Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Check has taken over my wife's computer


  • This topic is locked This topic is locked
83 replies to this topic

#1 billmorse

billmorse

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 22 January 2012 - 12:07 PM

I really need your help on this one. The System Check virus has found a way around the rkill program. I started in Safe Mode with Networking but there's no direct internet link loaded. can manage to work around this by downloading the Avast! program on my computer, transferring it to my wife's via cd,and installing it. I then click on the "register program" link and it gets me online. However, when I run rkill it brings up the DOS screen, but before it starts it appears to reboot (rather fast!) and does not remove any files. I ran it 4 times in a row but got the same result. Here's my dds file:


.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_24
Run by Maureen at 18:51:05 on 2012-01-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1514 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\explorer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://boston.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: TTB000000 Class: {62960d20-6d0d-1ab4-4bf1-95b0b5b8783a} - c:\users\maureen\appdata\local\temp\low\COUPON~1.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {A057A204-BACC-4D26-CEC4-75A487FD6484} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [zBrowser Launcher] c:\progra~1\logitech\itouch\iTouch.exe
mRun: [LogitechCameraService(E)] c:\windows\system32\ElkCtrl.exe /automation
mRun: [LogitechVideo[inspector]] c:\program files\logitech\video\InstallHelper.exe /inspect
mRun: [LogitechCameraAssistant] c:\program files\logitech\video\CameraAssistant.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRunOnce: [GrpConv] grpconv -o
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
DPF: YExplorer1_8US.CAB - hxxp://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.7.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.winkflash.com/photo/loaders/ImageUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxp://www.iolo.com/app/ocx/UpgradeVerify.cab
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{080D68EA-294E-40A8-8835-2DE057B526EE} : DhcpNameServer = 192.168.1.1 71.243.0.12
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\maureen\appdata\roaming\mozilla\firefox\profiles\wt4n5bz8.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\verizon\vsp\nprpspa.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
.
============= SERVICES / DRIVERS ===============
.
R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2011-1-21 689464]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-21 435032]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-21 314456]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-3-23 20392]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-21 20568]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-1-21 55128]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-21 44768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-27 21504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-1 135664]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-3-29 13336]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-1 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2005-8-3 4736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-12-28 40776]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2005-8-3 8960]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2100-02-08 20:03:54 53248 ---ha-w- c:\program files\ACMonitor_X73.exe
2012-01-21 20:42:06 -------- d-----w- C:\## aswSnx private storage
2012-01-21 17:24:23 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-01-21 17:24:23 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-21 17:24:16 41184 ----a-w- c:\windows\avastSS.scr
2012-01-21 17:24:06 -------- d-----w- c:\programdata\AVAST Software
2012-01-21 17:24:06 -------- d-----w- c:\program files\AVAST Software
2012-01-21 16:03:50 360328 ----a-w- c:\programdata\aJ4xsja5Uqxmtb.exe
2012-01-12 14:38:44 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-12 14:38:44 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-12 14:38:44 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-12 14:38:44 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-12 14:38:43 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-12 14:38:43 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-11 08:38:15 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 08:38:15 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 08:38:14 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 08:38:12 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 08:38:08 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 08:38:07 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-11 08:38:05 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 08:38:05 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-10 16:36:54 479232 ---ha-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-10 16:36:54 43992 ---ha-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-10 16:36:53 626688 ---ha-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-10 16:36:53 548864 ---ha-w- c:\program files\mozilla firefox\msvcp80.dll
2011-12-29 02:36:20 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
.
==================== Find3M ====================
.
2012-01-19 17:06:38 60 ----a-w- c:\windows\wpd99.drv
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 04:54:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 06:22:04 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 06:17:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-03 06:17:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 06:17:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-11-03 06:17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-03 05:22:43 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 04:45:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-03 04:43:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-27 08:01:53 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 15:56:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
2001-05-08 20:36:42 114688 ---ha-w- c:\program files\lxarscan.dll
.
============= FINISH: 18:53:15.27 ===============

I also ran the gmer program

I've attached the ark.txt and attach.txt files as instructed.

Any help you can offer would be greatly appreciated!Attached File  attach.txt   21.92KB   0 downloads

Attached Files

  • Attached File  ark.txt   14.68KB   1 downloads


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:59 AM

Posted 28 January 2012 - 07:52 AM

Welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.sys /90
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 billmorse

billmorse
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 28 January 2012 - 02:06 PM

Hello etavares,

Thank you for replying. I really appreciate it.

I followed all your instructions and am attaching the OTL, extras, and ark.txt files created today
Attached File  OTL.Txt   163.75KB   5 downloads
Attached File  ark.txt   18.51KB   6 downloads
Attached File  Extras.Txt   91.66KB   5 downloads

Good luck and thank you again.

Bill

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:59 AM

Posted 28 January 2012 - 06:05 PM

Hello, billmorse.

Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.




Registry Cleaner Warning


I also see that you have a Ccleaner installed. It is a great tool that I use. However, be careful of the registry cleaning functionality (versus file cleaning), Here at BC, we do not recommend using registry cleaners as they don't speed up your computer and they can do more harm than good if they remove a legitimate entry. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/index.php?showtopic=238799&st=0&p=1326578&#entry1326578



Step 1



Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 billmorse

billmorse
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 28 January 2012 - 07:06 PM

I tried running the etavaresCF program but it appears that AVG 2012 anvivirus and antispyware are running. I can't open the avg program as the shortcut doesn't work and they don't show up in my c drive. How can I disable them when I can't find them?

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:59 AM

Posted 29 January 2012 - 06:05 AM

Try downloading and running AVG Remover(32bit) 2012 from AVG. Save it to your desktop. Run it and follow any prompts. Reboot at the end if it doesn't reboot it for you. Then try combofix again.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 billmorse

billmorse
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 29 January 2012 - 09:49 AM

the avg removal program didn't work. The log file is too large to attach and I can't upload the zipped file. A portion follows:

2012-01-29 13:41:14,146 INFO AvgRemover 2012.0.5
-------------------------------------------------------
2012-01-29 13:41:14,149 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2012-01-29 13:41:14,149 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2012-01-29 13:41:14,149 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir (x86) value failed (error: e001003d)
2012-01-29 13:41:14,150 INFO Command line: "C:\Users\Maureen\Desktop\avg_remover_stf_x86_2012_1796.exe"
2012-01-29 13:41:14,150 WARN AvgDir param empty.
2012-01-29 13:41:14,151 WARN AvgDataDir param empty.
2012-01-29 13:41:18,307 INFO AvgRemover runs in attempt number 1
2012-01-29 13:41:18,307 INFO Attempting to unregister AVG from the Windows Security Center.
2012-01-29 13:41:18,308 INFO Attempting to uninstall toolbar
2012-01-29 13:41:19,008 INFO ***** Msi data *****
2012-01-29 13:41:19,054 DEBUG No product code found for our upgrade codes, nothing to do here
2012-01-29 13:41:19,054 INFO ***** Exchange&Outlook plugins data *****
2012-01-29 13:41:19,054 INFO Removing AvgOutlook addin
2012-01-29 13:41:19,054 INFO AvgOutlook Removing HKCR addin keys x86
2012-01-29 13:41:19,055 DEBUG Failed to delete key 'avgoutlook.Addin': 0xe001003d
2012-01-29 13:41:19,055 DEBUG Failed to delete key 'avgoutlook.Addin.1': 0xe001003d
2012-01-29 13:41:19,056 DEBUG Failed to delete key 'CLSID\{F083C5AB-08AD-4ABF-A2BE-8FA5C7D2F10A}': 0xe001003d
2012-01-29 13:41:19,056 DEBUG Failed to delete key 'AppID\avgoutlook.DLL': 0xe001003d
2012-01-29 13:41:19,056 INFO AvgOutlook Removing HKCR addin keys x64
2012-01-29 13:41:19,056 DEBUG Failed to delete key 'avgoutlook.Addin': 0xe001003d
2012-01-29 13:41:19,056 DEBUG Failed to delete key 'avgoutlook.Addin.1': 0xe001003d
2012-01-29 13:41:19,057 DEBUG Failed to delete key 'CLSID\{9F39046C-801E-4E15-8CD9-ACF0ACF29048}': 0xe001003d
2012-01-29 13:41:19,057 DEBUG Failed to delete key 'CLSID\{F083C5AB-08AD-4ABF-A2BE-8FA5C7D2F10A}': 0xe001003d
2012-01-29 13:41:19,057 DEBUG Failed to delete key 'AppID\avgoutlook.DLL': 0xe001003d
2012-01-29 13:41:19,057 INFO Removing Sharepoint plugin if exists
2012-01-29 13:41:19,057 DEBUG Failed to open key 'Software\Microsoft\Shared Tools\Web Server Extensions\AVScanner': 0xe0010013
2012-01-29 13:41:19,058 DEBUG Failed to open key 'Software\Microsoft\Shared Tools\Web Server Extensions\AVScanner': 0xe0010013
2012-01-29 13:41:19,058 INFO Removing Antispam plugin for Exchange 2000/2003 if exists
2012-01-29 13:41:19,058 DEBUG Stopping service 'MSExchangeIS' to remove VSAPI plugin...
2012-01-29 13:41:19,059 DEBUG Service MSExchangeIS Stop failed (error: c0070424)
2012-01-29 13:41:19,059 DEBUG Exchange&Outlook plugins removal failed with error 0xc0070424
2012-01-29 13:41:19,059 INFO ***** Services *****
2012-01-29 13:41:19,060 INFO Processing service avg8emc, it can take several minutes...
2012-01-29 13:41:19,060 INFO Processing service avgfws8, it can take several minutes...
2012-01-29 13:41:19,067 INFO Service avg8emc is not installed
2012-01-29 13:41:19,086 DEBUG Service avg8emc RegCleanup
2012-01-29 13:41:19,087 DEBUG Registry keys for service avg8emc are not present
2012-01-29 13:41:19,080 INFO Service avgfws8 is not installed
2012-01-29 13:41:19,093 DEBUG Service avgfws8 RegCleanup
2012-01-29 13:41:19,093 DEBUG Registry keys for service avgfws8 are not present

Also, when I tried to re-run the combofix program I got an error message:

Error opening file for writing. C:\32788R22FWJFW\pev.3xe

What now?

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:59 AM

Posted 29 January 2012 - 10:41 AM

Hello, billmorse.
We need to scan the system with this special tool:

* Please download and save:

Junction.zip

* Unzip it and place Junction.exe in the Windows directory (C:\Windows).
* Go to Start => Run... => Copy and paste the following command in the Run box and click OK:

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system. Wait until a log file opens. Copy and paste the log in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 billmorse

billmorse
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 29 January 2012 - 05:56 PM

OK, here it is: Hope this works! Thanks for sticking with me on this. I really appreciate it.

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

\\?\c:\\Documents and Settings: JUNCTION
Print Name : C:\Users
Substitute Name: C:\Users


Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\System Volume Information: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

..\\?\c:\\ProgramData\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\c:\\ProgramData\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\c:\\ProgramData\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\c:\\ProgramData\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites

\\?\c:\\ProgramData\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\ProgramData\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

.

...


Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1f0d2d30efa8af15f86b48a0323131c6_f11fab13-e320-4a3e-b9b9-b2cabde2da7d: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

\\?\c:\\Users\All Users: SYMBOLIC LINK
Print Name : C:\ProgramData
Substitute Name: \??\C:\ProgramData

\\?\c:\\Users\Default User: JUNCTION
Print Name : C:\Users\Default
Substitute Name: C:\Users\Default

\\?\c:\\Users\All Users\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\c:\\Users\All Users\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Users\All Users\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\c:\\Users\All Users\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Users\All Users\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Users\All Users\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

...

..
Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\1f0d2d30efa8af15f86b48a0323131c6_f11fab13-e320-4a3e-b9b9-b2cabde2da7d: Access is denied.


.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

.\\?\c:\\Users\Default\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming
Substitute Name: C:\Users\Default\AppData\Roaming

\\?\c:\\Users\Default\Cookies: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Default\Local Settings: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\My Documents: JUNCTION
Print Name : C:\Users\Default\Documents
Substitute Name: C:\Users\Default\Documents

\\?\c:\\Users\Default\NetHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Default\PrintHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Default\Recent: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Default\SendTo: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Default\Start Menu: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Default\Templates: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Default\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\AppData\Local\History: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Default\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files

\\?\c:\\Users\Default\Documents\My Music: JUNCTION
Print Name : C:\Users\Default\Music
Substitute Name: C:\Users\Default\Music

\\?\c:\\Users\Default\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Default\Pictures
Substitute Name: C:\Users\Default\Pictures

\\?\c:\\Users\Default\Documents\My Videos: JUNCTION
Print Name : C:\Users\Default\Videos
Substitute Name: C:\Users\Default\Videos

\\?\c:\\Users\Maureen\Application Data: JUNCTION
Print Name : C:\Users\Maureen\AppData\Roaming
Substitute Name: C:\Users\Maureen\AppData\Roaming

\\?\c:\\Users\Maureen\Cookies: JUNCTION
Print Name : C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Maureen\Local Settings: JUNCTION
Print Name : C:\Users\Maureen\AppData\Local
Substitute Name: C:\Users\Maureen\AppData\Local

\\?\c:\\Users\Maureen\My Documents: JUNCTION
Print Name : C:\Users\Maureen\Documents
Substitute Name: C:\Users\Maureen\Documents

\\?\c:\\Users\Maureen\NetHood: JUNCTION
Print Name : C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Maureen\PrintHood: JUNCTION
Print Name : C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Maureen\Recent: JUNCTION
Print Name : C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Recent

.\\?\c:\\Users\Maureen\SendTo: JUNCTION
Print Name : C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Maureen\Start Menu: JUNCTION
Print Name : C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Maureen\Templates: JUNCTION
Print Name : C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Maureen\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Maureen\AppData\Local
Substitute Name: C:\Users\Maureen\AppData\Local

\\?\c:\\Users\Maureen\AppData\Local\History: JUNCTION
Print Name : C:\Users\Maureen\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Maureen\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Maureen\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Maureen\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Maureen\AppData\Local\Microsoft\Windows\Temporary Internet Files

.

...

...

...

...

...

.\\?\c:\\Users\Maureen\Documents\My Music: JUNCTION
Print Name : C:\Users\Maureen\Music
Substitute Name: C:\Users\Maureen\Music

\\?\c:\\Users\Maureen\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Maureen\Pictures
Substitute Name: C:\Users\Maureen\Pictures

\\?\c:\\Users\Maureen\Documents\My Videos: JUNCTION
Print Name : C:\Users\Maureen\Videos
Substitute Name: C:\Users\Maureen\Videos

..

...

\\?\c:\\Users\Public\Documents\My Music: JUNCTION
Print Name : C:\Users\Public\Music
Substitute Name: C:\Users\Public\Music

\\?\c:\\Users\Public\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Public\Pictures
Substitute Name: C:\Users\Public\Pictures

\\?\c:\\Users\Public\Documents\My Videos: JUNCTION
Print Name : C:\Users\Public\Videos
Substitute Name: C:\Users\Public\Videos

..
Failed to open \\?\c:\\Windows\$NtUninstallKB61239$: Access is denied.



Failed to open \\?\c:\\Windows\bthservsdp.dat: Access is denied.


.\\?\c:\\Windows\$NtUninstallKB61239$\systemprofile\Application Data: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming

\\?\c:\\Windows\$NtUninstallKB61239$\systemprofile\Cookies: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Windows\$NtUninstallKB61239$\systemprofile\My Documents: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Documents
Substitute Name: C:\Windows\system32\config\systemprofile\Documents

\\?\c:\\Windows\$NtUninstallKB61239$\systemprofile\NetHood: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Windows\$NtUninstallKB61239$\systemprofile\PrintHood: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Windows\$NtUninstallKB61239$\systemprofile\Recent: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Windows\$NtUninstallKB61239$\systemprofile\SendTo: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Windows\$NtUninstallKB61239$\systemprofile\Start Menu: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Windows\$NtUninstallKB61239$\systemprofile\Templates: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Application Data: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local

\\?\c:\\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\History: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History

\\?\c:\\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files



...\\?\c:\\Windows\$NtUninstallKB61239$\systemprofile\Documents\My Music: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Music
Substitute Name: C:\Windows\system32\config\systemprofile\Music

\\?\c:\\Windows\$NtUninstallKB61239$\systemprofile\Documents\My Pictures: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Pictures
Substitute Name: C:\Windows\system32\config\systemprofile\Pictures

\\?\c:\\Windows\$NtUninstallKB61239$\systemprofile\Documents\My Videos: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Videos
Substitute Name: C:\Windows\system32\config\systemprofile\Videos



...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

..\\?\c:\\Windows\System32\config\systemprofile\Application Data: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming

\\?\c:\\Windows\System32\config\systemprofile\Cookies: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Windows\System32\config\systemprofile\My Documents: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Documents
Substitute Name: C:\Windows\system32\config\systemprofile\Documents

\\?\c:\\Windows\System32\config\systemprofile\NetHood: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Windows\System32\config\systemprofile\PrintHood: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Windows\System32\config\systemprofile\Recent: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Windows\System32\config\systemprofile\SendTo: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Windows\System32\config\systemprofile\Start Menu: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Windows\System32\config\systemprofile\Templates: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Windows\System32\config\systemprofile\AppData\Local\Application Data: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local

\\?\c:\\Windows\System32\config\systemprofile\AppData\Local\History: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History

\\?\c:\\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files

.

..\\?\c:\\Windows\System32\config\systemprofile\Documents\My Music: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Music
Substitute Name: C:\Windows\system32\config\systemprofile\Music

\\?\c:\\Windows\System32\config\systemprofile\Documents\My Pictures: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Pictures
Substitute Name: C:\Windows\system32\config\systemprofile\Pictures

\\?\c:\\Windows\System32\config\systemprofile\Documents\My Videos: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Videos
Substitute Name: C:\Windows\system32\config\systemprofile\Videos

.

...

...

...

...

...

...

...

...
Failed to open \\?\c:\\Windows\System32\LogFiles\WMI\RtBackup: Access is denied.




...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

..

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:59 AM

Posted 30 January 2012 - 06:13 PM

Hello, billmorse.
  • Please open Notepad.
  • Copy and paste the text in the box below into Notepad.
    @ECHO OFF
    junction -d "c:\Windows\$NtUninstallKB61239$\systemprofile\Application Data" > "%USERPROFILE%\Desktop\Rootkitfix.txt"
    junction -d "c:\Windows\$NtUninstallKB61239$\systemprofile\Cookies" >> "%USERPROFILE%\Desktop\Rootkitfix.txt"
    junction -d "c:\Windows\$NtUninstallKB61239$\systemprofile\My Documents" >> "%USERPROFILE%\Desktop\Rootkitfix.txt"
    junction -d "c:\Windows\$NtUninstallKB61239$\systemprofile\NetHood" >> "%USERPROFILE%\Desktop\Rootkitfix.txt"
    junction -d "c:\Windows\$NtUninstallKB61239$\systemprofile\PrintHood" >> "%USERPROFILE%\Desktop\Rootkitfix.txt"
    junction -d "c:\Windows\$NtUninstallKB61239$\systemprofile\Recent" >> "%USERPROFILE%\Desktop\Rootkitfix.txt"
    junction -d "c:\Windows\$NtUninstallKB61239$\systemprofile\SendTo" >> "%USERPROFILE%\Desktop\Rootkitfix.txt"
    junction -d "c:\Windows\$NtUninstallKB61239$\systemprofile\Start Menu" >> "%USERPROFILE%\Desktop\Rootkitfix.txt"
    junction -d "c:\Windows\$NtUninstallKB61239$\systemprofile\Templates" >> "%USERPROFILE%\Desktop\Rootkitfix.txt"
    junction -d "c:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Application Data" >> "%USERPROFILE%\Desktop\Rootkitfix.txt"
    junction -d "c:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\History" >> "%USERPROFILE%\Desktop\Rootkitfix.txt"
    junction -d "c:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Temporary Internet Files" >> "%USERPROFILE%\Desktop\Rootkitfix.txt"
    junction -d "c:\Windows\$NtUninstallKB61239$\systemprofile\Documents\My Music" >> "%USERPROFILE%\Desktop\Rootkitfix.txt"
    junction -d "c:\Windows\$NtUninstallKB61239$\systemprofile\Documents\My Pictures" >> "%USERPROFILE%\Desktop\Rootkitfix.txt"
    junction -d "c:\Windows\$NtUninstallKB61239$\systemprofile\Documents\My Videos" >> "%USERPROFILE%\Desktop\Rootkitfix.txt"
    echo scanning >> "%USERPROFILE%\Desktop\Rootkitfix.txt"
    junction -s C:\ >> "%USERPROFILE%\Desktop\Rootkitfix.txt"
    start "%USERPROFILE%\Desktop\Rootkitfix.txt"
    del %0
    This fix is custom made for this user's computer.
  • Select File-->Save As
  • Select File as Type: All Types (*.*)
  • Save it to your desktop as fixme.bat
  • Right-click on fixme.bat on your desktop and select "Run As Administrator". If Windows asks, click YES to allow it to proceed.
  • A window will briefly pop up then close.
  • A log will open, please copy and paste it into your response.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 billmorse

billmorse
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 30 January 2012 - 07:18 PM

OK, here it is:


Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

Deleted c:\Windows\$NtUninstallKB61239$\systemprofile\Application Data.

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

Deleted c:\Windows\$NtUninstallKB61239$\systemprofile\Cookies.

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

Deleted c:\Windows\$NtUninstallKB61239$\systemprofile\My Documents.

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

Deleted c:\Windows\$NtUninstallKB61239$\systemprofile\NetHood.

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

Deleted c:\Windows\$NtUninstallKB61239$\systemprofile\PrintHood.

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

Deleted c:\Windows\$NtUninstallKB61239$\systemprofile\Recent.

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

Deleted c:\Windows\$NtUninstallKB61239$\systemprofile\SendTo.

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

Deleted c:\Windows\$NtUninstallKB61239$\systemprofile\Start Menu.

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

Deleted c:\Windows\$NtUninstallKB61239$\systemprofile\Templates.

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

Deleted c:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Application Data.

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

Deleted c:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\History.

