Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win64/Sirefef.Y infection with auto rebooting


  • This topic is locked This topic is locked
25 replies to this topic

#1 Matthew32

Matthew32

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 09 June 2012 - 07:47 PM

My mother-in-law has gotten herself infected with the win64/Sirefef.Y virus. At first it just would not let me run any programs to try to fix it. Not it has gone to rebooting a minute after windows starts. Needless to say its driving me nuts!

I am not really able to run much. I have been able to run FRST and will post the log below. Other than that, it reboots before being able to run anything. I have tried safe mode, regular mode, safe mode to command prompt, System Recovery then command prompt. Not able to run anything other than FRST.

Any help?

Scan result of Farbar Recovery Scan Tool Version: 09-06-2012 01
Ran by SYSTEM at 09-06-2012 18:40:44
Running from L:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8158240 2009-10-06] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [166424 2009-11-24] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [390680 2009-11-24] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [410136 2009-11-24] (Intel Corporation)
HKLM\...\Run: [lxeamon.exe] "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe" [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe" [148280 2011-01-23] ()
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe" [84464 2009-07-21] ()
HKLM-x32\...\Run: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe" [606904 2011-12-12] (iolo technologies, LLC)
HKU\Elaine\...\Run: [Google Update] "C:\Users\Elaine\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-13] (Google Inc.)
HKU\Elaine\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Elaine\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4786048 2012-05-21] (SUPERAntiSpyware.com)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 97.64.209.36 97.64.168.13
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [457200 2009-06-02] ()
2 CinemaNow Service; C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [127352 2009-06-23] (CinemaNow, Inc.)
2 ioloFileInfoList; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [722616 2011-12-12] (iolo technologies, LLC)
2 ioloSystemService; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [722616 2011-12-12] (iolo technologies, LLC)
2 lxea_device; C:\Windows\system32\lxeacoms.exe -service [1052328 2010-04-14] ( )
2 lxea_device; C:\Windows\SysWow64\lxeacoms.exe -service [598696 2010-04-14] ( )
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 PEVSystemStart; "C:\32788R22FWJFW\pev.3XE" EXEC /i CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:15 "C:\32788R22FWJFW\KNetSvcs.vbs" [407 2012-05-20] ()
3 RoxMediaDB12; "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe" [1116656 2009-07-24] (Sonic Solutions)
2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe" [219632 2009-07-24] (Sonic Solutions)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
3 sdAuxService; C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [366840 2010-03-15] (PC Tools)
3 sdCoreService; C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [1150936 2010-11-19] (PC Tools)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

1 ElRawDisk; \??\C:\Windows\system32\drivers\ElRawDsk.sys [23464 2008-12-09] (EldoS Corporation)
0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [257232 2010-11-25] (PC Tools)
0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [452872 2010-06-29] (PC Tools)
0 pctEFA; C:\Windows\System32\drivers\pctEFA64.sys [816016 2010-07-16] (PC Tools)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-09 16:20 - 2012-06-09 16:20 - 00000000 ____D C:\Users\Elaine\Application Data\GetRightToGo
2012-06-09 16:20 - 2012-06-09 16:20 - 00000000 ____D C:\Users\Elaine\AppData\Roaming\GetRightToGo
2012-06-09 16:10 - 2012-06-09 18:41 - 00000000 ____D C:\FRST
2012-06-09 15:54 - 2012-06-09 15:54 - 00743538 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-09 15:54 - 2012-06-09 15:54 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-09 15:54 - 2012-06-09 15:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-09 15:53 - 2012-06-09 15:54 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-09 15:50 - 2012-06-09 15:50 - 00122884 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_15.50.27_log.txt
2012-06-09 15:28 - 2012-06-09 15:28 - 00000858 ____A C:\Users\Elaine\Desktop\pcdoctor.reg
2012-06-09 15:19 - 2012-06-09 18:30 - 01948468 ____A C:\Windows\System32\Drivers\Cat.DB
2012-06-09 15:19 - 2012-06-09 15:38 - 00000000 ____D C:\Program Files (x86)\PC Tools Security
2012-06-09 15:19 - 2012-06-09 15:19 - 00002080 ____A C:\Users\Public\Desktop\Spyware Doctor.lnk
2012-06-09 15:19 - 2012-06-09 15:19 - 00002080 ____A C:\Users\All Users\Desktop\Spyware Doctor.lnk
2012-06-09 15:19 - 2012-06-09 15:19 - 00000000 ____D C:\Users\Elaine\Application Data\PC Tools
2012-06-09 15:19 - 2012-06-09 15:19 - 00000000 ____D C:\Users\Elaine\AppData\Roaming\PC Tools
2012-06-09 15:19 - 2012-06-09 15:19 - 00000000 ____D C:\Users\All Users\PC Tools
2012-06-09 15:19 - 2012-06-09 15:19 - 00000000 ____D C:\Users\All Users\Application Data\PC Tools
2012-06-09 15:19 - 2010-11-25 10:43 - 00257232 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore64.sys
2012-06-09 15:19 - 2010-11-25 10:42 - 00092896 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg64.sys
2012-06-09 15:19 - 2010-11-17 10:20 - 00331368 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi64.sys
2012-06-09 15:19 - 2010-11-17 10:20 - 00136168 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter64.sys
2012-06-09 15:19 - 2010-07-16 14:53 - 00816016 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA64.sys
2012-06-09 15:19 - 2010-06-29 10:35 - 00452872 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS64.sys
2012-06-09 14:50 - 2012-06-09 14:50 - 00000542 ____A C:\Users\Elaine\Desktop\venue3.reg
2012-06-09 14:49 - 2012-06-09 14:49 - 00000556 ____A C:\Users\Elaine\Desktop\venue2.reg
2012-06-09 14:49 - 2012-06-09 14:49 - 00000482 ____A C:\Users\Elaine\Desktop\venue.reg
2012-06-09 14:41 - 2012-06-09 14:42 - 00128202 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_14.41.44_log.txt
2012-06-09 14:37 - 2012-06-09 14:37 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-09 14:36 - 2012-06-09 14:37 - 00132436 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_14.36.29_log.txt
2012-06-09 14:35 - 2012-06-09 14:35 - 00000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 8b5b50bf-58c5-44ab-882e-8a24b8f056bc.job
2012-06-09 14:35 - 2012-06-09 14:35 - 00000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7cd39922-4a32-4112-8156-21da5e292f74.job
2012-06-09 14:35 - 2012-06-09 14:35 - 00000000 ____D C:\Users\Elaine\Application Data\SUPERAntiSpyware.com
2012-06-09 14:35 - 2012-06-09 14:35 - 00000000 ____D C:\Users\Elaine\AppData\Roaming\SUPERAntiSpyware.com
2012-06-09 14:34 - 2012-06-09 14:35 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-06-09 14:34 - 2012-06-09 14:34 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2012-06-09 14:34 - 2012-06-09 14:34 - 00001810 ____A C:\Users\All Users\Desktop\SUPERAntiSpyware Professional.lnk
2012-06-09 14:34 - 2012-06-09 14:34 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-06-09 14:34 - 2012-06-09 14:34 - 00000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com
2012-06-09 14:19 - 2012-06-09 14:34 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-09 14:19 - 2012-06-09 14:34 - 00000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy
2012-06-09 14:19 - 2012-06-09 14:21 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-09 14:19 - 2012-06-09 14:19 - 00001264 ____A C:\Users\Elaine\Desktop\Spybot - Search & Destroy.lnk
2012-06-09 14:17 - 2012-06-09 14:17 - 00270824 ____A C:\Windows\Minidump\060912-16629-01.dmp
2012-06-08 18:33 - 2012-06-08 18:33 - 00277520 ____A C:\Windows\Minidump\060812-14960-01.dmp
2012-06-08 17:52 - 2012-06-09 16:35 - 01319860 ____A C:\Windows\ntbtlog.txt
2012-06-08 17:43 - 2012-06-08 17:43 - 00270824 ____A C:\Windows\Minidump\060812-17690-01.dmp
2012-06-08 17:32 - 2012-06-08 17:32 - 00000536 ____A C:\Users\Elaine\Desktop\2.reg
2012-06-08 17:27 - 2012-06-08 17:27 - 00000320 ____A C:\Users\Elaine\Desktop\1.reg
2012-06-08 16:41 - 2012-06-08 16:41 - 00270824 ____A C:\Windows\Minidump\060812-25880-01.dmp
2012-06-08 16:34 - 2012-06-08 16:35 - 00270824 ____A C:\Windows\Minidump\060812-16364-01.dmp
2012-06-08 16:30 - 2012-06-08 16:31 - 00270824 ____A C:\Windows\Minidump\060812-17175-01.dmp
2012-06-07 21:07 - 2012-06-07 21:07 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-06-07 21:07 - 2012-06-07 21:07 - 00000000 ____D C:\Users\All Users\Application Data\Kaspersky Lab
2012-06-07 21:04 - 2012-06-07 21:04 - 00270824 ____A C:\Windows\Minidump\060712-16270-01.dmp
2012-06-07 20:59 - 2012-06-07 20:59 - 00001345 ____A C:\Users\Public\Desktop\Norton Security Scan.lnk
2012-06-07 20:59 - 2012-06-07 20:59 - 00001345 ____A C:\Users\All Users\Desktop\Norton Security Scan.lnk
2012-06-07 20:59 - 2012-06-07 20:59 - 00000450 ___AH C:\Windows\Tasks\Norton Security Scan for Elaine.job
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Windows\System32\Drivers\NSSx64
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Users\All Users\Symantec
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Users\All Users\NortonInstaller
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Users\All Users\Application Data\Symantec
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Users\All Users\Application Data\NortonInstaller
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan
2012-06-07 20:50 - 2012-06-07 20:50 - 00001401 ____A C:\Windows\System32\Drivers\etc\hosts.bak
2012-06-07 20:36 - 2012-06-09 18:34 - 00000000 ___SD C:\32788R22FWJFW
2012-06-07 20:30 - 2012-06-07 20:30 - 00277520 ____A C:\Windows\Minidump\060712-15646-01.dmp
2012-06-05 10:31 - 2012-06-05 10:31 - 00000607 ____A C:\Users\Elaine\Desktop\stinger - Shortcut.lnk
2012-06-05 10:31 - 2012-06-05 10:24 - 09504872 ____A (McAfee Inc.) C:\Users\Elaine\My Documents\stinger.exe
2012-06-05 10:31 - 2012-06-05 10:24 - 09504872 ____A (McAfee Inc.) C:\Users\Elaine\Documents\stinger.exe
2012-06-04 09:52 - 2012-06-04 09:52 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-04 09:32 - 2012-06-04 12:02 - 00000041 ____A C:\Users\Elaine\Application Data\667B93.dat
2012-06-04 09:32 - 2012-06-04 12:02 - 00000041 ____A C:\Users\Elaine\AppData\Roaming\667B93.dat
2012-06-03 08:13 - 2012-06-03 22:43 - 00012256 ____A C:\Users\Elaine\My Documents\Drew's Graduation Party.docx
2012-06-03 08:13 - 2012-06-03 22:43 - 00012256 ____A C:\Users\Elaine\Documents\Drew's Graduation Party.docx
2012-05-31 13:24 - 2012-05-31 13:33 - 00034816 ____A C:\Users\Elaine\My Documents\Grad Title 2.pub
2012-05-31 13:24 - 2012-05-31 13:33 - 00034816 ____A C:\Users\Elaine\Documents\Grad Title 2.pub
2012-05-31 13:10 - 2012-05-31 13:35 - 00022934 ____A C:\Users\Elaine\My Documents\Grad Title 1.docx
2012-05-31 13:10 - 2012-05-31 13:35 - 00022934 ____A C:\Users\Elaine\Documents\Grad Title 1.docx
2012-05-30 07:12 - 2012-05-30 07:12 - 00011557 ____A C:\Users\Elaine\My Documents\Wayne Neubauer.docx
2012-05-30 07:12 - 2012-05-30 07:12 - 00011557 ____A C:\Users\Elaine\Documents\Wayne Neubauer.docx
2012-05-29 13:34 - 2012-05-29 13:34 - 00103784 ____A C:\Users\Elaine\GoToAssistDownloadHelper.exe
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\Local Settings\Deployment
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\Local Settings\Citrix
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\Local Settings\Application Data\Deployment
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\Local Settings\Application Data\Citrix
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\AppData\Local\Deployment
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\AppData\Local\Citrix
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\AppData\Local\Apps\2.0
2012-05-26 13:30 - 2012-05-26 13:30 - 00033280 ____A C:\Users\Elaine\My Documents\Grad Keys 2.pub
2012-05-26 13:30 - 2012-05-26 13:30 - 00033280 ____A C:\Users\Elaine\Documents\Grad Keys 2.pub
2012-05-26 11:57 - 2012-05-26 11:57 - 00277520 ____A C:\Windows\Minidump\052612-13447-01.dmp
2012-05-26 11:55 - 2012-05-26 11:55 - 00277576 ____A C:\Windows\Minidump\052612-11949-01.dmp
2012-05-26 08:07 - 2012-05-27 14:56 - 00046592 ____A C:\Users\Elaine\My Documents\Grad Key Words.pub
2012-05-26 08:07 - 2012-05-27 14:56 - 00046592 ____A C:\Users\Elaine\Documents\Grad Key Words.pub
2012-05-18 09:17 - 2012-05-18 09:17 - 00277576 ____A C:\Windows\Minidump\051812-19968-01.dmp
2012-05-12 07:13 - 2012-06-09 15:09 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-12 07:13 - 2012-05-12 07:13 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-11 04:08 - 2012-03-31 01:05 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-11 04:08 - 2012-03-30 23:39 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-11 04:08 - 2012-03-30 23:39 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-11 04:08 - 2012-03-30 22:10 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-11 04:08 - 2012-03-17 02:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-11 04:08 - 2012-03-03 01:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-11 04:08 - 2012-03-03 00:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-11 04:07 - 2012-03-30 06:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys


