

CuNaMo

SuperDave

CuNaMo

SuperDave