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

Deleted c:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Temporary Internet Files.

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

Deleted c:\Windows\$NtUninstallKB61239$\systemprofile\Documents\My Music.

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

Deleted c:\Windows\$NtUninstallKB61239$\systemprofile\Documents\My Pictures.

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

Deleted c:\Windows\$NtUninstallKB61239$\systemprofile\Documents\My Videos.
scanning

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

\\?\C:\\Documents and Settings: JUNCTION
Print Name : C:\Users
Substitute Name: C:\Users


Failed to open \\?\C:\\pagefile.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\C:\\System Volume Information: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

.\\?\C:\\ProgramData\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\C:\\ProgramData\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\C:\\ProgramData\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\C:\\ProgramData\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites

\\?\C:\\ProgramData\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\C:\\ProgramData\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

..

..
Failed to open \\?\C:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1f0d2d30efa8af15f86b48a0323131c6_f11fab13-e320-4a3e-b9b9-b2cabde2da7d: Access is denied.


.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...\\?\C:\\Users\All Users: SYMBOLIC LINK
Print Name : C:\ProgramData
Substitute Name: \??\C:\ProgramData

\\?\C:\\Users\Default User: JUNCTION
Print Name : C:\Users\Default
Substitute Name: C:\Users\Default

\\?\C:\\Users\All Users\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\C:\\Users\All Users\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\C:\\Users\All Users\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\C:\\Users\All Users\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites

\\?\C:\\Users\All Users\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\C:\\Users\All Users\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates



...

.
Failed to open \\?\C:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\1f0d2d30efa8af15f86b48a0323131c6_f11fab13-e320-4a3e-b9b9-b2cabde2da7d: Access is denied.


..

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

\\?\C:\\Users\Default\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming
Substitute Name: C:\Users\Default\AppData\Roaming

\\?\C:\\Users\Default\Cookies: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies

\\?\C:\\Users\Default\Local Settings: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\C:\\Users\Default\My Documents: JUNCTION
Print Name : C:\Users\Default\Documents
Substitute Name: C:\Users\Default\Documents

\\?\C:\\Users\Default\NetHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\C:\\Users\Default\PrintHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\C:\\Users\Default\Recent: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent

\\?\C:\\Users\Default\SendTo: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo

\\?\C:\\Users\Default\Start Menu: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\C:\\Users\Default\Templates: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates

\\?\C:\\Users\Default\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\C:\\Users\Default\AppData\Local\History: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\History

\\?\C:\\Users\Default\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files

\\?\C:\\Users\Default\Documents\My Music: JUNCTION
Print Name : C:\Users\Default\Music
Substitute Name: C:\Users\Default\Music

\\?\C:\\Users\Default\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Default\Pictures
Substitute Name: C:\Users\Default\Pictures

\\?\C:\\Users\Default\Documents\My Videos: JUNCTION
Print Name : C:\Users\Default\Videos
Substitute Name: C:\Users\Default\Videos

\\?\C:\\Users\Maureen\Application Data: JUNCTION
Print Name : C:\Users\Maureen\AppData\Roaming
Substitute Name: C:\Users\Maureen\AppData\Roaming

\\?\C:\\Users\Maureen\Cookies: JUNCTION
Print Name : C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Cookies

\\?\C:\\Users\Maureen\Local Settings: JUNCTION
Print Name : C:\Users\Maureen\AppData\Local
Substitute Name: C:\Users\Maureen\AppData\Local

\\?\C:\\Users\Maureen\My Documents: JUNCTION
Print Name : C:\Users\Maureen\Documents
Substitute Name: C:\Users\Maureen\Documents

\\?\C:\\Users\Maureen\NetHood: JUNCTION
Print Name : C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\C:\\Users\Maureen\PrintHood: JUNCTION
Print Name : C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\C:\\Users\Maureen\Recent: JUNCTION
Print Name : C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Recent

\\?\C:\\Users\Maureen\SendTo: JUNCTION
Print Name : C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\SendTo

\\?\C:\\Users\Maureen\Start Menu: JUNCTION
Print Name : C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\C:\\Users\Maureen\Templates: JUNCTION
Print Name : C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Templates

\\?\C:\\Users\Maureen\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Maureen\AppData\Local
Substitute Name: C:\Users\Maureen\AppData\Local

\\?\C:\\Users\Maureen\AppData\Local\History: JUNCTION
Print Name : C:\Users\Maureen\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Maureen\AppData\Local\Microsoft\Windows\History

\\?\C:\\Users\Maureen\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Maureen\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Maureen\AppData\Local\Microsoft\Windows\Temporary Internet Files

...

...

...

...

...

...

\\?\C:\\Users\Maureen\Documents\My Music: JUNCTION
Print Name : C:\Users\Maureen\Music
Substitute Name: C:\Users\Maureen\Music

\\?\C:\\Users\Maureen\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Maureen\Pictures
Substitute Name: C:\Users\Maureen\Pictures

\\?\C:\\Users\Maureen\Documents\My Videos: JUNCTION
Print Name : C:\Users\Maureen\Videos
Substitute Name: C:\Users\Maureen\Videos

...

...\\?\C:\\Users\Public\Documents\My Music: JUNCTION
Print Name : C:\Users\Public\Music
Substitute Name: C:\Users\Public\Music

\\?\C:\\Users\Public\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Public\Pictures
Substitute Name: C:\Users\Public\Pictures

\\?\C:\\Users\Public\Documents\My Videos: JUNCTION
Print Name : C:\Users\Public\Videos
Substitute Name: C:\Users\Public\Videos



.
Failed to open \\?\C:\\Windows\$NtUninstallKB61239$: Access is denied.



Failed to open \\?\C:\\Windows\bthservsdp.dat: Access is denied.


..

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

..
Failed to open \\?\C:\\Windows\System32\LogFiles\WMI\RtBackup: Access is denied.


.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

.

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:59 AM

Posted 31 January 2012 - 06:24 AM

We're making good progress.

Hello, billmorse.


Step 1

For x86 bit systems please download GrantPerms.zip and save it to your desktop.
For x64 bit systems please download GrantPerms64.zip and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
Copy and paste the following in the edit box:

C:\Windows\$NtUninstallKB61239$

Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.



Step 2

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :files
    C:\Windows\$NtUninstallKB61239$
    C:\ProgramData\aJ4xsja5Uqxmtb
    C:\ProgramData\~aJ4xsja5Uqxmtb
    C:\Users\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    C:\Users\Maureen\Desktop\System Check.lnk
    C:\ProgramData\~aJ4xsja5Uqxmtbr
    C:\sqmdata00.sqm
    C:\sqmdata01.sqm
    C:\sqmdata02.sqm
    C:\sqmdata03.sqm
    C:\sqmdata04.sqm
    C:\sqmdata05.sqm
    C:\sqmdata06.sqm
    C:\sqmdata07.sqm
    C:\sqmdata08.sqm
    C:\sqmdata09.sqm
    C:\sqmdata10.sqm
    C:\sqmdata11.sqm
    C:\sqmdata12.sqm
    C:\sqmdata13.sqm
    C:\sqmdata14.sqm
    C:\sqmdata15.sqm
    C:\sqmdata16.sqm
    C:\sqmdata17.sqm
    C:\sqmdata18.sqm
    C:\sqmdata19.sqm
    C:\sqmnoopt00.sqm
    C:\sqmnoopt01.sqm
    C:\sqmnoopt02.sqm
    C:\sqmnoopt03.sqm
    C:\sqmnoopt04.sqm
    C:\sqmnoopt05.sqm
    C:\sqmnoopt06.sqm
    C:\sqmnoopt07.sqm
    C:\sqmnoopt08.sqm
    C:\sqmnoopt09.sqm
    C:\sqmnoopt10.sqm
    C:\sqmnoopt11.sqm
    C:\sqmnoopt12.sqm
    C:\sqmnoopt13.sqm
    C:\sqmnoopt14.sqm
    C:\sqmnoopt15.sqm
    C:\sqmnoopt16.sqm
    C:\sqmnoopt17.sqm
    C:\sqmnoopt18.sqm
    C:\sqmnoopt19.sqm
    :OTL
    SRV - File not found [Auto | Stopped] --  -- (LiveUpdate Notice Ex)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (TTB000000 Class) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\Users\Maureen\AppData\Local\Temp\low\COUPON~1.DLL File not found
    O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-CEC4-75A487FD6484} - No CLSID value found.
    O3 - HKU\S-1-5-21-2295511311-1777244040-565097194-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-2295511311-1777244040-565097194-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O3 - HKU\S-1-5-21-2295511311-1777244040-565097194-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-CEC4-75A487FD6484} - No CLSID value found.
    O3 - HKU\S-1-5-21-2295511311-1777244040-565097194-1000\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O16 - DPF: vzTCPConfig http://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB (Reg Error: Key error.)
    O16 - DPF: YExplorer1_8US.CAB http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab (Reg Error: Key error.)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusOverride"=0
    "InternetSettingsDisableNotify"=0
    "AutoUpdateDisableNotify"=0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring"=-
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 3


Please download unhide.exe and save it to your desktop. Double-click unhide.exe to run it.

You should see your files, start menu items and Internet Explorer favorites return. If you do not, please let me know in your reply. It is important to check, as other steps as we clean your computer may mean we delete your start menu items and favorites unreturnable. (Your files would still be fine, though).


etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 billmorse

billmorse
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 31 January 2012 - 10:26 AM

OK, here's the permission log


GrantPerms by Farbar
Ran by Maureen (administrator) at 2012-01-31 09:59:23

===============================================
\\?\C:\Windows\$NtUninstallKB61239$