============ 3 Months Modified Files and Folders =============

2012-06-09 18:41 - 2012-06-09 16:10 - 00000000 ____D C:\FRST
2012-06-09 18:38 - 2010-05-06 22:09 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-06-09 18:36 - 2011-11-12 19:51 - 00079450 ____A C:\Users\All Users\lxeascan.log
2012-06-09 18:36 - 2011-11-12 19:51 - 00079450 ____A C:\Users\All Users\Application Data\lxeascan.log
2012-06-09 18:36 - 2011-11-12 18:36 - 00000000 ____D C:\Users\Elaine\Local Settings\SoftThinks
2012-06-09 18:36 - 2011-11-12 18:36 - 00000000 ____D C:\Users\Elaine\Local Settings\Application Data\SoftThinks
2012-06-09 18:36 - 2011-11-12 18:36 - 00000000 ____D C:\Users\Elaine\AppData\Local\SoftThinks
2012-06-09 18:36 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-09 18:35 - 2012-01-02 16:30 - 00003986 ____A C:\Windows\setupact.log
2012-06-09 18:34 - 2012-06-07 20:36 - 00000000 ___SD C:\32788R22FWJFW
2012-06-09 18:32 - 2009-07-13 23:45 - 00453872 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-09 18:30 - 2012-06-09 15:19 - 01948468 ____A C:\Windows\System32\Drivers\Cat.DB
2012-06-09 16:35 - 2012-06-08 17:52 - 01319860 ____A C:\Windows\ntbtlog.txt
2012-06-09 16:33 - 2011-12-10 13:45 - 00000000 ____D C:\Users\Elaine\Local Settings\NPE
2012-06-09 16:33 - 2011-12-10 13:45 - 00000000 ____D C:\Users\Elaine\Local Settings\Application Data\NPE
2012-06-09 16:33 - 2011-12-10 13:45 - 00000000 ____D C:\Users\Elaine\AppData\Local\NPE
2012-06-09 16:20 - 2012-06-09 16:20 - 00000000 ____D C:\Users\Elaine\Application Data\GetRightToGo
2012-06-09 16:20 - 2012-06-09 16:20 - 00000000 ____D C:\Users\Elaine\AppData\Roaming\GetRightToGo
2012-06-09 16:10 - 2011-11-12 21:38 - 00000000 ____D C:\users\LogMeInRemoteUser
2012-06-09 16:10 - 2011-11-12 21:37 - 00000000 ____D C:\users\Charles
2012-06-09 15:57 - 2012-01-02 16:23 - 02022790 ____A C:\Windows\WindowsUpdate.log
2012-06-09 15:54 - 2012-06-09 15:54 - 00743538 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-09 15:54 - 2012-06-09 15:54 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-09 15:54 - 2012-06-09 15:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-09 15:54 - 2012-06-09 15:53 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-09 15:50 - 2012-06-09 15:50 - 00122884 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_15.50.27_log.txt
2012-06-09 15:47 - 2011-12-10 13:43 - 00000361 ____A C:\rkill.log
2012-06-09 15:45 - 2009-07-14 00:08 - 00032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-09 15:43 - 2009-07-13 23:45 - 00014240 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-09 15:43 - 2009-07-13 23:45 - 00014240 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-09 15:39 - 2009-07-14 00:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-09 15:38 - 2012-06-09 15:19 - 00000000 ____D C:\Program Files (x86)\PC Tools Security
2012-06-09 15:37 - 2010-05-06 22:23 - 00000000 ____D C:\Users\All Users\McAfee
2012-06-09 15:37 - 2010-05-06 22:23 - 00000000 ____D C:\Users\All Users\Application Data\McAfee
2012-06-09 15:37 - 2010-05-06 22:22 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2012-06-09 15:37 - 2010-05-06 22:22 - 00000000 ____D C:\Program Files (x86)\McAfee
2012-06-09 15:30 - 2012-01-02 16:30 - 00745778 ____A C:\Windows\PFRO.log
2012-06-09 15:28 - 2012-06-09 15:28 - 00000858 ____A C:\Users\Elaine\Desktop\pcdoctor.reg
2012-06-09 15:25 - 2011-12-13 23:52 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3591788337-4158028197-1570331696-1001UA.job
2012-06-09 15:19 - 2012-06-09 15:19 - 00002080 ____A C:\Users\Public\Desktop\Spyware Doctor.lnk
2012-06-09 15:19 - 2012-06-09 15:19 - 00002080 ____A C:\Users\All Users\Desktop\Spyware Doctor.lnk
2012-06-09 15:19 - 2012-06-09 15:19 - 00000000 ____D C:\Users\Elaine\Application Data\PC Tools
2012-06-09 15:19 - 2012-06-09 15:19 - 00000000 ____D C:\Users\Elaine\AppData\Roaming\PC Tools
2012-06-09 15:19 - 2012-06-09 15:19 - 00000000 ____D C:\Users\All Users\PC Tools
2012-06-09 15:19 - 2012-06-09 15:19 - 00000000 ____D C:\Users\All Users\Application Data\PC Tools
2012-06-09 15:19 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-06-09 15:17 - 2011-12-10 14:44 - 00000000 ____D C:\Users\Elaine\Local Settings\CrashDumps
2012-06-09 15:17 - 2011-12-10 14:44 - 00000000 ____D C:\Users\Elaine\Local Settings\Application Data\CrashDumps
2012-06-09 15:17 - 2011-12-10 14:44 - 00000000 ____D C:\Users\Elaine\AppData\Local\CrashDumps
2012-06-09 15:09 - 2012-05-12 07:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-09 14:50 - 2012-06-09 14:50 - 00000542 ____A C:\Users\Elaine\Desktop\venue3.reg
2012-06-09 14:49 - 2012-06-09 14:49 - 00000556 ____A C:\Users\Elaine\Desktop\venue2.reg
2012-06-09 14:49 - 2012-06-09 14:49 - 00000482 ____A C:\Users\Elaine\Desktop\venue.reg
2012-06-09 14:42 - 2012-06-09 14:41 - 00128202 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_14.41.44_log.txt
2012-06-09 14:37 - 2012-06-09 14:37 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-09 14:37 - 2012-06-09 14:36 - 00132436 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_14.36.29_log.txt
2012-06-09 14:35 - 2012-06-09 14:35 - 00000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 8b5b50bf-58c5-44ab-882e-8a24b8f056bc.job
2012-06-09 14:35 - 2012-06-09 14:35 - 00000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7cd39922-4a32-4112-8156-21da5e292f74.job
2012-06-09 14:35 - 2012-06-09 14:35 - 00000000 ____D C:\Users\Elaine\Application Data\SUPERAntiSpyware.com
2012-06-09 14:35 - 2012-06-09 14:35 - 00000000 ____D C:\Users\Elaine\AppData\Roaming\SUPERAntiSpyware.com
2012-06-09 14:35 - 2012-06-09 14:34 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-06-09 14:34 - 2012-06-09 14:34 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2012-06-09 14:34 - 2012-06-09 14:34 - 00001810 ____A C:\Users\All Users\Desktop\SUPERAntiSpyware Professional.lnk
2012-06-09 14:34 - 2012-06-09 14:34 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-06-09 14:34 - 2012-06-09 14:34 - 00000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com
2012-06-09 14:34 - 2012-06-09 14:19 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-09 14:34 - 2012-06-09 14:19 - 00000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy
2012-06-09 14:21 - 2012-06-09 14:19 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-09 14:19 - 2012-06-09 14:19 - 00001264 ____A C:\Users\Elaine\Desktop\Spybot - Search & Destroy.lnk
2012-06-09 14:17 - 2012-06-09 14:17 - 00270824 ____A C:\Windows\Minidump\060912-16629-01.dmp
2012-06-09 14:17 - 2011-11-14 09:25 - 00000000 ____D C:\Windows\Minidump
2012-06-09 14:16 - 2012-01-10 11:10 - 326795659 ____A C:\Windows\MEMORY.DMP
2012-06-08 18:33 - 2012-06-08 18:33 - 00277520 ____A C:\Windows\Minidump\060812-14960-01.dmp
2012-06-08 17:43 - 2012-06-08 17:43 - 00270824 ____A C:\Windows\Minidump\060812-17690-01.dmp
2012-06-08 17:32 - 2012-06-08 17:32 - 00000536 ____A C:\Users\Elaine\Desktop\2.reg
2012-06-08 17:27 - 2012-06-08 17:27 - 00000320 ____A C:\Users\Elaine\Desktop\1.reg
2012-06-08 16:41 - 2012-06-08 16:41 - 00270824 ____A C:\Windows\Minidump\060812-25880-01.dmp
2012-06-08 16:35 - 2012-06-08 16:34 - 00270824 ____A C:\Windows\Minidump\060812-16364-01.dmp
2012-06-08 16:31 - 2012-06-08 16:30 - 00270824 ____A C:\Windows\Minidump\060812-17175-01.dmp
2012-06-07 21:44 - 2011-11-12 21:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-07 21:07 - 2012-06-07 21:07 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-06-07 21:07 - 2012-06-07 21:07 - 00000000 ____D C:\Users\All Users\Application Data\Kaspersky Lab
2012-06-07 21:04 - 2012-06-07 21:04 - 00270824 ____A C:\Windows\Minidump\060712-16270-01.dmp
2012-06-07 20:59 - 2012-06-07 20:59 - 00001345 ____A C:\Users\Public\Desktop\Norton Security Scan.lnk
2012-06-07 20:59 - 2012-06-07 20:59 - 00001345 ____A C:\Users\All Users\Desktop\Norton Security Scan.lnk
2012-06-07 20:59 - 2012-06-07 20:59 - 00000450 ___AH C:\Windows\Tasks\Norton Security Scan for Elaine.job
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Windows\System32\Drivers\NSSx64
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Users\All Users\Symantec
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Users\All Users\NortonInstaller
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Users\All Users\Application Data\Symantec
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Users\All Users\Application Data\NortonInstaller
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan
2012-06-07 20:59 - 2011-12-10 13:45 - 00000000 ____D C:\Users\All Users\Norton
2012-06-07 20:59 - 2011-12-10 13:45 - 00000000 ____D C:\Users\All Users\Application Data\Norton
2012-06-07 20:50 - 2012-06-07 20:50 - 00001401 ____A C:\Windows\System32\Drivers\etc\hosts.bak
2012-06-07 20:50 - 2009-07-13 21:34 - 00000054 ____N C:\Windows\System32\Drivers\etc\hosts
2012-06-07 20:30 - 2012-06-07 20:30 - 00277520 ____A C:\Windows\Minidump\060712-15646-01.dmp
2012-06-05 10:31 - 2012-06-05 10:31 - 00000607 ____A C:\Users\Elaine\Desktop\stinger - Shortcut.lnk
2012-06-05 10:24 - 2012-06-05 10:31 - 09504872 ____A (McAfee Inc.) C:\Users\Elaine\My Documents\stinger.exe
2012-06-05 10:24 - 2012-06-05 10:31 - 09504872 ____A (McAfee Inc.) C:\Users\Elaine\Documents\stinger.exe
2012-06-05 08:25 - 2011-12-13 23:52 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3591788337-4158028197-1570331696-1001Core.job
2012-06-04 12:02 - 2012-06-04 09:32 - 00000041 ____A C:\Users\Elaine\Application Data\667B93.dat
2012-06-04 12:02 - 2012-06-04 09:32 - 00000041 ____A C:\Users\Elaine\AppData\Roaming\667B93.dat
2012-06-04 09:52 - 2012-06-04 09:52 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-04 09:18 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Medical Information
2012-06-04 09:18 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Medical Information
2012-06-03 22:43 - 2012-06-03 08:13 - 00012256 ____A C:\Users\Elaine\My Documents\Drew's Graduation Party.docx
2012-06-03 22:43 - 2012-06-03 08:13 - 00012256 ____A C:\Users\Elaine\Documents\Drew's Graduation Party.docx
2012-06-03 09:10 - 2011-11-12 21:52 - 00259134 ____A C:\Users\All Users\lxeaJSW.log