Owner: BUILTIN\Administrators

DACL(P)(AI):
NT SERVICE\TrustedInstaller FULL ALLOW container_inherit
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
BUILTIN\Administrators FULL ALLOW (CI)(OI)
CREATOR OWNER FULL ALLOW (CI)(OI)(IO)

here's the first otl log
========== FILES ==========
Folder move failed. C:\Windows\$NtUninstallKB61239$\TxR scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB61239$\systemprofile\WINDOWS\system folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\WINDOWS folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\Videos folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\Searches folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\Saved Games folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\Pictures\Slide Shows folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\Pictures folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\Music\Playlists folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\Music folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\Local Settings folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\Links folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\Favorites\Media folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\Favorites\Links folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\Favorites\Financial Links folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\Favorites\eMachines Sites folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\Favorites folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\Downloads folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\Documents\My eBooks folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\Documents folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\Desktop folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\Contacts folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Spearit\StartUp This\Startup folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Spearit\StartUp This folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Spearit folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\R-Wipe&Clean folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows\Templates folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AOL Instant Messenger (SM) folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Entertainment folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows\Recent folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Speech\Files\UserLexicons folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Speech\Files folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Speech folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\MMC folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Media Player folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\IdentityCRL\production\temp folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\IdentityCRL\production folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\IdentityCRL folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\CryptnetUrlCache\MetaData folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\CryptnetUrlCache\Content folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\CryptnetUrlCache folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Credentials folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v1.0.3705 folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.vw.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.springboardplatform.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.oovoo.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.localpages.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.diyfashion.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.blinkx.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#vox-static.liverail.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#vdassets.bitgravity.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ui.mevio.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#t.cxt.ms folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static-cf-1.hgcdn.net folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#sftrack.searchforce.net folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s0.2mdn.net folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#realvu.net folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#player.onescreen.net folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#objects.tremormedia.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mochibot.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#is1.j.tv2n.net folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#imagecache.blastro.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#image.com.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.quantserve.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#d1cyvnjc1olxmw.cloudfront.net folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#creatives.oranum.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#crackle.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#collective.vo.llnwd.net folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cfiles.5min.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn3.telemetryverification.net folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.spotxchange.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.playwire.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.oggifinogi.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.alphabird.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.adexcite.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cache.btrll.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bourne.coronado.netdna-cdn.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#as1.suitesmart.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ad.insightexpressai.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\www.vw.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\www.springboardplatform.com\mediaplayer\springboard\mediaplayer.swf folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\www.springboardplatform.com\mediaplayer\springboard folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\www.springboardplatform.com\mediaplayer folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\www.springboardplatform.com\##44306D7733D24FC1 folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\www.springboardplatform.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\www.oovoo.com\linkshare\ooVooCookie.swf folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\www.oovoo.com\linkshare folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\www.oovoo.com\FlashCoockie\ooVoo.swf folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\www.oovoo.com\FlashCoockie folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\www.oovoo.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\www.localpages.com\video\flowplayer-3.2.7.swf folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\www.localpages.com\video folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\www.localpages.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\www.diyfashion.com\sites\all\libraries\flowplayer3\flowplayer-3.2.5.swf folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\www.diyfashion.com\sites\all\libraries\flowplayer3 folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\www.diyfashion.com\sites\all\libraries folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\www.diyfashion.com\sites\all folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\www.diyfashion.com\sites folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\www.diyfashion.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\www.blinkx.com\f2\player.swf folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\www.blinkx.com\f2 folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\www.blinkx.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\vox-static.liverail.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\vdassets.bitgravity.com\plugins\flowplayer.swf folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\vdassets.bitgravity.com\plugins folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\vdassets.bitgravity.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\ui.mevio.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\t.cxt.ms\lso.swf folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\t.cxt.ms folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\static-cf-1.hgcdn.net folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\sftrack.searchforce.net folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\s0.2mdn.net folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\s.ytimg.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\realvu.net folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\player.onescreen.net\1.8\s\MediaPlayer.swf folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\player.onescreen.net\1.8\s folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\player.onescreen.net\1.8 folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\player.onescreen.net folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\objects.tremormedia.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\mochibot.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\is1.j.tv2n.net folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\imagecache.blastro.com\images\flashplayer\flvPlayer.swf folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\imagecache.blastro.com\images\flashplayer folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\imagecache.blastro.com\images folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\imagecache.blastro.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\image.com.com\[[IMPORT]]\vidtech.cbsinteractive.com\player\2_9_2\CBSI_PLAYER.swf folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\image.com.com\[[IMPORT]]\vidtech.cbsinteractive.com\player\2_9_2 folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\image.com.com\[[IMPORT]]\vidtech.cbsinteractive.com\player folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\image.com.com\[[IMPORT]]\vidtech.cbsinteractive.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\image.com.com\[[IMPORT]] folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\image.com.com\gamespot\images\cne_flash\production\eidothea\release\eidothea.swf folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\image.com.com\gamespot\images\cne_flash\production\eidothea\release folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\image.com.com\gamespot\images\cne_flash\production\eidothea folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\image.com.com\gamespot\images\cne_flash\production folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\image.com.com\gamespot\images\cne_flash folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\image.com.com\gamespot\images folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\image.com.com\gamespot folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\image.com.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\flash.quantserve.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\d1cyvnjc1olxmw.cloudfront.net folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\creatives.oranum.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\crackle.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\collective.vo.llnwd.net folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\cfiles.5min.com\FlexPlayers\SmartPlayer_177.swf folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\cfiles.5min.com\FlexPlayers\modules\ExtLibViewsBusiness_177.swf folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\cfiles.5min.com\FlexPlayers\modules folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\cfiles.5min.com\FlexPlayers folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\cfiles.5min.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\cdn3.telemetryverification.net folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\cdn.spotxchange.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\cdn.playwire.com\wplayer.swf folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\cdn.playwire.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\cdn.oggifinogi.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\cdn.alphabird.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\cdn.adexcite.com\flowplayer.unlimited-3.2.6.swf folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\cdn.adexcite.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\cache.btrll.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\bourne.coronado.netdna-cdn.com\flowplayer\flowplayer-3.2.7.swf folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\bourne.coronado.netdna-cdn.com\flowplayer folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\bourne.coronado.netdna-cdn.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\as1.suitesmart.com\_f5e.swf folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\as1.suitesmart.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\ad.insightexpressai.com\adserver\fscookie\fscookie.swf folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\ad.insightexpressai.com\adserver\fscookie folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\ad.insightexpressai.com\adserver folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575\ad.insightexpressai.com folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W8MMP575 folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia\Flash Player folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Macromedia folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\iolo folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\InterTrust\ReceiptRepository folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\InterTrust folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Identities\{0CCDB44D-69FE-4135-8E06-815B905BADD0} folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Identities folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Adobe\Flash Player\AssetCache\3DFP5L3H folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Adobe\Flash Player\AssetCache folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Adobe\Flash Player folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Adobe\Acrobat\Whapi folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Adobe\Acrobat folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Adobe folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\LocalLow\Sun\Java folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\LocalLow\Sun folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\LocalLow\Microsoft\Silverlight folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\LocalLow\Microsoft folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\LocalLow\Apple Computer\QuickTime folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\LocalLow\Apple Computer folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\LocalLow folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Temp folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Sunbelt Software\CounterSpy\Quarantine folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Sunbelt Software\CounterSpy folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Sunbelt Software folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Works\Portfolio folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Works folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows Sidebar\Gadgets folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows Sidebar folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows Photo Gallery\Original Images folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows Photo Gallery folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows Media\9.0 folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows Media folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\WER\ERC\TemplateCache folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\WER\ERC\ResponseCache folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\WER\ERC folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\WER folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VTUUTP1I folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RJ6PDV5T folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IF2RHR1Y folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FSH5ZV2A folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FGHAN9KY folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C561MBTI folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNY2I6GF folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A35LDIGN folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BV9105D folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\History scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\GameExplorer folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\Burn\Burn folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\Burn folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Portable Devices folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Messenger folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\SG4QYQDX folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\G22FJ0IS folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\FYZ7EKU5 folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\0SSQ3TOC folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Internet Explorer folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\IdentityCRL\production\temp folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\IdentityCRL\production folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\IdentityCRL folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Credentials folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\CD Burning folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Google\Custom Buttons folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Google\CrashReports folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Google folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB61239$\SM Registry Backup\07-10-2010 12.47.30 folder moved successfully.
C:\Windows\$NtUninstallKB61239$\SM Registry Backup\07-10-2010 10.23.46 folder moved successfully.
C:\Windows\$NtUninstallKB61239$\SM Registry Backup\06-25-2010 07.35.15 folder moved successfully.
C:\Windows\$NtUninstallKB61239$\SM Registry Backup\06-11-2010 06.34.27 folder moved successfully.
C:\Windows\$NtUninstallKB61239$\SM Registry Backup\06-11-2010 04.06.11 folder moved successfully.
C:\Windows\$NtUninstallKB61239$\SM Registry Backup\05-13-2010 05.56.49 folder moved successfully.
C:\Windows\$NtUninstallKB61239$\SM Registry Backup\05-13-2010 03.35.53 folder moved successfully.
C:\Windows\$NtUninstallKB61239$\SM Registry Backup\04-28-2010 17.50.17 folder moved successfully.
C:\Windows\$NtUninstallKB61239$\SM Registry Backup\04-28-2010 15.18.51 folder moved successfully.
C:\Windows\$NtUninstallKB61239$\SM Registry Backup\04-14-2010 14.03.03 folder moved successfully.
C:\Windows\$NtUninstallKB61239$\SM Registry Backup folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB61239$\RegBack scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB61239$\Original folder moved successfully.
C:\Windows\$NtUninstallKB61239$\Journal folder moved successfully.
C:\Windows\$NtUninstallKB61239$\Before Compact folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB61239$ scheduled to be moved on reboot.
C:\ProgramData\aJ4xsja5Uqxmtb moved successfully.
C:\ProgramData\~aJ4xsja5Uqxmtb moved successfully.
C:\Users\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk moved successfully.
C:\Users\Maureen\Desktop\System Check.lnk moved successfully.
C:\ProgramData\~aJ4xsja5Uqxmtbr moved successfully.
File\Folder C:\sqmdata00.sqm not found.
File\Folder C:\sqmdata01.sqm not found.
File\Folder C:\sqmdata02.sqm not found.
File\Folder C:\sqmdata03.sqm not found.
File\Folder C:\sqmdata04.sqm not found.
File\Folder C:\sqmdata05.sqm not found.
File\Folder C:\sqmdata06.sqm not found.
File\Folder C:\sqmdata07.sqm not found.
File\Folder C:\sqmdata08.sqm not found.
File\Folder C:\sqmdata09.sqm not found.
File\Folder C:\sqmdata10.sqm not found.
File\Folder C:\sqmdata11.sqm not found.
File\Folder C:\sqmdata12.sqm not found.
File\Folder C:\sqmdata13.sqm not found.
File\Folder C:\sqmdata14.sqm not found.
File\Folder C:\sqmdata15.sqm not found.
File\Folder C:\sqmdata16.sqm not found.
File\Folder C:\sqmdata17.sqm not found.
File\Folder C:\sqmdata18.sqm not found.
File\Folder C:\sqmdata19.sqm not found.
File\Folder C:\sqmnoopt00.sqm not found.
File\Folder C:\sqmnoopt01.sqm not found.
File\Folder C:\sqmnoopt02.sqm not found.
File\Folder C:\sqmnoopt03.sqm not found.
File\Folder C:\sqmnoopt04.sqm not found.
File\Folder C:\sqmnoopt05.sqm not found.
File\Folder C:\sqmnoopt06.sqm not found.
File\Folder C:\sqmnoopt07.sqm not found.
File\Folder C:\sqmnoopt08.sqm not found.
File\Folder C:\sqmnoopt09.sqm not found.
File\Folder C:\sqmnoopt10.sqm not found.
File\Folder C:\sqmnoopt11.sqm not found.
File\Folder C:\sqmnoopt12.sqm not found.
File\Folder C:\sqmnoopt13.sqm not found.
File\Folder C:\sqmnoopt14.sqm not found.
File\Folder C:\sqmnoopt15.sqm not found.
File\Folder C:\sqmnoopt16.sqm not found.
File\Folder C:\sqmnoopt17.sqm not found.
File\Folder C:\sqmnoopt18.sqm not found.
File\Folder C:\sqmnoopt19.sqm not found.
========== OTL ==========
Service LiveUpdate Notice Ex stopped successfully!
Service LiveUpdate Notice Ex deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{A057A204-BACC-4D26-CEC4-75A487FD6484} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-CEC4-75A487FD6484}\ not found.
Registry value HKEY_USERS\S-1-5-21-2295511311-1777244040-565097194-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-2295511311-1777244040-565097194-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_USERS\S-1-5-21-2295511311-1777244040-565097194-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-CEC4-75A487FD6484} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-CEC4-75A487FD6484}\ not found.
Registry value HKEY_USERS\S-1-5-21-2295511311-1777244040-565097194-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Windows &Live Favorites\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Append Link Target to Existing PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Starting removal of ActiveX control vzTCPConfig
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\vzTCPConfig\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\vzTCPConfig\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\vzTCPConfig\ not found.
Starting removal of ActiveX control YExplorer1_8US.CAB
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\YExplorer1_8US.CAB\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\YExplorer1_8US.CAB\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\YExplorer1_8US.CAB\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride"|0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"InternetSettingsDisableNotify"|0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AutoUpdateDisableNotify"|0 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring deleted successfully.

OTL by OldTimer - Version 3.2.31.0 log created on 01312012_100221

Files\Folders moved on Reboot...
Folder move failed. C:\Windows\$NtUninstallKB61239$\TxR scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\IdentityCRL\production\temp folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\IdentityCRL\production folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\IdentityCRL folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\History scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\History scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\History scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\IdentityCRL\production\temp folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\IdentityCRL\production folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\IdentityCRL folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\History scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData folder moved successfully.
C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\LocalLow\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\LocalLow scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\History scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\LocalLow\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\LocalLow scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\History scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\RegBack scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\TxR scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\Windows scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\LocalLow\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\LocalLow scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows\History scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft\Windows scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData\Local scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$\RegBack scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB61239$ scheduled to be moved on reboot.

Registry entries deleted on Reboot...


here's the second otl file
OTL logfile created on: 1/31/2012 10:12:24 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Maureen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 42.93% Memory free
4.21 Gb Paging File | 2.93 Gb Available in Paging File | 69.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.28 Gb Total Space | 63.87 Gb Free Space | 22.08% Space Free | Partition Type: NTFS
Drive D: | 8.81 Gb Total Space | 0.96 Gb Free Space | 10.85% Space Free | Partition Type: NTFS

Computer Name: MAUREEN-PC | User Name: Maureen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/31 10:00:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Maureen\Desktop\OTL (1).exe
PRC - [2012/01/20 00:35:36 | 001,047,024 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/04 08:06:09 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/11/03 12:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/01/10 11:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008/01/19 02:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2008/01/15 10:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2004/11/01 16:22:22 | 000,262,144 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\ElkCtrl.exe
PRC - [2004/03/18 08:33:26 | 000,892,928 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\iTouch.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/20 00:35:35 | 000,411,120 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.77\ppgooglenaclpluginchrome.dll
MOD - [2012/01/20 00:35:34 | 003,767,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
MOD - [2012/01/20 00:34:10 | 000,122,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.77\avutil-51.dll
MOD - [2012/01/20 00:34:09 | 000,222,208 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.77\avformat-53.dll
MOD - [2012/01/20 00:34:07 | 001,746,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.77\avcodec-53.dll
MOD - [2012/01/01 17:57:06 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll
MOD - [2012/01/01 17:56:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 02:58:30 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7d48d82b0761adf21f7d78ca28b98069\IAStorUtil.ni.dll
MOD - [2011/10/13 02:58:30 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b644c263050c8733b61f27336bafc766\IAStorCommon.ni.dll
MOD - [2011/10/13 02:58:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/13 02:56:29 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/13 02:56:05 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/13 02:55:51 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/13 02:54:27 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll
MOD - [2011/10/13 02:54:19 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 02:52:48 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2007/01/18 02:35:40 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2007/01/18 02:35:40 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/09 14:32:08 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/01/10 11:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/12/28 21:37:07 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/03 12:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2009/11/11 18:24:14 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\elrawdsk.sys -- (ElRawDisk)
DRV - [2009/10/07 08:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam Communicate Deluxe(UVC)
DRV - [2009/10/07 08:47:56 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/07/26 10:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/05/08 04:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 04:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/12 00:59:14 | 001,920,920 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2005/12/12 12:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/08/03 15:59:38 | 000,008,960 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbbc2.sys -- (PLUsbbc2)
DRV - [2005/08/03 15:59:36 | 000,004,736 | ---- | M] (Laplink Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\llusbflt.sys -- (LLUSBFLT)
DRV - [2004/03/02 13:02:30 | 000,167,040 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3gnbm.sys -- (S3Psddr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com

IE - HKU\S-1-5-21-2295511311-1777244040-565097194-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://boston.com/
IE - HKU\S-1-5-21-2295511311-1777244040-565097194-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2295511311-1777244040-565097194-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2010/01/31 17:41:54 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/01/31 17:41:54 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/04 08:06:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/01/21 12:24:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/10 11:36:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/04 08:07:27 | 000,000,000 | ---D | M]