2012-06-03 09:10 - 2011-11-12 21:52 - 00259134 ____A C:\Users\All Users\Application Data\lxeaJSW.log
2012-05-31 13:35 - 2012-05-31 13:10 - 00022934 ____A C:\Users\Elaine\My Documents\Grad Title 1.docx
2012-05-31 13:35 - 2012-05-31 13:10 - 00022934 ____A C:\Users\Elaine\Documents\Grad Title 1.docx
2012-05-31 13:33 - 2012-05-31 13:24 - 00034816 ____A C:\Users\Elaine\My Documents\Grad Title 2.pub
2012-05-31 13:33 - 2012-05-31 13:24 - 00034816 ____A C:\Users\Elaine\Documents\Grad Title 2.pub
2012-05-31 07:49 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Christmas 2011
2012-05-31 07:49 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Christmas 2011
2012-05-30 07:37 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Recipes
2012-05-30 07:37 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Recipes
2012-05-30 07:12 - 2012-05-30 07:12 - 00011557 ____A C:\Users\Elaine\My Documents\Wayne Neubauer.docx
2012-05-30 07:12 - 2012-05-30 07:12 - 00011557 ____A C:\Users\Elaine\Documents\Wayne Neubauer.docx
2012-05-29 13:34 - 2012-05-29 13:34 - 00103784 ____A C:\Users\Elaine\GoToAssistDownloadHelper.exe
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\Local Settings\Deployment
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\Local Settings\Citrix
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\Local Settings\Application Data\Deployment
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\Local Settings\Application Data\Citrix
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\AppData\Local\Deployment
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\AppData\Local\Citrix
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\AppData\Local\Apps\2.0
2012-05-29 13:34 - 2011-11-12 18:36 - 00000000 ____D C:\users\Elaine
2012-05-27 14:56 - 2012-05-26 08:07 - 00046592 ____A C:\Users\Elaine\My Documents\Grad Key Words.pub
2012-05-27 14:56 - 2012-05-26 08:07 - 00046592 ____A C:\Users\Elaine\Documents\Grad Key Words.pub
2012-05-27 07:31 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Michelle and Shawn
2012-05-27 07:31 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Michelle and Shawn
2012-05-26 19:47 - 2012-01-28 21:43 - 00000000 ____D C:\Users\Elaine\My Documents\ADDRESSES
2012-05-26 19:47 - 2012-01-28 21:43 - 00000000 ____D C:\Users\Elaine\Documents\ADDRESSES
2012-05-26 13:30 - 2012-05-26 13:30 - 00033280 ____A C:\Users\Elaine\My Documents\Grad Keys 2.pub
2012-05-26 13:30 - 2012-05-26 13:30 - 00033280 ____A C:\Users\Elaine\Documents\Grad Keys 2.pub
2012-05-26 11:57 - 2012-05-26 11:57 - 00277520 ____A C:\Windows\Minidump\052612-13447-01.dmp
2012-05-26 11:55 - 2012-05-26 11:55 - 00277576 ____A C:\Windows\Minidump\052612-11949-01.dmp
2012-05-23 07:20 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Class of 1960
2012-05-23 07:20 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Class of 1960
2012-05-22 08:36 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Genealogy
2012-05-22 08:36 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Genealogy
2012-05-18 09:17 - 2012-05-18 09:17 - 00277576 ____A C:\Windows\Minidump\051812-19968-01.dmp
2012-05-15 07:40 - 2011-11-12 19:18 - 00000000 ____D C:\Users\All Users\lx_Cats
2012-05-15 07:40 - 2011-11-12 19:18 - 00000000 ____D C:\Users\All Users\Application Data\lx_Cats
2012-05-13 07:48 - 2011-11-14 21:06 - 00000000 ____D C:\Users\Elaine\Local Settings\ElevatedDiagnostics
2012-05-13 07:48 - 2011-11-14 21:06 - 00000000 ____D C:\Users\Elaine\Local Settings\Application Data\ElevatedDiagnostics
2012-05-13 07:48 - 2011-11-14 21:06 - 00000000 ____D C:\Users\Elaine\AppData\Local\ElevatedDiagnostics
2012-05-12 07:13 - 2012-05-12 07:13 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-12 07:13 - 2011-11-12 18:50 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-12 03:32 - 2010-05-06 22:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-12 03:12 - 2011-11-12 19:13 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-12 03:12 - 2010-05-06 22:06 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-12 03:12 - 2010-05-06 22:06 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-05-12 03:00 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-10 22:04 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Family Stuff
2012-05-10 22:04 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Family Stuff
2012-05-09 13:25 - 2012-05-09 13:03 - 00000000 ____D C:\Users\Elaine\Local Settings\PhotoChannel
2012-05-09 13:25 - 2012-05-09 13:03 - 00000000 ____D C:\Users\Elaine\Local Settings\Application Data\PhotoChannel
2012-05-09 13:25 - 2012-05-09 13:03 - 00000000 ____D C:\Users\Elaine\AppData\Local\PhotoChannel
2012-05-07 22:34 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Shakespeare
2012-05-07 22:34 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Shakespeare
2012-05-07 22:31 - 2012-05-07 22:30 - 00088974 ____A C:\Users\Elaine\Downloads\s
2012-05-06 09:06 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Family Tree Maker
2012-05-06 09:06 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Family Tree Maker
2012-05-06 08:58 - 2011-11-12 18:36 - 00000000 ____D C:\Users\Elaine\Local Settings\VirtualStore
2012-05-06 08:58 - 2011-11-12 18:36 - 00000000 ____D C:\Users\Elaine\Local Settings\Application Data\VirtualStore
2012-05-06 08:58 - 2011-11-12 18:36 - 00000000 ____D C:\Users\Elaine\AppData\Local\VirtualStore
2012-05-06 08:43 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Birthday Menus, etc
2012-05-06 08:43 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Birthday Menus, etc
2012-05-06 07:56 - 2011-11-12 21:36 - 00000000 ____D C:\Users\Elaine\My Documents\Bagdad Cemetery
2012-05-06 07:56 - 2011-11-12 21:36 - 00000000 ____D C:\Users\Elaine\Documents\Bagdad Cemetery
2012-05-04 20:41 - 2012-04-21 09:35 - 00015247 ____A C:\Users\Elaine\My Documents\Fiesta Treasure Clues 2012.docx
2012-05-04 20:41 - 2012-04-21 09:35 - 00015247 ____A C:\Users\Elaine\Documents\Fiesta Treasure Clues 2012.docx
2012-04-30 11:05 - 2012-04-30 11:05 - 00000144 ____A C:\Users\Elaine\Desktop\suite (2).url
2012-04-28 07:54 - 2012-04-28 07:54 - 00012905 ____A C:\Users\Elaine\Desktop\untitled.png
2012-04-27 23:03 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\WMU
2012-04-27 23:03 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\WMU
2012-04-22 08:54 - 2011-12-15 17:22 - 00000431 ____A C:\Users\All Users\lxeaDiagnostics.log
2012-04-22 08:54 - 2011-12-15 17:22 - 00000431 ____A C:\Users\All Users\Application Data\lxeaDiagnostics.log
2012-04-21 19:56 - 2012-04-21 19:55 - 00277520 ____A C:\Windows\Minidump\042112-13930-01.dmp
2012-04-20 20:31 - 2011-11-12 21:36 - 00000000 ____D C:\Users\Elaine\My Documents\Bagdad Bunch
2012-04-20 20:31 - 2011-11-12 21:36 - 00000000 ____D C:\Users\Elaine\Documents\Bagdad Bunch
2012-04-20 15:37 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\BVPA
2012-04-20 15:37 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\BVPA
2012-04-17 20:41 - 2012-04-17 20:41 - 00030107 ____A C:\Users\Elaine\My Documents\Csablanca Presentation.docx
2012-04-17 20:41 - 2012-04-17 20:41 - 00030107 ____A C:\Users\Elaine\Documents\Csablanca Presentation.docx
2012-04-16 21:39 - 2012-04-16 21:34 - 00035328 ____A C:\Users\Elaine\My Documents\Bagdad Vichy Water.pub
2012-04-16 21:39 - 2012-04-16 21:34 - 00035328 ____A C:\Users\Elaine\Documents\Bagdad Vichy Water.pub
2012-04-16 21:08 - 2012-04-16 20:44 - 00036864 ____A C:\Users\Elaine\My Documents\Publication2.pub
2012-04-16 21:08 - 2012-04-16 20:44 - 00036864 ____A C:\Users\Elaine\Documents\Publication2.pub
2012-04-16 20:33 - 2012-04-16 20:33 - 00010440 ____A C:\Users\Elaine\My Documents\French Vichy Water.docx
2012-04-16 20:33 - 2012-04-16 20:33 - 00010440 ____A C:\Users\Elaine\Documents\French Vichy Water.docx
2012-04-15 16:13 - 2012-04-15 08:13 - 00029630 ____A C:\Users\Elaine\My Documents\Csablanca Movie.docx
2012-04-15 16:13 - 2012-04-15 08:13 - 00029630 ____A C:\Users\Elaine\Documents\Csablanca Movie.docx
2012-04-13 20:27 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Missions Committee
2012-04-13 20:27 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Missions Committee
2012-04-09 10:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF
2012-04-08 20:16 - 2012-04-08 20:16 - 00701805 ____A C:\Users\All Users\SPLCEEA.tmp
2012-04-08 20:16 - 2012-04-08 20:16 - 00701805 ____A C:\Users\All Users\Application Data\SPLCEEA.tmp
2012-04-05 15:04 - 2011-12-17 12:04 - 00000000 ____D C:\Program Files\Dell Support Center
2012-03-31 09:01 - 2012-03-31 09:01 - 00037888 ____A C:\Users\Elaine\My Documents\Spring Music Cards 2.pub
2012-03-31 09:01 - 2012-03-31 09:01 - 00037888 ____A C:\Users\Elaine\Documents\Spring Music Cards 2.pub
2012-03-31 09:00 - 2012-03-31 08:44 - 00035840 ____A C:\Users\Elaine\My Documents\Spring Music Cards.pub
2012-03-31 09:00 - 2012-03-31 08:44 - 00035840 ____A C:\Users\Elaine\Documents\Spring Music Cards.pub
2012-03-31 01:05 - 2012-05-11 04:08 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 23:39 - 2012-05-11 04:08 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 23:39 - 2012-05-11 04:08 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 22:10 - 2012-05-11 04:08 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 06:35 - 2012-05-11 04:07 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-28 08:44 - 2010-05-12 14:02 - 00072370 ____A C:\Users\Elaine\My Documents\Map to 5556 Michael Drive.docx
2012-03-28 08:44 - 2010-05-12 14:02 - 00072370 ____A C:\Users\Elaine\Documents\Map to 5556 Michael Drive.docx
2012-03-27 22:04 - 2012-03-27 22:04 - 00007680 __ASH C:\Users\Elaine\My Documents\Thumbs.db
2012-03-27 22:04 - 2012-03-27 22:04 - 00007680 __ASH C:\Users\Elaine\Documents\Thumbs.db
2012-03-27 00:51 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Wedding Photo Notes
2012-03-27 00:51 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Wedding Photo Notes
2012-03-20 20:44 - 2012-03-20 20:44 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 20:44 - 2012-03-20 20:44 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-17 02:58 - 2012-05-11 04:08 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys

ZeroAccess:
C:\Windows\Installer\{1d7aa739-ba01-0a21-4eb4-a8b45e1f7606}
C:\Windows\Installer\{1d7aa739-ba01-0a21-4eb4-a8b45e1f7606}\@
C:\Windows\Installer\{1d7aa739-ba01-0a21-4eb4-a8b45e1f7606}\L
C:\Windows\Installer\{1d7aa739-ba01-0a21-4eb4-a8b45e1f7606}\U
C:\Windows\Installer\{1d7aa739-ba01-0a21-4eb4-a8b45e1f7606}\U\00000001.@
C:\Windows\Installer\{1d7aa739-ba01-0a21-4eb4-a8b45e1f7606}\U\80000000.@
C:\Windows\Installer\{1d7aa739-ba01-0a21-4eb4-a8b45e1f7606}\U\800000cb.@

ZeroAccess:
C:\Users\Elaine\AppData\Local\{1d7aa739-ba01-0a21-4eb4-a8b45e1f7606}
C:\Users\Elaine\AppData\Local\{1d7aa739-ba01-0a21-4eb4-a8b45e1f7606}\@
C:\Users\Elaine\AppData\Local\{1d7aa739-ba01-0a21-4eb4-a8b45e1f7606}\L
C:\Users\Elaine\AppData\Local\{1d7aa739-ba01-0a21-4eb4-a8b45e1f7606}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3895.12 MB
Available physical RAM: 3325.78 MB
Total Pagefile: 3893.27 MB
Available Pagefile: 3314.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:243.5 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.4 GB) NTFS
4 Drive f: (WD SmartWare) (CDROM) (Total:0.65 GB) (Free:0 GB) UDF
6 Drive h: (My Book) (Fixed) (Total:930.86 GB) (Free:690.14 GB) NTFS
10 Drive l: (KINGSTON) (Removable) (Total:7.26 GB) (Free:6.45 GB) FAT32
11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 930 GB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 Online 7441 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 283 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 10 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 283 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 930 GB 1024 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 H My Book NTFS Partition 930 GB Healthy

======================================================================================================

Partitions of Disk 6:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7437 MB 4032 KB

======================================================================================================

Disk: 6
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 L KINGSTON FAT32 Removable 7437 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-29 06:44

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:26 PM

Posted 09 June 2012 - 09:27 PM

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
C:\Windows\Installer\{1d7aa739-ba01-0a21-4eb4-a8b45e1f7606}
C:\Users\Elaine\AppData\Local\{1d7aa739-ba01-0a21-4eb4-a8b45e1f7606}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Matthew32

Matthew32
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 10 June 2012 - 08:32 PM

Sorry for the delay in replying.

I ran the script and it still reboots before I can do anything in regular mode or safe mode. I re-ran FRST64 and am attaching the log. In scanning through it myself there appears to be a service that jumps out to me as bad. I could be wrong...

2 PEVSystemStart; "C:\32788R22FWJFW\pev.3XE" EXEC /i CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:15 "C:\32788R22FWJFW\KNetSvcs.vbs" [407 2012-05-20] ()

Anyway, here is the new FRST64 report. Any additional help is greatly appreciated!

Matt

Scan result of Farbar Recovery Scan Tool Version: 09-06-2012 01
Ran by SYSTEM at 10-06-2012 20:19:18
Running from L:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8158240 2009-10-06] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [166424 2009-11-24] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [390680 2009-11-24] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [410136 2009-11-24] (Intel Corporation)
HKLM\...\Run: [lxeamon.exe] "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe" [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe" [148280 2011-01-23] ()
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe" [84464 2009-07-21] ()
HKLM-x32\...\Run: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe" [606904 2011-12-12] (iolo technologies, LLC)
HKU\Elaine\...\Run: [Google Update] "C:\Users\Elaine\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-13] (Google Inc.)
HKU\Elaine\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Elaine\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4786048 2012-05-21] (SUPERAntiSpyware.com)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 97.64.209.36 97.64.168.13
Startup: C:\Users\Charles.Elaine-PC\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [457200 2009-06-02] ()
2 CinemaNow Service; C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [127352 2009-06-23] (CinemaNow, Inc.)
2 ioloFileInfoList; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [722616 2011-12-12] (iolo technologies, LLC)
2 ioloSystemService; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [722616 2011-12-12] (iolo technologies, LLC)
2 lxea_device; C:\Windows\system32\lxeacoms.exe -service [1052328 2010-04-14] ( )
2 lxea_device; C:\Windows\SysWow64\lxeacoms.exe -service [598696 2010-04-14] ( )
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 PEVSystemStart; "C:\32788R22FWJFW\pev.3XE" EXEC /i CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:15 "C:\32788R22FWJFW\KNetSvcs.vbs" [407 2012-05-20] ()
3 RoxMediaDB12; "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe" [1116656 2009-07-24] (Sonic Solutions)
2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe" [219632 2009-07-24] (Sonic Solutions)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
3 sdAuxService; C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [366840 2010-03-15] (PC Tools)
3 sdCoreService; C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [1150936 2010-11-19] (PC Tools)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

1 ElRawDisk; \??\C:\Windows\system32\drivers\ElRawDsk.sys [23464 2008-12-09] (EldoS Corporation)
0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [257232 2010-11-25] (PC Tools)
0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [452872 2010-06-29] (PC Tools)
0 pctEFA; C:\Windows\System32\drivers\pctEFA64.sys [816016 2010-07-16] (PC Tools)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-10 20:04 - 2012-05-27 19:48 - 02804712 ____A (Symantec Corporation) C:\Users\Elaine\Desktop\Norton Power Eraser.exe
2012-06-10 20:00 - 2012-05-27 19:45 - 04528653 ___RA (Swearware) C:\Users\Elaine\Desktop\iExplore.exe
2012-06-09 19:34 - 2012-06-09 19:34 - 00000020 ___SH C:\Users\Charles.Elaine-PC\ntuser.ini
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Templates
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Start Menu
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\PrintHood
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\NetHood
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\My Documents\My Videos
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\My Documents\My Pictures
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\My Documents\My Music
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\My Documents
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Local Settings\Temporary Internet Files
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Local Settings\History
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Local Settings\Application Data\Temporary Internet Files
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Local Settings\Application Data\History
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Documents\My Videos
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Documents\My Pictures
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Documents\My Music
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\AppData\Local\Temporary Internet Files
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\AppData\Local\History
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 ____D C:\Users\Charles.Elaine-PC\AppData\LocalLow
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 ____D C:\users\Charles.Elaine-PC
2012-06-09 19:34 - 2011-11-13 18:20 - 00000000 ____D C:\Users\Charles.Elaine-PC\Local Settings\Microsoft Help
2012-06-09 19:34 - 2011-11-13 18:20 - 00000000 ____D C:\Users\Charles.Elaine-PC\Local Settings\Application Data\Microsoft Help
2012-06-09 19:34 - 2011-11-13 18:20 - 00000000 ____D C:\Users\Charles.Elaine-PC\AppData\Local\Microsoft Help
2012-06-09 19:34 - 2011-11-12 21:37 - 00000000 ____D C:\Users\Charles.Elaine-PC\Local Settings\Western Digital
2012-06-09 19:34 - 2011-11-12 21:37 - 00000000 ____D C:\Users\Charles.Elaine-PC\Local Settings\Application Data\Western Digital
2012-06-09 19:34 - 2011-11-12 21:37 - 00000000 ____D C:\Users\Charles.Elaine-PC\AppData\Local\Western Digital
2012-06-09 19:34 - 2010-05-06 22:29 - 00000000 ____D C:\Users\Charles.Elaine-PC\Local Settings\SoftThinks
2012-06-09 19:34 - 2010-05-06 22:29 - 00000000 ____D C:\Users\Charles.Elaine-PC\Local Settings\Application Data\SoftThinks
2012-06-09 19:34 - 2010-05-06 22:29 - 00000000 ____D C:\Users\Charles.Elaine-PC\AppData\Local\SoftThinks
2012-06-09 19:34 - 2009-07-14 02:44 - 00000000 ____D C:\Users\Charles.Elaine-PC\Application Data\Media Center Programs
2012-06-09 19:34 - 2009-07-14 02:44 - 00000000 ____D C:\Users\Charles.Elaine-PC\AppData\Roaming\Media Center Programs
2012-06-09 16:20 - 2012-06-09 16:20 - 00000000 ____D C:\Users\Elaine\Application Data\GetRightToGo
2012-06-09 16:20 - 2012-06-09 16:20 - 00000000 ____D C:\Users\Elaine\AppData\Roaming\GetRightToGo
2012-06-09 16:10 - 2012-06-10 20:19 - 00000000 ____D C:\FRST
2012-06-09 15:54 - 2012-06-09 15:54 - 00743538 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-09 15:54 - 2012-06-09 15:54 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-09 15:54 - 2012-06-09 15:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-09 15:53 - 2012-06-09 15:54 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-09 15:50 - 2012-06-09 15:50 - 00122884 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_15.50.27_log.txt
2012-06-09 15:28 - 2012-06-09 15:28 - 00000858 ____A C:\Users\Elaine\Desktop\pcdoctor.reg
2012-06-09 15:19 - 2012-06-09 18:30 - 01948468 ____A C:\Windows\System32\Drivers\Cat.DB
2012-06-09 15:19 - 2012-06-09 15:38 - 00000000 ____D C:\Program Files (x86)\PC Tools Security
2012-06-09 15:19 - 2012-06-09 15:19 - 00002080 ____A C:\Users\Public\Desktop\Spyware Doctor.lnk
2012-06-09 15:19 - 2012-06-09 15:19 - 00002080 ____A C:\Users\All Users\Desktop\Spyware Doctor.lnk
2012-06-09 15:19 - 2012-06-09 15:19 - 00000000 ____D C:\Users\Elaine\Application Data\PC Tools
2012-06-09 15:19 - 2012-06-09 15:19 - 00000000 ____D C:\Users\Elaine\AppData\Roaming\PC Tools
2012-06-09 15:19 - 2012-06-09 15:19 - 00000000 ____D C:\Users\All Users\PC Tools
2012-06-09 15:19 - 2012-06-09 15:19 - 00000000 ____D C:\Users\All Users\Application Data\PC Tools
2012-06-09 15:19 - 2010-11-25 10:43 - 00257232 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore64.sys
2012-06-09 15:19 - 2010-11-25 10:42 - 00092896 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg64.sys
2012-06-09 15:19 - 2010-11-17 10:20 - 00331368 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi64.sys
2012-06-09 15:19 - 2010-11-17 10:20 - 00136168 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter64.sys
2012-06-09 15:19 - 2010-07-16 14:53 - 00816016 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA64.sys
2012-06-09 15:19 - 2010-06-29 10:35 - 00452872 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS64.sys
2012-06-09 14:50 - 2012-06-09 14:50 - 00000542 ____A C:\Users\Elaine\Desktop\venue3.reg
2012-06-09 14:49 - 2012-06-09 14:49 - 00000556 ____A C:\Users\Elaine\Desktop\venue2.reg
2012-06-09 14:49 - 2012-06-09 14:49 - 00000482 ____A C:\Users\Elaine\Desktop\venue.reg
2012-06-09 14:41 - 2012-06-09 14:42 - 00128202 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_14.41.44_log.txt
2012-06-09 14:37 - 2012-06-09 14:37 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-09 14:36 - 2012-06-09 14:37 - 00132436 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_14.36.29_log.txt
2012-06-09 14:35 - 2012-06-09 14:35 - 00000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 8b5b50bf-58c5-44ab-882e-8a24b8f056bc.job
2012-06-09 14:35 - 2012-06-09 14:35 - 00000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7cd39922-4a32-4112-8156-21da5e292f74.job
2012-06-09 14:35 - 2012-06-09 14:35 - 00000000 ____D C:\Users\Elaine\Application Data\SUPERAntiSpyware.com
2012-06-09 14:35 - 2012-06-09 14:35 - 00000000 ____D C:\Users\Elaine\AppData\Roaming\SUPERAntiSpyware.com
2012-06-09 14:34 - 2012-06-09 14:35 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-06-09 14:34 - 2012-06-09 14:34 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2012-06-09 14:34 - 2012-06-09 14:34 - 00001810 ____A C:\Users\All Users\Desktop\SUPERAntiSpyware Professional.lnk
2012-06-09 14:34 - 2012-06-09 14:34 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-06-09 14:34 - 2012-06-09 14:34 - 00000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com
2012-06-09 14:19 - 2012-06-09 14:34 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-09 14:19 - 2012-06-09 14:34 - 00000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy
2012-06-09 14:19 - 2012-06-09 14:21 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-09 14:19 - 2012-06-09 14:19 - 00001264 ____A C:\Users\Elaine\Desktop\Spybot - Search & Destroy.lnk
2012-06-09 14:17 - 2012-06-09 14:17 - 00270824 ____A C:\Windows\Minidump\060912-16629-01.dmp
2012-06-08 18:33 - 2012-06-08 18:33 - 00277520 ____A C:\Windows\Minidump\060812-14960-01.dmp
2012-06-08 17:52 - 2012-06-10 19:55 - 01615040 ____A C:\Windows\ntbtlog.txt
2012-06-08 17:43 - 2012-06-08 17:43 - 00270824 ____A C:\Windows\Minidump\060812-17690-01.dmp
2012-06-08 17:32 - 2012-06-08 17:32 - 00000536 ____A C:\Users\Elaine\Desktop\2.reg
2012-06-08 17:27 - 2012-06-08 17:27 - 00000320 ____A C:\Users\Elaine\Desktop\1.reg
2012-06-08 16:41 - 2012-06-08 16:41 - 00270824 ____A C:\Windows\Minidump\060812-25880-01.dmp
2012-06-08 16:34 - 2012-06-08 16:35 - 00270824 ____A C:\Windows\Minidump\060812-16364-01.dmp
2012-06-08 16:30 - 2012-06-08 16:31 - 00270824 ____A C:\Windows\Minidump\060812-17175-01.dmp
2012-06-07 21:07 - 2012-06-07 21:07 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-06-07 21:07 - 2012-06-07 21:07 - 00000000 ____D C:\Users\All Users\Application Data\Kaspersky Lab
2012-06-07 21:04 - 2012-06-07 21:04 - 00270824 ____A C:\Windows\Minidump\060712-16270-01.dmp
2012-06-07 20:59 - 2012-06-07 20:59 - 00001345 ____A C:\Users\Public\Desktop\Norton Security Scan.lnk
2012-06-07 20:59 - 2012-06-07 20:59 - 00001345 ____A C:\Users\All Users\Desktop\Norton Security Scan.lnk
2012-06-07 20:59 - 2012-06-07 20:59 - 00000450 ___AH C:\Windows\Tasks\Norton Security Scan for Elaine.job
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Windows\System32\Drivers\NSSx64
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Users\All Users\Symantec
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Users\All Users\NortonInstaller
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Users\All Users\Application Data\Symantec
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Users\All Users\Application Data\NortonInstaller
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan
2012-06-07 20:50 - 2012-06-07 20:50 - 00001401 ____A C:\Windows\System32\Drivers\etc\hosts.bak
2012-06-07 20:36 - 2012-06-09 18:34 - 00000000 ___SD C:\32788R22FWJFW
2012-06-07 20:30 - 2012-06-07 20:30 - 00277520 ____A C:\Windows\Minidump\060712-15646-01.dmp
2012-06-05 10:31 - 2012-06-05 10:31 - 00000607 ____A C:\Users\Elaine\Desktop\stinger - Shortcut.lnk
2012-06-05 10:31 - 2012-06-05 10:24 - 09504872 ____A (McAfee Inc.) C:\Users\Elaine\My Documents\stinger.exe
2012-06-05 10:31 - 2012-06-05 10:24 - 09504872 ____A (McAfee Inc.) C:\Users\Elaine\Documents\stinger.exe
2012-06-04 09:52 - 2012-06-04 09:52 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-04 09:32 - 2012-06-04 12:02 - 00000041 ____A C:\Users\Elaine\Application Data\667B93.dat
2012-06-04 09:32 - 2012-06-04 12:02 - 00000041 ____A C:\Users\Elaine\AppData\Roaming\667B93.dat
2012-06-03 08:13 - 2012-06-03 22:43 - 00012256 ____A C:\Users\Elaine\My Documents\Drew's Graduation Party.docx
2012-06-03 08:13 - 2012-06-03 22:43 - 00012256 ____A C:\Users\Elaine\Documents\Drew's Graduation Party.docx
2012-05-31 13:24 - 2012-05-31 13:33 - 00034816 ____A C:\Users\Elaine\My Documents\Grad Title 2.pub
2012-05-31 13:24 - 2012-05-31 13:33 - 00034816 ____A C:\Users\Elaine\Documents\Grad Title 2.pub
2012-05-31 13:10 - 2012-05-31 13:35 - 00022934 ____A C:\Users\Elaine\My Documents\Grad Title 1.docx
2012-05-31 13:10 - 2012-05-31 13:35 - 00022934 ____A C:\Users\Elaine\Documents\Grad Title 1.docx
2012-05-30 07:12 - 2012-05-30 07:12 - 00011557 ____A C:\Users\Elaine\My Documents\Wayne Neubauer.docx
2012-05-30 07:12 - 2012-05-30 07:12 - 00011557 ____A C:\Users\Elaine\Documents\Wayne Neubauer.docx
2012-05-29 13:34 - 2012-05-29 13:34 - 00103784 ____A C:\Users\Elaine\GoToAssistDownloadHelper.exe
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\Local Settings\Deployment
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\Local Settings\Citrix
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\Local Settings\Application Data\Deployment
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\Local Settings\Application Data\Citrix
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\AppData\Local\Deployment
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\AppData\Local\Citrix
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\AppData\Local\Apps\2.0
2012-05-26 13:30 - 2012-05-26 13:30 - 00033280 ____A C:\Users\Elaine\My Documents\Grad Keys 2.pub
2012-05-26 13:30 - 2012-05-26 13:30 - 00033280 ____A C:\Users\Elaine\Documents\Grad Keys 2.pub
2012-05-26 11:57 - 2012-05-26 11:57 - 00277520 ____A C:\Windows\Minidump\052612-13447-01.dmp
2012-05-26 11:55 - 2012-05-26 11:55 - 00277576 ____A C:\Windows\Minidump\052612-11949-01.dmp
2012-05-26 08:07 - 2012-05-27 14:56 - 00046592 ____A C:\Users\Elaine\My Documents\Grad Key Words.pub
2012-05-26 08:07 - 2012-05-27 14:56 - 00046592 ____A C:\Users\Elaine\Documents\Grad Key Words.pub
2012-05-18 09:17 - 2012-05-18 09:17 - 00277576 ____A C:\Windows\Minidump\051812-19968-01.dmp
2012-05-12 07:13 - 2012-06-09 15:09 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-12 07:13 - 2012-05-12 07:13 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-11 04:08 - 2012-03-31 01:05 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-11 04:08 - 2012-03-30 23:39 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-11 04:08 - 2012-03-30 23:39 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-11 04:08 - 2012-03-30 22:10 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-11 04:08 - 2012-03-17 02:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-11 04:08 - 2012-03-03 01:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-11 04:08 - 2012-03-03 00:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-11 04:07 - 2012-03-30 06:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