[2009/01/11 07:33:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maureen\AppData\Roaming\Mozilla\Extensions
[2011/07/18 11:14:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maureen\AppData\Roaming\Mozilla\Firefox\Profiles\wt4n5bz8.default\extensions
[2009/09/30 09:31:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Maureen\AppData\Roaming\Mozilla\Firefox\Profiles\wt4n5bz8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/07 13:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/14 09:25:18 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
() (No name found) -- C:\USERS\MAUREEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WT4N5BZ8.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
[2012/01/10 11:36:56 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/01/10 11:36:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/10 11:36:51 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Maureen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Verizon Servicepoint (Enabled) = C:\Program Files\Verizon\VSP\nprpspa.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Users\Maureen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1367_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Maureen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe File not found
O4 - HKLM..\Run: [LogitechCameraService(E)] C:\Windows\System32\ElkCtrl.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-2295511311-1777244040-565097194-1000..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe File not found
O4 - HKU\S-1-5-21-2295511311-1777244040-565097194-1000..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2295511311-1777244040-565097194-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2295511311-1777244040-565097194-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.7.cab (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.winkflash.com/photo/loaders/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} http://www.iolo.com/app/ocx/UpgradeVerify.cab (iolo.ProductDetector)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{080D68EA-294E-40A8-8835-2DE057B526EE}: DhcpNameServer = 192.168.1.1 71.243.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/MAUREE~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Windows\webshots.bmp
O24 - Desktop BackupWallPaper: C:\Windows\webshots.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/04 04:05:52 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c26b7f40-74a1-11dd-881b-001d60c11794}\Shell - "" = AutoRun
O33 - MountPoints2\{c26b7f40-74a1-11dd-881b-001d60c11794}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{d5c7fe83-c6cd-11dc-b9b8-001d60c11794}\Shell - "" = AutoRun
O33 - MountPoints2\{d5c7fe83-c6cd-11dc-b9b8-001d60c11794}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{d5c7fe8c-c6cd-11dc-b9b8-001d60c11794}\Shell - "" = AutoRun
O33 - MountPoints2\{d5c7fe8c-c6cd-11dc-b9b8-001d60c11794}\Shell\AutoRun\command - "" = J:\ThunderBird.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2100/02/08 15:03:54 | 000,053,248 | ---- | C] (Silitek Corp.) -- C:\Program Files\ACMonitor_X73.exe
[2012/01/31 10:02:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/31 10:00:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Maureen\Desktop\OTL (1).exe
[2012/01/31 09:58:06 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\GrantPerms
[2012/01/29 17:39:51 | 000,150,392 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\junction.exe
[2012/01/29 17:39:18 | 000,150,392 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Maureen\Desktop\junction.exe
[2012/01/29 10:57:02 | 000,000,000 | ---D | C] -- C:\Heidi 2008 to 2011
[2012/01/29 09:55:10 | 000,000,000 | ---D | C] -- C:\d1
[2012/01/29 09:10:58 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Roaming\IObit
[2012/01/29 09:10:26 | 001,647,000 | ---- | C] (IObit) -- C:\Users\Maureen\Desktop\iobit-uninstaller.exe
[2012/01/29 08:51:52 | 002,132,576 | ---- | C] (AVG Technologies) -- C:\Users\Maureen\Desktop\AVGIDPUninstaller.exe
[2012/01/29 08:51:26 | 001,692,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Maureen\Desktop\avg_remover_stf_x86_2012_1796 (1).exe
[2012/01/29 08:41:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/29 08:41:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/29 08:40:38 | 001,692,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Maureen\Desktop\avg_remover_stf_x86_2012_1796.exe
[2012/01/28 18:52:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/28 18:33:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/28 18:33:27 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/01/28 18:33:01 | 004,392,905 | R--- | C] (Swearware) -- C:\Users\Maureen\Desktop\etavaresCF.exe
[2012/01/28 11:55:35 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\gmer
[2012/01/28 11:30:52 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Maureen\Desktop\OTL.exe
[2012/01/21 18:50:47 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Maureen\Desktop\dds.scr
[2012/01/21 15:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012/01/21 12:24:25 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/01/21 12:24:25 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/01/21 12:24:23 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/01/21 12:24:23 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/01/21 12:24:23 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/01/21 12:24:23 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/01/21 12:24:16 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/01/21 12:24:16 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/01/21 12:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/21 12:24:06 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/21 12:06:57 | 000,000,000 | ---D | C] -- C:\Users\Maureen\Desktop\rkill
[2012/01/21 11:04:13 | 000,000,000 | ---D | C] -- C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/01/21 11:03:50 | 000,360,328 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\aJ4xsja5Uqxmtb.exe
[2012/01/11 03:38:15 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/01/11 03:38:12 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/11 03:38:08 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/01/11 03:38:05 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/11 03:38:05 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2002/11/26 16:01:31 | 000,045,056 | ---- | C] ( ) -- C:\Windows\System32\slserv.exe
[9 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/31 10:11:53 | 000,638,936 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/31 10:11:53 | 000,118,548 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/31 10:07:47 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CCA49D90-A009-402D-8287-624123662E85}.job
[2012/01/31 10:05:55 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/01/31 10:05:26 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/31 10:05:26 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/31 10:05:25 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/31 10:05:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/31 10:05:05 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012/01/31 10:03:50 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/01/31 10:00:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Maureen\Desktop\OTL (1).exe
[2012/01/31 09:57:33 | 000,450,985 | ---- | M] () -- C:\Users\Maureen\Desktop\GrantPerms.zip
[2012/01/29 18:55:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/29 17:38:57 | 000,079,623 | ---- | M] () -- C:\Users\Maureen\Desktop\Junction.zip
[2012/01/29 14:37:30 | 000,081,920 | ---- | M] () -- C:\Users\Maureen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/29 10:05:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/01/29 09:56:30 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/29 09:42:12 | 000,051,723 | ---- | M] () -- C:\Users\Maureen\Desktop\avgremover
[2012/01/29 09:10:27 | 001,647,000 | ---- | M] (IObit) -- C:\Users\Maureen\Desktop\iobit-uninstaller.exe
[2012/01/29 08:51:52 | 002,132,576 | ---- | M] (AVG Technologies) -- C:\Users\Maureen\Desktop\AVGIDPUninstaller.exe
[2012/01/29 08:51:26 | 001,692,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Maureen\Desktop\avg_remover_stf_x86_2012_1796 (1).exe
[2012/01/29 08:41:12 | 000,518,144 | R--- | M] () -- C:\Windows\SWREG.exe
[2012/01/29 08:40:42 | 001,692,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Maureen\Desktop\avg_remover_stf_x86_2012_1796.exe
[2012/01/28 18:40:36 | 000,684,297 | ---- | M] () -- C:\Users\Maureen\Desktop\unhide.exe
[2012/01/28 18:32:23 | 004,392,905 | R--- | M] (Swearware) -- C:\Users\Maureen\Desktop\etavaresCF.exe
[2012/01/28 11:54:56 | 000,294,216 | ---- | M] () -- C:\Users\Maureen\Desktop\gmer.zip
[2012/01/28 11:53:34 | 000,050,477 | ---- | M] () -- C:\Users\Maureen\Desktop\Defogger.exe
[2012/01/28 11:30:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Maureen\Desktop\OTL.exe
[2012/01/25 14:36:20 | 000,001,356 | ---- | M] () -- C:\Users\Maureen\AppData\Local\d3d9caps.dat
[2012/01/21 18:50:40 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Maureen\Desktop\dds.scr
[2012/01/21 18:46:02 | 000,000,000 | ---- | M] () -- C:\Users\Maureen\defogger_reenable
[2012/01/21 15:54:51 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/01/21 15:54:49 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/01/21 15:35:39 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/01/21 15:30:23 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012/01/21 15:04:59 | 223,027,325 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/21 12:47:18 | 000,000,552 | ---- | M] () -- C:\Users\Maureen\AppData\Local\d3d8caps.dat
[2012/01/21 11:52:56 | 001,008,141 | ---- | M] () -- C:\Users\Maureen\Desktop\iXplore.exe
[2012/01/21 11:03:50 | 000,360,328 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\aJ4xsja5Uqxmtb.exe
[2012/01/19 12:07:14 | 000,002,627 | ---- | M] () -- C:\Users\Maureen\Desktop\Microsoft Office Word 2007.lnk
[2012/01/19 12:06:38 | 000,000,060 | ---- | M] () -- C:\Windows\wpd99.drv
[2012/01/06 20:34:54 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[9 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2100/02/23 13:35:34 | 000,000,768 | ---- | C] () -- C:\Program Files\x73_lut.dat
[2100/02/08 14:53:34 | 000,001,437 | ---- | C] () -- C:\Program Files\gtx73.ini
[2012/01/31 09:57:33 | 000,450,985 | ---- | C] () -- C:\Users\Maureen\Desktop\GrantPerms.zip
[2012/01/29 17:38:56 | 000,079,623 | ---- | C] () -- C:\Users\Maureen\Desktop\Junction.zip
[2012/01/29 09:42:12 | 000,051,723 | ---- | C] () -- C:\Users\Maureen\Desktop\avgremover
[2012/01/29 08:58:57 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/01/29 08:41:12 | 000,518,144 | R--- | C] () -- C:\Windows\SWREG.exe
[2012/01/29 08:41:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/29 08:41:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/29 08:41:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/28 18:52:59 | 000,002,377 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/01/28 18:52:59 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/01/28 18:52:59 | 000,001,992 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software.lnk
[2012/01/28 18:52:59 | 000,001,985 | ---- | C] () -- C:\Users\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\PDFill PDF Editor.lnk
[2012/01/28 18:52:59 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/28 18:52:59 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\PDFill PDF Editor.lnk
[2012/01/28 18:52:59 | 000,001,957 | ---- | C] () -- C:\Users\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/28 18:52:59 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2012/01/28 18:52:59 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2012/01/28 18:52:59 | 000,000,949 | ---- | C] () -- C:\Users\Public\Desktop\Internet Explorer.lnk
[2012/01/28 18:52:59 | 000,000,945 | ---- | C] () -- C:\Users\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/28 18:52:59 | 000,000,940 | ---- | C] () -- C:\Users\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/01/28 18:52:59 | 000,000,939 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2012/01/28 18:52:59 | 000,000,872 | ---- | C] () -- C:\Users\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/28 18:52:59 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/28 18:52:59 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/01/28 18:52:59 | 000,000,258 | ---- | C] () -- C:\Users\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/01/28 18:52:59 | 000,000,240 | ---- | C] () -- C:\Users\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/01/28 18:52:58 | 000,002,015 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
[2012/01/28 18:52:58 | 000,001,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/01/28 18:52:53 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Journal Viewer.lnk
[2012/01/28 18:52:53 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2012/01/28 18:52:53 | 000,002,403 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2012/01/28 18:52:53 | 000,002,065 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[2012/01/28 18:52:53 | 000,002,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/01/28 18:52:53 | 000,001,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk
[2012/01/28 18:52:53 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Maps 3D.lnk
[2012/01/28 18:52:53 | 000,001,867 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Total Care Advisor.lnk
[2012/01/28 18:52:53 | 000,001,852 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
[2012/01/28 18:52:53 | 000,001,846 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSN Explorer.lnk
[2012/01/28 18:52:53 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/01/28 18:52:53 | 000,001,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/01/28 18:52:53 | 000,001,789 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2012/01/28 18:52:53 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk
[2012/01/28 18:52:53 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
[2012/01/28 18:52:53 | 000,001,757 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
[2012/01/28 18:52:53 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/01/28 18:52:53 | 000,001,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk
[2012/01/28 18:52:53 | 000,001,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/01/28 18:52:53 | 000,001,501 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Picture It! Publishing Platinum 2001.lnk
[2012/01/28 18:52:53 | 000,001,229 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/01/28 18:52:53 | 000,001,160 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/01/28 18:52:53 | 000,001,039 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/01/28 18:52:53 | 000,001,011 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Connect.lnk
[2012/01/28 18:52:53 | 000,000,930 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Scribe.lnk
[2012/01/28 18:52:53 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/28 18:52:53 | 000,000,829 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Messenger.lnk
[2012/01/28 18:52:53 | 000,000,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Internet Radio.url
[2012/01/28 18:40:35 | 000,684,297 | ---- | C] () -- C:\Users\Maureen\Desktop\unhide.exe
[2012/01/28 11:54:56 | 000,294,216 | ---- | C] () -- C:\Users\Maureen\Desktop\gmer.zip
[2012/01/28 11:53:34 | 000,050,477 | ---- | C] () -- C:\Users\Maureen\Desktop\Defogger.exe
[2012/01/21 18:46:02 | 000,000,000 | ---- | C] () -- C:\Users\Maureen\defogger_reenable
[2012/01/21 15:30:23 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012/01/21 12:47:18 | 000,000,552 | ---- | C] () -- C:\Users\Maureen\AppData\Local\d3d8caps.dat
[2012/01/21 12:21:47 | 001,008,141 | ---- | C] () -- C:\Users\Maureen\Desktop\iXplore.exe
[2012/01/21 11:00:00 | 223,027,325 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/08 13:06:10 | 000,000,022 | ---- | C] () -- C:\Windows\cmm.dat
[2011/12/05 19:40:28 | 000,000,186 | ---- | C] () -- C:\Windows\System32\CleanMem.ini
[2011/05/15 07:44:50 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/05/15 07:44:50 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/02/02 14:52:44 | 000,000,000 | ---- | C] () -- C:\Users\Maureen\AppData\Local\prvlcl.dat
[2010/02/03 16:41:16 | 000,000,044 | ---- | C] () -- C:\Windows\liveup.ini
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/09/16 16:30:08 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/16 16:30:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/30 21:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/02/12 19:05:45 | 000,000,095 | ---- | C] () -- C:\Users\Maureen\AppData\Local\fusioncache.dat
[2008/09/26 17:50:55 | 000,882,312 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2008/09/13 08:32:47 | 000,000,036 | ---- | C] () -- C:\Windows\hdd.ini
[2008/08/10 22:08:06 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008/08/03 02:01:10 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/04/23 10:13:07 | 000,001,356 | ---- | C] () -- C:\Users\Maureen\AppData\Local\d3d9caps.dat
[2008/03/25 15:56:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2008/03/23 11:24:01 | 000,126,976 | ---- | C] () -- C:\Windows\System32\iavlsp.dll
[2008/03/23 11:14:03 | 000,008,691 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/03/01 14:31:02 | 000,000,767 | ---- | C] () -- C:\Windows\ACROREAD.INI
[2008/03/01 14:30:04 | 000,000,107 | ---- | C] () -- C:\Windows\WEBLINK.INI
[2008/03/01 11:40:36 | 000,053,248 | ---- | C] () -- C:\Windows\System32\uninstpw.exe
[2008/02/11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/01/25 20:37:43 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/01/24 16:01:43 | 000,130,525 | ---- | C] () -- C:\Windows\HPHins13.dat
[2008/01/24 16:01:42 | 000,002,977 | ---- | C] () -- C:\Windows\hphmdl13.dat
[2007/10/04 03:54:39 | 000,107,026 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/10/04 03:42:23 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1277.dll
[2007/10/04 03:37:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/10/04 03:28:40 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/10/04 03:28:40 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/08/24 19:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/07/19 10:07:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/15 20:56:09 | 000,000,502 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2006/12/14 01:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 01:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,638,936 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,118,548 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/23 18:29:55 | 000,000,060 | ---- | C] () -- C:\Windows\wpd99.drv
[2006/10/23 18:29:37 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2006/10/23 18:26:01 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2006/07/02 20:21:48 | 000,118,784 | ---- | C] () -- C:\Windows\bwUnin-7.2.0.157-8876480SL.exe
[2006/06/25 14:49:38 | 000,000,719 | R--- | C] () -- C:\Windows\System32\InstExec.ini
[2006/06/25 14:48:11 | 000,118,784 | R--- | C] () -- C:\Windows\bwUnin-7.2.0.137-8876480SL.exe
[2006/01/24 13:08:29 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2005/11/22 23:00:00 | 000,778,240 | ---- | C] () -- C:\Windows\System32\DivXsm.exe
[2005/10/29 15:43:54 | 000,000,075 | ---- | C] () -- C:\Windows\cdplayer.ini
[2005/08/12 16:57:09 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2004/10/09 13:07:40 | 000,004,569 | ---- | C] () -- C:\Windows\System32\secupd.dat
[2004/01/18 13:42:40 | 000,000,559 | ---- | C] () -- C:\Windows\System32\iconcfg.ini
[2003/11/15 23:19:09 | 000,000,022 | ---- | C] () -- C:\Windows\kodakpcd.Maureen Morse.ini
[2003/10/26 09:20:35 | 000,036,864 | ---- | C] () -- C:\Windows\System32\MypubUninstaller.exe
[2003/07/17 19:07:12 | 000,000,370 | ---- | C] () -- C:\Windows\msfsetup.ini
[2003/07/12 11:23:03 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2003/07/03 17:02:07 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2003/07/03 16:59:06 | 000,005,632 | ---- | C] () -- C:\Windows\System32\CNMVS4o.DLL
[2003/04/26 07:54:13 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2003/04/13 19:35:01 | 000,000,057 | ---- | C] () -- C:\Windows\PIXAMI~2.INI
[2003/04/01 21:29:17 | 000,000,176 | ---- | C] () -- C:\Windows\LEXSTAT.INI
[2003/03/30 18:12:24 | 000,010,840 | ---- | C] () -- C:\Windows\DevMgr.ini
[2003/03/30 18:00:46 | 000,000,020 | ---- | C] () -- C:\Windows\Hposcv07.INI
[2003/03/30 17:45:34 | 000,000,810 | ---- | C] () -- C:\Windows\webshots.ini
[2003/03/16 16:34:33 | 000,000,026 | ---- | C] () -- C:\Windows\iTouch.ini
[2003/03/16 16:13:39 | 000,000,051 | ---- | C] () -- C:\Windows\wininit.ini
[2003/03/16 16:13:34 | 000,000,004 | ---- | C] () -- C:\Windows\msoffice.ini
[2003/03/02 18:41:59 | 000,000,990 | ---- | C] () -- C:\Windows\ULead32.ini
[2003/02/23 20:08:51 | 000,081,920 | ---- | C] () -- C:\Users\Maureen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/02/22 22:56:36 | 000,000,034 | ---- | C] () -- C:\Windows\alohabob.INI
[2002/11/27 15:54:19 | 000,405,504 | ---- | C] () -- C:\Windows\System32\SLLights.dll
[2002/11/27 15:54:19 | 000,139,264 | ---- | C] () -- C:\Windows\System32\amr_cpl.dll
[2002/11/27 15:54:19 | 000,061,440 | ---- | C] () -- C:\Windows\SmCfg.exe
[2002/11/26 17:54:24 | 000,000,061 | ---- | C] () -- C:\Windows\smscfg.ini
[2002/11/26 17:41:50 | 000,001,065 | ---- | C] () -- C:\Windows\winamp.ini
[2002/11/26 17:41:22 | 000,000,310 | ---- | C] () -- C:\Windows\net2fone.ini
[2002/11/26 17:41:14 | 000,010,652 | ---- | C] () -- C:\Windows\mozver.dat
[2002/11/26 17:36:08 | 000,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll
[2002/11/26 17:36:08 | 000,000,491 | ---- | C] () -- C:\Windows\Instit.ini
[2002/11/26 17:22:45 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2002/11/26 17:19:01 | 000,000,164 | ---- | C] () -- C:\Windows\avrack.ini
[2002/11/26 17:11:04 | 000,021,640 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2002/11/26 16:01:31 | 000,188,416 | ---- | C] () -- C:\Windows\System32\slextspk.dll
[2002/11/26 16:01:31 | 000,147,456 | ---- | C] () -- C:\Windows\System32\SLGen.dll
[2002/11/26 16:01:31 | 000,024,576 | ---- | C] () -- C:\Windows\slrundll.exe
[2002/11/26 16:01:30 | 000,049,152 | ---- | C] () -- C:\Windows\System32\coinst.dll
[2002/11/26 16:01:24 | 000,000,444 | ---- | C] () -- C:\Windows\System32\emver.ini
[2002/11/26 16:00:36 | 000,046,258 | ---- | C] () -- C:\Windows\System32\mib.bin
[2002/11/26 16:00:19 | 000,001,788 | ---- | C] () -- C:\Windows\System32\dcache.bin
[2002/11/26 09:05:41 | 000,004,161 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2001/07/20 09:48:06 | 000,008,116 | ---- | C] () -- C:\Program Files\OSLO3071b2.USB
[2001/04/06 14:59:04 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2001/04/06 14:59:03 | 000,040,129 | ---- | C] () -- C:\Windows\iccsigs.dat
[2001/04/06 14:59:03 | 000,000,083 | ---- | C] () -- C:\Windows\KPCMS.INI
[2001/03/04 14:29:52 | 000,458,752 | ---- | C] () -- C:\Windows\System32\Fpl.dll
[2001/03/04 14:29:51 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2001/03/04 14:29:50 | 000,332,800 | ---- | C] () -- C:\Windows\System32\Fpxlib.dll
[2001/03/04 14:29:50 | 000,122,880 | ---- | C] () -- C:\Windows\System32\Jpeglib.dll
[2001/01/28 13:43:22 | 000,000,488 | ---- | C] () -- C:\Windows\Cmousecc.ini
[2001/01/18 14:55:22 | 000,131,584 | ---- | C] () -- C:\Windows\System32\Ptlic32.exe
[2000/12/05 14:56:34 | 000,114,688 | ---- | C] () -- C:\Program Files\lxarscan.dll
[2000/10/21 19:42:37 | 000,180,768 | ---- | C] () -- C:\Windows\System32\ltkrn62w.dll
[2000/10/21 19:42:37 | 000,161,824 | ---- | C] () -- C:\Windows\System32\lffax62w.dll
[2000/10/21 19:42:37 | 000,141,056 | ---- | C] () -- C:\Windows\System32\lfcmp62w.dll
[2000/10/21 19:42:37 | 000,132,288 | ---- | C] () -- C:\Windows\System32\lfpng62w.dll
[2000/10/21 19:42:37 | 000,084,448 | ---- | C] () -- C:\Windows\System32\pcdlib.dll
[2000/10/21 19:42:37 | 000,053,472 | ---- | C] () -- C:\Windows\System32\ltimg62w.dll
[2000/10/21 19:42:37 | 000,040,768 | ---- | C] () -- C:\Windows\System32\lftif62w.dll
[2000/10/21 19:42:37 | 000,025,216 | ---- | C] () -- C:\Windows\System32\ltfil62w.dll
[2000/10/21 19:42:37 | 000,016,960 | ---- | C] () -- C:\Windows\System32\lttwn62w.dll
[2000/10/21 19:42:37 | 000,014,080 | ---- | C] () -- C:\Windows\System32\lflmb62w.dll
[2000/10/21 19:42:37 | 000,010,656 | ---- | C] () -- C:\Windows\System32\lfpcx62w.dll
[2000/10/21 19:42:37 | 000,010,080 | ---- | C] () -- C:\Windows\System32\lfeps62w.dll
[2000/10/21 19:42:37 | 000,009,600 | ---- | C] () -- C:\Windows\System32\lfgif62w.dll
[2000/10/21 19:42:37 | 000,009,376 | ---- | C] () -- C:\Windows\System32\lfpct62w.dll
[2000/10/21 19:42:37 | 000,008,000 | ---- | C] () -- C:\Windows\System32\lfica62w.dll
[2000/10/21 19:42:37 | 000,007,744 | ---- | C] () -- C:\Windows\System32\lfpsd62w.dll
[2000/10/21 19:42:37 | 000,007,616 | ---- | C] () -- C:\Windows\System32\lftga62w.dll
[2000/10/21 19:42:37 | 000,007,264 | ---- | C] () -- C:\Windows\System32\lfwpg62w.dll
[2000/10/21 19:42:37 | 000,006,912 | ---- | C] () -- C:\Windows\System32\lfwmf62w.dll
[2000/10/21 19:42:37 | 000,006,816 | ---- | C] () -- C:\Windows\System32\lfimg62w.dll
[2000/10/21 19:42:37 | 000,006,208 | ---- | C] () -- C:\Windows\System32\lfras62w.dll
[2000/10/21 19:42:37 | 000,005,888 | ---- | C] () -- C:\Windows\System32\lfmsp62w.dll
[2000/10/21 19:42:37 | 000,005,792 | ---- | C] () -- C:\Windows\System32\lfcal62w.dll
[2000/10/21 19:42:37 | 000,005,440 | ---- | C] () -- C:\Windows\System32\lfwfx62w.dll
[2000/10/21 19:42:37 | 000,005,312 | ---- | C] () -- C:\Windows\System32\lfmac62w.dll
[2000/10/21 19:42:37 | 000,005,280 | ---- | C] () -- C:\Windows\System32\lfpcd62w.dll
[2000/10/21 19:42:36 | 000,010,336 | ---- | C] () -- C:\Windows\System32\lfbmp62w.dll
[2000/10/21 19:40:16 | 000,182,773 | ---- | C] () -- C:\Windows\System32\aaplay.dll
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\Windows\System32\KodakOneTouch.dll
[2000/01/22 22:13:48 | 000,131,072 | ---- | C] () -- C:\Windows\System32\ICQAL.dll
[2000/01/22 22:13:47 | 000,102,400 | ---- | C] () -- C:\Windows\System32\icqsock.dll
[2000/01/22 22:13:47 | 000,063,488 | ---- | C] () -- C:\Windows\System32\icquiex.dll
[2000/01/22 22:13:47 | 000,058,880 | ---- | C] () -- C:\Windows\System32\ICQMAPI.dll
[2000/01/22 22:13:47 | 000,058,880 | ---- | C] () -- C:\Windows\System32\icqcprt.dll
[2000/01/22 22:13:47 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2000/01/22 22:13:47 | 000,031,744 | ---- | C] () -- C:\Windows\System32\icqwcom.dll
[2000/01/22 22:13:47 | 000,025,600 | ---- | C] () -- C:\Windows\System32\icqwutl.dll
[2000/01/22 22:13:47 | 000,013,312 | ---- | C] () -- C:\Windows\System32\icqcutl.dll
[2000/01/22 22:13:47 | 000,007,328 | ---- | C] () -- C:\Windows\System32\ICQWSock16.dll
[2000/01/11 11:50:48 | 000,000,047 | ---- | C] () -- C:\Program Files\ACMonitor_X73.ini
[1999/12/15 19:49:42 | 000,006,472 | ---- | C] () -- C:\Windows\ICOADB32.DAT
[1999/12/05 16:13:16 | 000,098,304 | ---- | C] () -- C:\Windows\System32\vvlusb32.dll
[1999/12/04 18:50:01 | 000,093,184 | ---- | C] () -- C:\Windows\System32\keydb.dll
[1999/12/04 18:50:01 | 000,065,024 | ---- | C] () -- C:\Windows\System32\bn.dll
[1999/12/04 18:49:57 | 000,302,592 | ---- | C] () -- C:\Windows\System32\pgp.dll
[1999/12/04 18:49:57 | 000,070,656 | ---- | C] () -- C:\Windows\System32\simple.dll
[1999/12/04 18:49:34 | 000,003,200 | ---- | C] () -- C:\Windows\System32\LTTHK62W.DLL
[1999/12/04 18:49:33 | 000,016,896 | ---- | C] () -- C:\Windows\System32\ftpclient.dll
[1999/12/04 14:24:56 | 000,026,112 | ---- | C] () -- C:\Windows\System32\PIXTHK32.DLL
[1999/12/04 14:24:56 | 000,012,126 | ---- | C] () -- C:\Windows\System32\PIXPCZ.DLL
[1999/12/04 14:24:56 | 000,011,934 | ---- | C] () -- C:\Windows\System32\PIXPNR.DLL
[1999/08/13 10:08:38 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1999/07/22 10:58:52 | 000,002,490 | ---- | C] () -- C:\Windows\System32\DLCNDI.DLL
[1999/04/23 22:22:00 | 000,188,416 | ---- | C] () -- C:\Windows\System32\MEMBG.DLL
[1999/04/23 22:22:00 | 000,167,936 | ---- | C] () -- C:\Windows\System32\XFILEXR.DLL
[1999/04/23 22:22:00 | 000,032,768 | ---- | C] () -- C:\Windows\System32\GROUPPOL.DLL
[1999/04/23 22:22:00 | 000,030,208 | ---- | C] () -- C:\Windows\System32\WNASPI32.DLL
[1999/04/23 22:22:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\NETBIOS.DLL
[1999/04/23 22:22:00 | 000,008,576 | ---- | C] () -- C:\Windows\System32\ICMUPG.DLL
[1999/03/23 21:57:12 | 000,030,720 | ---- | C] () -- C:\Windows\System32\MODCTRL.DLL
[1999/01/27 12:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1998/09/24 13:29:06 | 000,100,512 | ---- | C] () -- C:\Windows\System32\M1ATI16.DLL
[1998/09/10 23:02:38 | 000,162,816 | ---- | C] () -- C:\Windows\System32\CCMPEG.DLL
[1998/07/07 17:01:26 | 000,103,488 | ---- | C] () -- C:\Windows\System32\ATITVOUT.DLL
[1998/04/28 17:43:34 | 000,003,744 | ---- | C] () -- C:\Windows\System32\ATITB.DLL
[1997/07/14 11:11:34 | 000,121,856 | ---- | C] () -- C:\Windows\System32\tsd2.dll
[1997/06/13 06:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[1996/10/25 17:58:02 | 000,158,720 | ---- | C] () -- C:\Windows\System32\LFCMP62N.DLL
[1996/10/18 13:16:06 | 000,187,392 | ---- | C] () -- C:\Windows\System32\LTANN62N.DLL
[1996/10/17 17:29:30 | 000,024,576 | ---- | C] () -- C:\Windows\System32\LFICA62N.DLL
[1996/10/17 17:29:28 | 000,017,408 | ---- | C] () -- C:\Windows\System32\LFWFX62N.DLL
[1996/10/17 17:29:18 | 000,017,920 | ---- | C] () -- C:\Windows\System32\LFCAL62N.DLL
[1996/10/17 17:29:14 | 000,047,616 | ---- | C] () -- C:\Windows\System32\LFTIF62N.DLL
[1996/10/15 19:10:20 | 000,175,616 | ---- | C] () -- C:\Windows\System32\LFFAX62N.DLL
[1996/10/09 16:23:38 | 000,023,552 | ---- | C] () -- C:\Windows\System32\LFLMB62N.DLL
[1996/10/09 16:23:36 | 000,027,136 | ---- | C] () -- C:\Windows\System32\LFLMA62N.DLL
[1996/10/09 16:23:34 | 000,017,408 | ---- | C] () -- C:\Windows\System32\LFPCD62N.DLL
[1996/10/09 16:23:30 | 000,022,016 | ---- | C] () -- C:\Windows\System32\LFPCT62N.DLL
[1996/10/09 16:23:28 | 000,018,432 | ---- | C] () -- C:\Windows\System32\LFRAS62N.DLL
[1996/10/09 16:23:26 | 000,019,456 | ---- | C] () -- C:\Windows\System32\LFWPG62N.DLL
[1996/10/09 16:23:24 | 000,018,944 | ---- | C] () -- C:\Windows\System32\LFIMG62N.DLL
[1996/10/09 16:23:24 | 000,018,432 | ---- | C] () -- C:\Windows\System32\LFMSP62N.DLL
[1996/10/09 16:23:22 | 000,017,920 | ---- | C] () -- C:\Windows\System32\LFMAC62N.DLL
[1996/10/09 16:23:20 | 000,020,480 | ---- | C] () -- C:\Windows\System32\LFPSD62N.DLL
[1996/10/09 16:23:18 | 000,022,528 | ---- | C] () -- C:\Windows\System32\LFEPS62N.DLL
[1996/10/09 16:23:16 | 000,019,968 | ---- | C] () -- C:\Windows\System32\LFWMF62N.DLL
[1996/10/09 16:23:14 | 000,110,080 | ---- | C] () -- C:\Windows\System32\LFPNG62N.DLL
[1996/10/09 16:23:12 | 000,022,016 | ---- | C] () -- C:\Windows\System32\LFGIF62N.DLL
[1996/10/09 16:23:08 | 000,023,552 | ---- | C] () -- C:\Windows\System32\LFPCX62N.DLL
[1996/10/09 16:23:06 | 000,022,016 | ---- | C] () -- C:\Windows\System32\LFBMP62N.DLL
[1996/10/09 16:23:04 | 000,019,968 | ---- | C] () -- C:\Windows\System32\LFTGA62N.DLL
[1996/10/09 16:22:58 | 000,029,184 | ---- | C] () -- C:\Windows\System32\LTWND62N.DLL
[1996/10/09 16:22:56 | 000,024,064 | ---- | C] () -- C:\Windows\System32\LTTWN62N.DLL
[1996/10/09 16:22:50 | 000,043,008 | ---- | C] () -- C:\Windows\System32\LTFIL62N.DLL
[1996/10/09 16:22:46 | 000,076,288 | ---- | C] () -- C:\Windows\System32\LTIMG62N.DLL
[1996/06/06 14:22:28 | 000,019,776 | ---- | C] () -- C:\Windows\System32\VMP_MM.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Users\Maureen\Desktop\melissa 3-30-77.jpg:SummaryInformation