============ 3 Months Modified Files and Folders =============

2012-06-10 20:19 - 2012-06-09 16:10 - 00000000 ____D C:\FRST
2012-06-10 20:08 - 2010-05-06 22:09 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-06-10 20:06 - 2011-11-12 19:51 - 00079780 ____A C:\Users\All Users\lxeascan.log
2012-06-10 20:06 - 2011-11-12 19:51 - 00079780 ____A C:\Users\All Users\Application Data\lxeascan.log
2012-06-10 20:06 - 2011-11-12 18:36 - 00000000 ____D C:\Users\Elaine\Local Settings\SoftThinks
2012-06-10 20:06 - 2011-11-12 18:36 - 00000000 ____D C:\Users\Elaine\Local Settings\Application Data\SoftThinks
2012-06-10 20:06 - 2011-11-12 18:36 - 00000000 ____D C:\Users\Elaine\AppData\Local\SoftThinks
2012-06-10 20:05 - 2012-01-02 16:30 - 00004378 ____A C:\Windows\setupact.log
2012-06-10 20:05 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-10 19:55 - 2012-06-08 17:52 - 01615040 ____A C:\Windows\ntbtlog.txt
2012-06-09 19:34 - 2012-06-09 19:34 - 00000020 ___SH C:\Users\Charles.Elaine-PC\ntuser.ini
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Templates
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Start Menu
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\PrintHood
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\NetHood
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\My Documents\My Videos
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\My Documents\My Pictures
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\My Documents\My Music
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\My Documents
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Local Settings\Temporary Internet Files
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Local Settings\History
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Local Settings\Application Data\Temporary Internet Files
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Local Settings\Application Data\History
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Documents\My Videos
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Documents\My Pictures
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Documents\My Music
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\AppData\Local\Temporary Internet Files
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\AppData\Local\History
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 ____D C:\Users\Charles.Elaine-PC\AppData\LocalLow
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 ____D C:\users\Charles.Elaine-PC
2012-06-09 18:34 - 2012-06-07 20:36 - 00000000 ___SD C:\32788R22FWJFW
2012-06-09 18:32 - 2009-07-13 23:45 - 00453872 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-09 18:30 - 2012-06-09 15:19 - 01948468 ____A C:\Windows\System32\Drivers\Cat.DB
2012-06-09 16:33 - 2011-12-10 13:45 - 00000000 ____D C:\Users\Elaine\Local Settings\NPE
2012-06-09 16:33 - 2011-12-10 13:45 - 00000000 ____D C:\Users\Elaine\Local Settings\Application Data\NPE
2012-06-09 16:33 - 2011-12-10 13:45 - 00000000 ____D C:\Users\Elaine\AppData\Local\NPE
2012-06-09 16:20 - 2012-06-09 16:20 - 00000000 ____D C:\Users\Elaine\Application Data\GetRightToGo
2012-06-09 16:20 - 2012-06-09 16:20 - 00000000 ____D C:\Users\Elaine\AppData\Roaming\GetRightToGo
2012-06-09 16:10 - 2011-11-12 21:38 - 00000000 ____D C:\users\LogMeInRemoteUser
2012-06-09 16:10 - 2011-11-12 21:37 - 00000000 ____D C:\users\Charles
2012-06-09 15:57 - 2012-01-02 16:23 - 02022790 ____A C:\Windows\WindowsUpdate.log
2012-06-09 15:54 - 2012-06-09 15:54 - 00743538 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-09 15:54 - 2012-06-09 15:54 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-09 15:54 - 2012-06-09 15:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-09 15:54 - 2012-06-09 15:53 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-09 15:50 - 2012-06-09 15:50 - 00122884 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_15.50.27_log.txt
2012-06-09 15:47 - 2011-12-10 13:43 - 00000361 ____A C:\rkill.log
2012-06-09 15:45 - 2009-07-14 00:08 - 00032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-09 15:43 - 2009-07-13 23:45 - 00014240 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-09 15:43 - 2009-07-13 23:45 - 00014240 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-09 15:39 - 2009-07-14 00:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-09 15:38 - 2012-06-09 15:19 - 00000000 ____D C:\Program Files (x86)\PC Tools Security
2012-06-09 15:37 - 2010-05-06 22:23 - 00000000 ____D C:\Users\All Users\McAfee
2012-06-09 15:37 - 2010-05-06 22:23 - 00000000 ____D C:\Users\All Users\Application Data\McAfee
2012-06-09 15:37 - 2010-05-06 22:22 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2012-06-09 15:37 - 2010-05-06 22:22 - 00000000 ____D C:\Program Files (x86)\McAfee
2012-06-09 15:30 - 2012-01-02 16:30 - 00745778 ____A C:\Windows\PFRO.log
2012-06-09 15:28 - 2012-06-09 15:28 - 00000858 ____A C:\Users\Elaine\Desktop\pcdoctor.reg
2012-06-09 15:25 - 2011-12-13 23:52 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3591788337-4158028197-1570331696-1001UA.job
2012-06-09 15:19 - 2012-06-09 15:19 - 00002080 ____A C:\Users\Public\Desktop\Spyware Doctor.lnk
2012-06-09 15:19 - 2012-06-09 15:19 - 00002080 ____A C:\Users\All Users\Desktop\Spyware Doctor.lnk
2012-06-09 15:19 - 2012-06-09 15:19 - 00000000 ____D C:\Users\Elaine\Application Data\PC Tools
2012-06-09 15:19 - 2012-06-09 15:19 - 00000000 ____D C:\Users\Elaine\AppData\Roaming\PC Tools
2012-06-09 15:19 - 2012-06-09 15:19 - 00000000 ____D C:\Users\All Users\PC Tools
2012-06-09 15:19 - 2012-06-09 15:19 - 00000000 ____D C:\Users\All Users\Application Data\PC Tools
2012-06-09 15:19 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-06-09 15:17 - 2011-12-10 14:44 - 00000000 ____D C:\Users\Elaine\Local Settings\CrashDumps
2012-06-09 15:17 - 2011-12-10 14:44 - 00000000 ____D C:\Users\Elaine\Local Settings\Application Data\CrashDumps
2012-06-09 15:17 - 2011-12-10 14:44 - 00000000 ____D C:\Users\Elaine\AppData\Local\CrashDumps
2012-06-09 15:09 - 2012-05-12 07:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-09 14:50 - 2012-06-09 14:50 - 00000542 ____A C:\Users\Elaine\Desktop\venue3.reg
2012-06-09 14:49 - 2012-06-09 14:49 - 00000556 ____A C:\Users\Elaine\Desktop\venue2.reg
2012-06-09 14:49 - 2012-06-09 14:49 - 00000482 ____A C:\Users\Elaine\Desktop\venue.reg
2012-06-09 14:42 - 2012-06-09 14:41 - 00128202 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_14.41.44_log.txt
2012-06-09 14:37 - 2012-06-09 14:37 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-09 14:37 - 2012-06-09 14:36 - 00132436 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_14.36.29_log.txt
2012-06-09 14:35 - 2012-06-09 14:35 - 00000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 8b5b50bf-58c5-44ab-882e-8a24b8f056bc.job
2012-06-09 14:35 - 2012-06-09 14:35 - 00000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7cd39922-4a32-4112-8156-21da5e292f74.job
2012-06-09 14:35 - 2012-06-09 14:35 - 00000000 ____D C:\Users\Elaine\Application Data\SUPERAntiSpyware.com
2012-06-09 14:35 - 2012-06-09 14:35 - 00000000 ____D C:\Users\Elaine\AppData\Roaming\SUPERAntiSpyware.com
2012-06-09 14:35 - 2012-06-09 14:34 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-06-09 14:34 - 2012-06-09 14:34 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2012-06-09 14:34 - 2012-06-09 14:34 - 00001810 ____A C:\Users\All Users\Desktop\SUPERAntiSpyware Professional.lnk
2012-06-09 14:34 - 2012-06-09 14:34 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-06-09 14:34 - 2012-06-09 14:34 - 00000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com
2012-06-09 14:34 - 2012-06-09 14:19 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-09 14:34 - 2012-06-09 14:19 - 00000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy
2012-06-09 14:21 - 2012-06-09 14:19 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-09 14:19 - 2012-06-09 14:19 - 00001264 ____A C:\Users\Elaine\Desktop\Spybot - Search & Destroy.lnk
2012-06-09 14:17 - 2012-06-09 14:17 - 00270824 ____A C:\Windows\Minidump\060912-16629-01.dmp
2012-06-09 14:17 - 2011-11-14 09:25 - 00000000 ____D C:\Windows\Minidump
2012-06-09 14:16 - 2012-01-10 11:10 - 326795659 ____A C:\Windows\MEMORY.DMP
2012-06-08 18:33 - 2012-06-08 18:33 - 00277520 ____A C:\Windows\Minidump\060812-14960-01.dmp
2012-06-08 17:43 - 2012-06-08 17:43 - 00270824 ____A C:\Windows\Minidump\060812-17690-01.dmp
2012-06-08 17:32 - 2012-06-08 17:32 - 00000536 ____A C:\Users\Elaine\Desktop\2.reg
2012-06-08 17:27 - 2012-06-08 17:27 - 00000320 ____A C:\Users\Elaine\Desktop\1.reg
2012-06-08 16:41 - 2012-06-08 16:41 - 00270824 ____A C:\Windows\Minidump\060812-25880-01.dmp
2012-06-08 16:35 - 2012-06-08 16:34 - 00270824 ____A C:\Windows\Minidump\060812-16364-01.dmp
2012-06-08 16:31 - 2012-06-08 16:30 - 00270824 ____A C:\Windows\Minidump\060812-17175-01.dmp
2012-06-07 21:44 - 2011-11-12 21:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-07 21:07 - 2012-06-07 21:07 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-06-07 21:07 - 2012-06-07 21:07 - 00000000 ____D C:\Users\All Users\Application Data\Kaspersky Lab
2012-06-07 21:04 - 2012-06-07 21:04 - 00270824 ____A C:\Windows\Minidump\060712-16270-01.dmp
2012-06-07 20:59 - 2012-06-07 20:59 - 00001345 ____A C:\Users\Public\Desktop\Norton Security Scan.lnk
2012-06-07 20:59 - 2012-06-07 20:59 - 00001345 ____A C:\Users\All Users\Desktop\Norton Security Scan.lnk
2012-06-07 20:59 - 2012-06-07 20:59 - 00000450 ___AH C:\Windows\Tasks\Norton Security Scan for Elaine.job
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Windows\System32\Drivers\NSSx64
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Users\All Users\Symantec
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Users\All Users\NortonInstaller
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Users\All Users\Application Data\Symantec
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Users\All Users\Application Data\NortonInstaller
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan
2012-06-07 20:59 - 2011-12-10 13:45 - 00000000 ____D C:\Users\All Users\Norton
2012-06-07 20:59 - 2011-12-10 13:45 - 00000000 ____D C:\Users\All Users\Application Data\Norton
2012-06-07 20:50 - 2012-06-07 20:50 - 00001401 ____A C:\Windows\System32\Drivers\etc\hosts.bak
2012-06-07 20:50 - 2009-07-13 21:34 - 00000054 ____N C:\Windows\System32\Drivers\etc\hosts
2012-06-07 20:30 - 2012-06-07 20:30 - 00277520 ____A C:\Windows\Minidump\060712-15646-01.dmp
2012-06-05 10:31 - 2012-06-05 10:31 - 00000607 ____A C:\Users\Elaine\Desktop\stinger - Shortcut.lnk
2012-06-05 10:24 - 2012-06-05 10:31 - 09504872 ____A (McAfee Inc.) C:\Users\Elaine\My Documents\stinger.exe
2012-06-05 10:24 - 2012-06-05 10:31 - 09504872 ____A (McAfee Inc.) C:\Users\Elaine\Documents\stinger.exe
2012-06-05 08:25 - 2011-12-13 23:52 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3591788337-4158028197-1570331696-1001Core.job
2012-06-04 12:02 - 2012-06-04 09:32 - 00000041 ____A C:\Users\Elaine\Application Data\667B93.dat
2012-06-04 12:02 - 2012-06-04 09:32 - 00000041 ____A C:\Users\Elaine\AppData\Roaming\667B93.dat
2012-06-04 09:52 - 2012-06-04 09:52 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-04 09:18 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Medical Information
2012-06-04 09:18 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Medical Information
2012-06-03 22:43 - 2012-06-03 08:13 - 00012256 ____A C:\Users\Elaine\My Documents\Drew's Graduation Party.docx