< End of report >


I already ran unhide and can see all the files and icons. I've also backed up the data files (12 dvd's-mostly pictures!

Thanks again. I'd have no clue what to do without your expert help.

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:59 AM

Posted 01 February 2012 - 06:57 AM

Please run junction again...I'm not thrilled with the results of that log. Glad you were able to back up your pictures...make sure to scan it with an antivirus to be safe!


Go to Start => Run... => Copy and paste the following command in the Run box and click OK:

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system. Wait until a log file opens. Copy and paste the log in your next reply.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 billmorse

billmorse
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 01 February 2012 - 10:39 AM

junction output follows. I had to run the program 4 times - the first 3 gave empty log files


Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

\\?\c:\\Documents and Settings: JUNCTION
Print Name : C:\Users
Substitute Name: C:\Users


Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\System Volume Information: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

.\\?\c:\\ProgramData\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\c:\\ProgramData\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\c:\\ProgramData\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\c:\\ProgramData\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites

\\?\c:\\ProgramData\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\ProgramData\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

..

..
Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1f0d2d30efa8af15f86b48a0323131c6_f11fab13-e320-4a3e-b9b9-b2cabde2da7d: Access is denied.


.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...\\?\c:\\Users\All Users: SYMBOLIC LINK
Print Name : C:\ProgramData
Substitute Name: \??\C:\ProgramData

\\?\c:\\Users\Default User: JUNCTION
Print Name : C:\Users\Default
Substitute Name: C:\Users\Default

\\?\c:\\Users\All Users\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\c:\\Users\All Users\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Users\All Users\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\c:\\Users\All Users\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Users\All Users\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Users\All Users\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates



...

.
Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\1f0d2d30efa8af15f86b48a0323131c6_f11fab13-e320-4a3e-b9b9-b2cabde2da7d: Access is denied.


..

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

\\?\c:\\Users\Default\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming
Substitute Name: C:\Users\Default\AppData\Roaming

\\?\c:\\Users\Default\Cookies: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Default\Local Settings: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\My Documents: JUNCTION
Print Name : C:\Users\Default\Documents
Substitute Name: C:\Users\Default\Documents

\\?\c:\\Users\Default\NetHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Default\PrintHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Default\Recent: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Default\SendTo: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Default\Start Menu: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Default\Templates: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Default\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\AppData\Local\History: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Default\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files

\\?\c:\\Users\Default\Documents\My Music: JUNCTION
Print Name : C:\Users\Default\Music
Substitute Name: C:\Users\Default\Music

\\?\c:\\Users\Default\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Default\Pictures
Substitute Name: C:\Users\Default\Pictures

\\?\c:\\Users\Default\Documents\My Videos: JUNCTION
Print Name : C:\Users\Default\Videos
Substitute Name: C:\Users\Default\Videos

\\?\c:\\Users\Maureen\Application Data: JUNCTION
Print Name : C:\Users\Maureen\AppData\Roaming
Substitute Name: C:\Users\Maureen\AppData\Roaming

\\?\c:\\Users\Maureen\Cookies: JUNCTION
Print Name : C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Maureen\Local Settings: JUNCTION
Print Name : C:\Users\Maureen\AppData\Local
Substitute Name: C:\Users\Maureen\AppData\Local

\\?\c:\\Users\Maureen\My Documents: JUNCTION
Print Name : C:\Users\Maureen\Documents
Substitute Name: C:\Users\Maureen\Documents

\\?\c:\\Users\Maureen\NetHood: JUNCTION
Print Name : C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Maureen\PrintHood: JUNCTION
Print Name : C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Maureen\Recent: JUNCTION
Print Name : C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Maureen\SendTo: JUNCTION
Print Name : C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Maureen\Start Menu: JUNCTION
Print Name : C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Maureen\Templates: JUNCTION
Print Name : C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Maureen\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Maureen\AppData\Local
Substitute Name: C:\Users\Maureen\AppData\Local

\\?\c:\\Users\Maureen\AppData\Local\History: JUNCTION
Print Name : C:\Users\Maureen\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Maureen\AppData\Local\Microsoft\Windows\History

.\\?\c:\\Users\Maureen\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Maureen\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Maureen\AppData\Local\Microsoft\Windows\Temporary Internet Files

..

...

...

...

...

...

\\?\c:\\Users\Maureen\Documents\My Music: JUNCTION
Print Name : C:\Users\Maureen\Music
Substitute Name: C:\Users\Maureen\Music

\\?\c:\\Users\Maureen\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Maureen\Pictures
Substitute Name: C:\Users\Maureen\Pictures

\\?\c:\\Users\Maureen\Documents\My Videos: JUNCTION
Print Name : C:\Users\Maureen\Videos
Substitute Name: C:\Users\Maureen\Videos

...

...

\\?\c:\\Users\Public\Documents\My Music: JUNCTION
Print Name : C:\Users\Public\Music
Substitute Name: C:\Users\Public\Music

\\?\c:\\Users\Public\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Public\Pictures
Substitute Name: C:\Users\Public\Pictures

\\?\c:\\Users\Public\Documents\My Videos: JUNCTION
Print Name : C:\Users\Public\Videos
Substitute Name: C:\Users\Public\Videos

.\\?\c:\\Windows\$NtUninstallKB61239$: SYMBOLIC LINK
Print Name : c:\windows\system32\config
Substitute Name: \systemroot\system32\config


Failed to open \\?\c:\\Windows\bthservsdp.dat: Access is denied.


.
Failed to open \\?\c:\\Windows\$NtUninstallKB61239$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData: Access is denied.



Failed to open \\?\c:\\Windows\$NtUninstallKB61239$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My: Access is denied.


.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

..
Failed to open \\?\c:\\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData: Access is denied.



Failed to open \\?\c:\\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My: Access is denied.


.

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\Windows\System32\LogFiles\WMI\RtBackup: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users