2012-06-03 22:43 - 2012-06-03 08:13 - 00012256 ____A C:\Users\Elaine\Documents\Drew's Graduation Party.docx
2012-06-03 09:10 - 2011-11-12 21:52 - 00259134 ____A C:\Users\All Users\lxeaJSW.log
2012-06-03 09:10 - 2011-11-12 21:52 - 00259134 ____A C:\Users\All Users\Application Data\lxeaJSW.log
2012-05-31 13:35 - 2012-05-31 13:10 - 00022934 ____A C:\Users\Elaine\My Documents\Grad Title 1.docx
2012-05-31 13:35 - 2012-05-31 13:10 - 00022934 ____A C:\Users\Elaine\Documents\Grad Title 1.docx
2012-05-31 13:33 - 2012-05-31 13:24 - 00034816 ____A C:\Users\Elaine\My Documents\Grad Title 2.pub
2012-05-31 13:33 - 2012-05-31 13:24 - 00034816 ____A C:\Users\Elaine\Documents\Grad Title 2.pub
2012-05-31 07:49 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Christmas 2011
2012-05-31 07:49 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Christmas 2011
2012-05-30 07:37 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Recipes
2012-05-30 07:37 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Recipes
2012-05-30 07:12 - 2012-05-30 07:12 - 00011557 ____A C:\Users\Elaine\My Documents\Wayne Neubauer.docx
2012-05-30 07:12 - 2012-05-30 07:12 - 00011557 ____A C:\Users\Elaine\Documents\Wayne Neubauer.docx
2012-05-29 13:34 - 2012-05-29 13:34 - 00103784 ____A C:\Users\Elaine\GoToAssistDownloadHelper.exe
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\Local Settings\Deployment
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\Local Settings\Citrix
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\Local Settings\Application Data\Deployment
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\Local Settings\Application Data\Citrix
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\AppData\Local\Deployment
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\AppData\Local\Citrix
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\AppData\Local\Apps\2.0
2012-05-29 13:34 - 2011-11-12 18:36 - 00000000 ____D C:\users\Elaine
2012-05-27 19:48 - 2012-06-10 20:04 - 02804712 ____A (Symantec Corporation) C:\Users\Elaine\Desktop\Norton Power Eraser.exe
2012-05-27 19:45 - 2012-06-10 20:00 - 04528653 ___RA (Swearware) C:\Users\Elaine\Desktop\iExplore.exe
2012-05-27 14:56 - 2012-05-26 08:07 - 00046592 ____A C:\Users\Elaine\My Documents\Grad Key Words.pub
2012-05-27 14:56 - 2012-05-26 08:07 - 00046592 ____A C:\Users\Elaine\Documents\Grad Key Words.pub
2012-05-27 07:31 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Michelle and Shawn
2012-05-27 07:31 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Michelle and Shawn
2012-05-26 19:47 - 2012-01-28 21:43 - 00000000 ____D C:\Users\Elaine\My Documents\ADDRESSES
2012-05-26 19:47 - 2012-01-28 21:43 - 00000000 ____D C:\Users\Elaine\Documents\ADDRESSES
2012-05-26 13:30 - 2012-05-26 13:30 - 00033280 ____A C:\Users\Elaine\My Documents\Grad Keys 2.pub
2012-05-26 13:30 - 2012-05-26 13:30 - 00033280 ____A C:\Users\Elaine\Documents\Grad Keys 2.pub
2012-05-26 11:57 - 2012-05-26 11:57 - 00277520 ____A C:\Windows\Minidump\052612-13447-01.dmp
2012-05-26 11:55 - 2012-05-26 11:55 - 00277576 ____A C:\Windows\Minidump\052612-11949-01.dmp
2012-05-23 07:20 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Class of 1960
2012-05-23 07:20 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Class of 1960
2012-05-22 08:36 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Genealogy
2012-05-22 08:36 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Genealogy
2012-05-18 09:17 - 2012-05-18 09:17 - 00277576 ____A C:\Windows\Minidump\051812-19968-01.dmp
2012-05-15 07:40 - 2011-11-12 19:18 - 00000000 ____D C:\Users\All Users\lx_Cats
2012-05-15 07:40 - 2011-11-12 19:18 - 00000000 ____D C:\Users\All Users\Application Data\lx_Cats
2012-05-13 07:48 - 2011-11-14 21:06 - 00000000 ____D C:\Users\Elaine\Local Settings\ElevatedDiagnostics
2012-05-13 07:48 - 2011-11-14 21:06 - 00000000 ____D C:\Users\Elaine\Local Settings\Application Data\ElevatedDiagnostics
2012-05-13 07:48 - 2011-11-14 21:06 - 00000000 ____D C:\Users\Elaine\AppData\Local\ElevatedDiagnostics
2012-05-12 07:13 - 2012-05-12 07:13 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-12 07:13 - 2011-11-12 18:50 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-12 03:32 - 2010-05-06 22:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-12 03:12 - 2011-11-12 19:13 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-12 03:12 - 2010-05-06 22:06 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-12 03:12 - 2010-05-06 22:06 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-05-12 03:00 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-10 22:04 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Family Stuff
2012-05-10 22:04 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Family Stuff
2012-05-09 13:25 - 2012-05-09 13:03 - 00000000 ____D C:\Users\Elaine\Local Settings\PhotoChannel
2012-05-09 13:25 - 2012-05-09 13:03 - 00000000 ____D C:\Users\Elaine\Local Settings\Application Data\PhotoChannel
2012-05-09 13:25 - 2012-05-09 13:03 - 00000000 ____D C:\Users\Elaine\AppData\Local\PhotoChannel
2012-05-07 22:34 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Shakespeare
2012-05-07 22:34 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Shakespeare
2012-05-07 22:31 - 2012-05-07 22:30 - 00088974 ____A C:\Users\Elaine\Downloads\s
2012-05-06 09:06 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Family Tree Maker
2012-05-06 09:06 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Family Tree Maker
2012-05-06 08:58 - 2011-11-12 18:36 - 00000000 ____D C:\Users\Elaine\Local Settings\VirtualStore
2012-05-06 08:58 - 2011-11-12 18:36 - 00000000 ____D C:\Users\Elaine\Local Settings\Application Data\VirtualStore
2012-05-06 08:58 - 2011-11-12 18:36 - 00000000 ____D C:\Users\Elaine\AppData\Local\VirtualStore
2012-05-06 08:43 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Birthday Menus, etc
2012-05-06 08:43 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Birthday Menus, etc
2012-05-06 07:56 - 2011-11-12 21:36 - 00000000 ____D C:\Users\Elaine\My Documents\Bagdad Cemetery
2012-05-06 07:56 - 2011-11-12 21:36 - 00000000 ____D C:\Users\Elaine\Documents\Bagdad Cemetery
2012-05-04 20:41 - 2012-04-21 09:35 - 00015247 ____A C:\Users\Elaine\My Documents\Fiesta Treasure Clues 2012.docx
2012-05-04 20:41 - 2012-04-21 09:35 - 00015247 ____A C:\Users\Elaine\Documents\Fiesta Treasure Clues 2012.docx
2012-04-30 11:05 - 2012-04-30 11:05 - 00000144 ____A C:\Users\Elaine\Desktop\suite (2).url
2012-04-28 07:54 - 2012-04-28 07:54 - 00012905 ____A C:\Users\Elaine\Desktop\untitled.png
2012-04-27 23:03 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\WMU
2012-04-27 23:03 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\WMU
2012-04-22 08:54 - 2011-12-15 17:22 - 00000431 ____A C:\Users\All Users\lxeaDiagnostics.log
2012-04-22 08:54 - 2011-12-15 17:22 - 00000431 ____A C:\Users\All Users\Application Data\lxeaDiagnostics.log
2012-04-21 19:56 - 2012-04-21 19:55 - 00277520 ____A C:\Windows\Minidump\042112-13930-01.dmp
2012-04-20 20:31 - 2011-11-12 21:36 - 00000000 ____D C:\Users\Elaine\My Documents\Bagdad Bunch
2012-04-20 20:31 - 2011-11-12 21:36 - 00000000 ____D C:\Users\Elaine\Documents\Bagdad Bunch
2012-04-20 15:37 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\BVPA
2012-04-20 15:37 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\BVPA
2012-04-17 20:41 - 2012-04-17 20:41 - 00030107 ____A C:\Users\Elaine\My Documents\Csablanca Presentation.docx
2012-04-17 20:41 - 2012-04-17 20:41 - 00030107 ____A C:\Users\Elaine\Documents\Csablanca Presentation.docx
2012-04-16 21:39 - 2012-04-16 21:34 - 00035328 ____A C:\Users\Elaine\My Documents\Bagdad Vichy Water.pub
2012-04-16 21:39 - 2012-04-16 21:34 - 00035328 ____A C:\Users\Elaine\Documents\Bagdad Vichy Water.pub
2012-04-16 21:08 - 2012-04-16 20:44 - 00036864 ____A C:\Users\Elaine\My Documents\Publication2.pub
2012-04-16 21:08 - 2012-04-16 20:44 - 00036864 ____A C:\Users\Elaine\Documents\Publication2.pub
2012-04-16 20:33 - 2012-04-16 20:33 - 00010440 ____A C:\Users\Elaine\My Documents\French Vichy Water.docx
2012-04-16 20:33 - 2012-04-16 20:33 - 00010440 ____A C:\Users\Elaine\Documents\French Vichy Water.docx
2012-04-15 16:13 - 2012-04-15 08:13 - 00029630 ____A C:\Users\Elaine\My Documents\Csablanca Movie.docx
2012-04-15 16:13 - 2012-04-15 08:13 - 00029630 ____A C:\Users\Elaine\Documents\Csablanca Movie.docx
2012-04-13 20:27 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Missions Committee
2012-04-13 20:27 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Missions Committee
2012-04-09 10:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF
2012-04-08 20:16 - 2012-04-08 20:16 - 00701805 ____A C:\Users\All Users\SPLCEEA.tmp
2012-04-08 20:16 - 2012-04-08 20:16 - 00701805 ____A C:\Users\All Users\Application Data\SPLCEEA.tmp
2012-04-05 15:04 - 2011-12-17 12:04 - 00000000 ____D C:\Program Files\Dell Support Center
2012-03-31 09:01 - 2012-03-31 09:01 - 00037888 ____A C:\Users\Elaine\My Documents\Spring Music Cards 2.pub
2012-03-31 09:01 - 2012-03-31 09:01 - 00037888 ____A C:\Users\Elaine\Documents\Spring Music Cards 2.pub
2012-03-31 09:00 - 2012-03-31 08:44 - 00035840 ____A C:\Users\Elaine\My Documents\Spring Music Cards.pub
2012-03-31 09:00 - 2012-03-31 08:44 - 00035840 ____A C:\Users\Elaine\Documents\Spring Music Cards.pub
2012-03-31 01:05 - 2012-05-11 04:08 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 23:39 - 2012-05-11 04:08 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 23:39 - 2012-05-11 04:08 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 22:10 - 2012-05-11 04:08 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 06:35 - 2012-05-11 04:07 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-28 08:44 - 2010-05-12 14:02 - 00072370 ____A C:\Users\Elaine\My Documents\Map to 5556 Michael Drive.docx
2012-03-28 08:44 - 2010-05-12 14:02 - 00072370 ____A C:\Users\Elaine\Documents\Map to 5556 Michael Drive.docx
2012-03-27 22:04 - 2012-03-27 22:04 - 00007680 __ASH C:\Users\Elaine\My Documents\Thumbs.db
2012-03-27 22:04 - 2012-03-27 22:04 - 00007680 __ASH C:\Users\Elaine\Documents\Thumbs.db
2012-03-27 00:51 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Wedding Photo Notes
2012-03-27 00:51 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Wedding Photo Notes
2012-03-20 20:44 - 2012-03-20 20:44 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 20:44 - 2012-03-20 20:44 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-17 02:58 - 2012-05-11 04:08 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3895.12 MB
Available physical RAM: 3325.33 MB
Total Pagefile: 3893.27 MB
Available Pagefile: 3313.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:243.47 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.4 GB) NTFS
4 Drive f: (WD SmartWare) (CDROM) (Total:0.65 GB) (Free:0 GB) UDF
6 Drive h: (My Book) (Fixed) (Total:930.86 GB) (Free:690.14 GB) NTFS
10 Drive l: (KINGSTON) (Removable) (Total:7.26 GB) (Free:6.45 GB) FAT32
11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 930 GB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 Online 7441 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 283 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 10 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 283 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 930 GB 1024 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 H My Book NTFS Partition 930 GB Healthy

======================================================================================================

Partitions of Disk 6:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7437 MB 4032 KB

======================================================================================================

Disk: 6
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 L KINGSTON FAT32 Removable 7437 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-29 06:44

======================= End Of Log ==========================

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:26 PM

Posted 10 June 2012 - 08:46 PM

Hi,

That service belongs to comboFix, but we can remove it in case there is interference


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
2 PEVSystemStart; "C:\32788R22FWJFW\pev.3XE" EXEC /i CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:15 "C:\32788R22FWJFW\KNetSvcs.vbs" [407 2012-05-20] ()
cmd: bootrec /FixMbr
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


if it boots this time, run ComboFix

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Matthew32

Matthew32
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 13 June 2012 - 03:59 PM

Ran the script.
Rebooted to Normal Mode and it rebooted again. Says System recovered from an error and will reboot in 1 minute.

Here is a new FRST64 log.

Scan result of Farbar Recovery Scan Tool Version: 09-06-2012 01
Ran by SYSTEM at 13-06-2012 15:51:28
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8158240 2009-10-06] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [166424 2009-11-24] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [390680 2009-11-24] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [410136 2009-11-24] (Intel Corporation)
HKLM\...\Run: [lxeamon.exe] "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe" [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe" [148280 2011-01-23] ()
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe" [84464 2009-07-21] ()
HKLM-x32\...\Run: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe" [606904 2011-12-12] (iolo technologies, LLC)
HKU\Elaine\...\Run: [Google Update] "C:\Users\Elaine\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-13] (Google Inc.)
HKU\Elaine\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Elaine\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4786048 2012-05-21] (SUPERAntiSpyware.com)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 97.64.209.36 97.64.168.13
Startup: C:\Users\Charles.Elaine-PC\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [457200 2009-06-02] ()
2 CinemaNow Service; C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [127352 2009-06-23] (CinemaNow, Inc.)
2 ioloFileInfoList; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [722616 2011-12-12] (iolo technologies, LLC)
2 ioloSystemService; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [722616 2011-12-12] (iolo technologies, LLC)
2 lxea_device; C:\Windows\system32\lxeacoms.exe -service [1052328 2010-04-14] ( )
2 lxea_device; C:\Windows\SysWow64\lxeacoms.exe -service [598696 2010-04-14] ( )
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
3 RoxMediaDB12; "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe" [1116656 2009-07-24] (Sonic Solutions)
2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe" [219632 2009-07-24] (Sonic Solutions)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
3 sdAuxService; C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [366840 2010-03-15] (PC Tools)
3 sdCoreService; C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [1150936 2010-11-19] (PC Tools)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

1 ElRawDisk; \??\C:\Windows\system32\drivers\ElRawDsk.sys [23464 2008-12-09] (EldoS Corporation)
0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [257232 2010-11-25] (PC Tools)
0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [452872 2010-06-29] (PC Tools)
0 pctEFA; C:\Windows\System32\drivers\pctEFA64.sys [816016 2010-07-16] (PC Tools)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-10 20:00 - 2012-05-27 19:45 - 04528653 ___RA (Swearware) C:\Users\Elaine\Desktop\iExplore.exe
2012-06-09 19:34 - 2012-06-09 19:34 - 00000020 ___SH C:\Users\Charles.Elaine-PC\ntuser.ini
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Templates
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Start Menu
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\PrintHood
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\NetHood
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\My Documents\My Videos
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\My Documents\My Pictures
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\My Documents\My Music
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\My Documents
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Local Settings\Temporary Internet Files
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Local Settings\History
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Local Settings\Application Data\Temporary Internet Files
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Local Settings\Application Data\History
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Documents\My Videos
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Documents\My Pictures
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Documents\My Music
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\AppData\Local\Temporary Internet Files
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\AppData\Local\History
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 ____D C:\Users\Charles.Elaine-PC\AppData\LocalLow
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 ____D C:\users\Charles.Elaine-PC
2012-06-09 19:34 - 2011-11-13 18:20 - 00000000 ____D C:\Users\Charles.Elaine-PC\Local Settings\Microsoft Help
2012-06-09 19:34 - 2011-11-13 18:20 - 00000000 ____D C:\Users\Charles.Elaine-PC\Local Settings\Application Data\Microsoft Help
2012-06-09 19:34 - 2011-11-13 18:20 - 00000000 ____D C:\Users\Charles.Elaine-PC\AppData\Local\Microsoft Help
2012-06-09 19:34 - 2011-11-12 21:37 - 00000000 ____D C:\Users\Charles.Elaine-PC\Local Settings\Western Digital
2012-06-09 19:34 - 2011-11-12 21:37 - 00000000 ____D C:\Users\Charles.Elaine-PC\Local Settings\Application Data\Western Digital
2012-06-09 19:34 - 2011-11-12 21:37 - 00000000 ____D C:\Users\Charles.Elaine-PC\AppData\Local\Western Digital
2012-06-09 19:34 - 2010-05-06 22:29 - 00000000 ____D C:\Users\Charles.Elaine-PC\Local Settings\SoftThinks
2012-06-09 19:34 - 2010-05-06 22:29 - 00000000 ____D C:\Users\Charles.Elaine-PC\Local Settings\Application Data\SoftThinks
2012-06-09 19:34 - 2010-05-06 22:29 - 00000000 ____D C:\Users\Charles.Elaine-PC\AppData\Local\SoftThinks
2012-06-09 19:34 - 2009-07-14 02:44 - 00000000 ____D C:\Users\Charles.Elaine-PC\Application Data\Media Center Programs
2012-06-09 19:34 - 2009-07-14 02:44 - 00000000 ____D C:\Users\Charles.Elaine-PC\AppData\Roaming\Media Center Programs
2012-06-09 16:20 - 2012-06-09 16:20 - 00000000 ____D C:\Users\Elaine\Application Data\GetRightToGo
2012-06-09 16:20 - 2012-06-09 16:20 - 00000000 ____D C:\Users\Elaine\AppData\Roaming\GetRightToGo
2012-06-09 16:10 - 2012-06-13 15:51 - 00000000 ____D C:\FRST
2012-06-09 15:54 - 2012-06-09 15:54 - 00743538 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-09 15:54 - 2012-06-09 15:54 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-09 15:54 - 2012-06-09 15:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-09 15:53 - 2012-06-09 15:54 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-09 15:50 - 2012-06-09 15:50 - 00122884 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_15.50.27_log.txt
2012-06-09 15:28 - 2012-06-09 15:28 - 00000858 ____A C:\Users\Elaine\Desktop\pcdoctor.reg
2012-06-09 15:19 - 2012-06-09 18:30 - 01948468 ____A C:\Windows\System32\Drivers\Cat.DB
2012-06-09 15:19 - 2012-06-09 15:38 - 00000000 ____D C:\Program Files (x86)\PC Tools Security
2012-06-09 15:19 - 2012-06-09 15:19 - 00002080 ____A C:\Users\Public\Desktop\Spyware Doctor.lnk
2012-06-09 15:19 - 2012-06-09 15:19 - 00002080 ____A C:\Users\All Users\Desktop\Spyware Doctor.lnk
2012-06-09 15:19 - 2012-06-09 15:19 - 00000000 ____D C:\Users\Elaine\Application Data\PC Tools
2012-06-09 15:19 - 2012-06-09 15:19 - 00000000 ____D C:\Users\Elaine\AppData\Roaming\PC Tools
2012-06-09 15:19 - 2012-06-09 15:19 - 00000000 ____D C:\Users\All Users\PC Tools
2012-06-09 15:19 - 2012-06-09 15:19 - 00000000 ____D C:\Users\All Users\Application Data\PC Tools
2012-06-09 15:19 - 2010-11-25 10:43 - 00257232 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore64.sys
2012-06-09 15:19 - 2010-11-25 10:42 - 00092896 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg64.sys
2012-06-09 15:19 - 2010-11-17 10:20 - 00331368 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi64.sys
2012-06-09 15:19 - 2010-11-17 10:20 - 00136168 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter64.sys
2012-06-09 15:19 - 2010-07-16 14:53 - 00816016 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA64.sys
2012-06-09 15:19 - 2010-06-29 10:35 - 00452872 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS64.sys
2012-06-09 14:50 - 2012-06-09 14:50 - 00000542 ____A C:\Users\Elaine\Desktop\venue3.reg
2012-06-09 14:49 - 2012-06-09 14:49 - 00000556 ____A C:\Users\Elaine\Desktop\venue2.reg
2012-06-09 14:49 - 2012-06-09 14:49 - 00000482 ____A C:\Users\Elaine\Desktop\venue.reg
2012-06-09 14:41 - 2012-06-09 14:42 - 00128202 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_14.41.44_log.txt
2012-06-09 14:37 - 2012-06-09 14:37 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-09 14:36 - 2012-06-09 14:37 - 00132436 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_14.36.29_log.txt
2012-06-09 14:35 - 2012-06-09 14:35 - 00000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 8b5b50bf-58c5-44ab-882e-8a24b8f056bc.job
2012-06-09 14:35 - 2012-06-09 14:35 - 00000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7cd39922-4a32-4112-8156-21da5e292f74.job
2012-06-09 14:35 - 2012-06-09 14:35 - 00000000 ____D C:\Users\Elaine\Application Data\SUPERAntiSpyware.com
2012-06-09 14:35 - 2012-06-09 14:35 - 00000000 ____D C:\Users\Elaine\AppData\Roaming\SUPERAntiSpyware.com
2012-06-09 14:34 - 2012-06-09 14:35 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-06-09 14:34 - 2012-06-09 14:34 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2012-06-09 14:34 - 2012-06-09 14:34 - 00001810 ____A C:\Users\All Users\Desktop\SUPERAntiSpyware Professional.lnk
2012-06-09 14:34 - 2012-06-09 14:34 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-06-09 14:34 - 2012-06-09 14:34 - 00000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com
2012-06-09 14:19 - 2012-06-09 14:34 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-09 14:19 - 2012-06-09 14:34 - 00000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy
2012-06-09 14:19 - 2012-06-09 14:21 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-09 14:19 - 2012-06-09 14:19 - 00001264 ____A C:\Users\Elaine\Desktop\Spybot - Search & Destroy.lnk
2012-06-09 14:17 - 2012-06-09 14:17 - 00270824 ____A C:\Windows\Minidump\060912-16629-01.dmp
2012-06-08 18:33 - 2012-06-08 18:33 - 00277520 ____A C:\Windows\Minidump\060812-14960-01.dmp
2012-06-08 17:52 - 2012-06-10 19:55 - 01615040 ____A C:\Windows\ntbtlog.txt
2012-06-08 17:43 - 2012-06-08 17:43 - 00270824 ____A C:\Windows\Minidump\060812-17690-01.dmp
2012-06-08 17:32 - 2012-06-08 17:32 - 00000536 ____A C:\Users\Elaine\Desktop\2.reg
2012-06-08 17:27 - 2012-06-08 17:27 - 00000320 ____A C:\Users\Elaine\Desktop\1.reg
2012-06-08 16:41 - 2012-06-08 16:41 - 00270824 ____A C:\Windows\Minidump\060812-25880-01.dmp
2012-06-08 16:34 - 2012-06-08 16:35 - 00270824 ____A C:\Windows\Minidump\060812-16364-01.dmp
2012-06-08 16:30 - 2012-06-08 16:31 - 00270824 ____A C:\Windows\Minidump\060812-17175-01.dmp
2012-06-07 21:07 - 2012-06-07 21:07 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-06-07 21:07 - 2012-06-07 21:07 - 00000000 ____D C:\Users\All Users\Application Data\Kaspersky Lab
2012-06-07 21:04 - 2012-06-07 21:04 - 00270824 ____A C:\Windows\Minidump\060712-16270-01.dmp
2012-06-07 20:59 - 2012-06-07 20:59 - 00001345 ____A C:\Users\Public\Desktop\Norton Security Scan.lnk
2012-06-07 20:59 - 2012-06-07 20:59 - 00001345 ____A C:\Users\All Users\Desktop\Norton Security Scan.lnk
2012-06-07 20:59 - 2012-06-07 20:59 - 00000450 ___AH C:\Windows\Tasks\Norton Security Scan for Elaine.job
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Windows\System32\Drivers\NSSx64
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Users\All Users\Symantec
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Users\All Users\NortonInstaller
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Users\All Users\Application Data\Symantec
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Users\All Users\Application Data\NortonInstaller
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan
2012-06-07 20:50 - 2012-06-07 20:50 - 00001401 ____A C:\Windows\System32\Drivers\etc\hosts.bak
2012-06-07 20:36 - 2012-06-09 18:34 - 00000000 ___SD C:\32788R22FWJFW
2012-06-07 20:30 - 2012-06-07 20:30 - 00277520 ____A C:\Windows\Minidump\060712-15646-01.dmp
2012-06-05 10:31 - 2012-06-05 10:31 - 00000607 ____A C:\Users\Elaine\Desktop\stinger - Shortcut.lnk
2012-06-05 10:31 - 2012-06-05 10:24 - 09504872 ____A (McAfee Inc.) C:\Users\Elaine\My Documents\stinger.exe
2012-06-05 10:31 - 2012-06-05 10:24 - 09504872 ____A (McAfee Inc.) C:\Users\Elaine\Documents\stinger.exe
2012-06-04 09:52 - 2012-06-04 09:52 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-04 09:32 - 2012-06-04 12:02 - 00000041 ____A C:\Users\Elaine\Application Data\667B93.dat
2012-06-04 09:32 - 2012-06-04 12:02 - 00000041 ____A C:\Users\Elaine\AppData\Roaming\667B93.dat
2012-06-03 08:13 - 2012-06-03 22:43 - 00012256 ____A C:\Users\Elaine\My Documents\Drew's Graduation Party.docx
2012-06-03 08:13 - 2012-06-03 22:43 - 00012256 ____A C:\Users\Elaine\Documents\Drew's Graduation Party.docx
2012-05-31 13:24 - 2012-05-31 13:33 - 00034816 ____A C:\Users\Elaine\My Documents\Grad Title 2.pub
2012-05-31 13:24 - 2012-05-31 13:33 - 00034816 ____A C:\Users\Elaine\Documents\Grad Title 2.pub
2012-05-31 13:10 - 2012-05-31 13:35 - 00022934 ____A C:\Users\Elaine\My Documents\Grad Title 1.docx
2012-05-31 13:10 - 2012-05-31 13:35 - 00022934 ____A C:\Users\Elaine\Documents\Grad Title 1.docx
2012-05-30 07:12 - 2012-05-30 07:12 - 00011557 ____A C:\Users\Elaine\My Documents\Wayne Neubauer.docx
2012-05-30 07:12 - 2012-05-30 07:12 - 00011557 ____A C:\Users\Elaine\Documents\Wayne Neubauer.docx
2012-05-29 13:34 - 2012-05-29 13:34 - 00103784 ____A C:\Users\Elaine\GoToAssistDownloadHelper.exe
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\Local Settings\Deployment
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\Local Settings\Citrix
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\Local Settings\Application Data\Deployment
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\Local Settings\Application Data\Citrix
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\AppData\Local\Deployment
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\AppData\Local\Citrix
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\AppData\Local\Apps\2.0
2012-05-26 13:30 - 2012-05-26 13:30 - 00033280 ____A C:\Users\Elaine\My Documents\Grad Keys 2.pub
2012-05-26 13:30 - 2012-05-26 13:30 - 00033280 ____A C:\Users\Elaine\Documents\Grad Keys 2.pub
2012-05-26 11:57 - 2012-05-26 11:57 - 00277520 ____A C:\Windows\Minidump\052612-13447-01.dmp
2012-05-26 11:55 - 2012-05-26 11:55 - 00277576 ____A C:\Windows\Minidump\052612-11949-01.dmp
2012-05-26 08:07 - 2012-05-27 14:56 - 00046592 ____A C:\Users\Elaine\My Documents\Grad Key Words.pub
2012-05-26 08:07 - 2012-05-27 14:56 - 00046592 ____A C:\Users\Elaine\Documents\Grad Key Words.pub
2012-05-18 09:17 - 2012-05-18 09:17 - 00277576 ____A C:\Windows\Minidump\051812-19968-01.dmp


============ 3 Months Modified Files and Folders =============

2012-06-13 15:51 - 2012-06-09 16:10 - 00000000 ____D C:\FRST
2012-06-13 15:46 - 2011-11-12 18:36 - 00000000 ____D C:\Users\Elaine\Local Settings\SoftThinks
2012-06-13 15:46 - 2011-11-12 18:36 - 00000000 ____D C:\Users\Elaine\Local Settings\Application Data\SoftThinks
2012-06-13 15:46 - 2011-11-12 18:36 - 00000000 ____D C:\Users\Elaine\AppData\Local\SoftThinks
2012-06-13 15:46 - 2010-05-06 22:09 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-06-13 15:45 - 2012-01-02 16:30 - 00004434 ____A C:\Windows\setupact.log
2012-06-13 15:45 - 2011-11-12 19:51 - 00079890 ____A C:\Users\All Users\lxeascan.log
2012-06-13 15:45 - 2011-11-12 19:51 - 00079890 ____A C:\Users\All Users\Application Data\lxeascan.log
2012-06-13 15:45 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-10 19:55 - 2012-06-08 17:52 - 01615040 ____A C:\Windows\ntbtlog.txt
2012-06-09 19:34 - 2012-06-09 19:34 - 00000020 ___SH C:\Users\Charles.Elaine-PC\ntuser.ini
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Templates
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Start Menu
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\PrintHood
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\NetHood
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\My Documents\My Videos
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\My Documents\My Pictures
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\My Documents\My Music
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\My Documents
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Local Settings\Temporary Internet Files
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Local Settings\History
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Local Settings\Application Data\Temporary Internet Files
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Local Settings\Application Data\History
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Documents\My Videos
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Documents\My Pictures
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\Documents\My Music
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\AppData\Local\Temporary Internet Files
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 __SHD C:\Users\Charles.Elaine-PC\AppData\Local\History
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 ____D C:\Users\Charles.Elaine-PC\AppData\LocalLow
2012-06-09 19:34 - 2012-06-09 19:34 - 00000000 ____D C:\users\Charles.Elaine-PC
2012-06-09 18:34 - 2012-06-07 20:36 - 00000000 ___SD C:\32788R22FWJFW
2012-06-09 18:32 - 2009-07-13 23:45 - 00453872 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-09 18:30 - 2012-06-09 15:19 - 01948468 ____A C:\Windows\System32\Drivers\Cat.DB
2012-06-09 16:33 - 2011-12-10 13:45 - 00000000 ____D C:\Users\Elaine\Local Settings\NPE
2012-06-09 16:33 - 2011-12-10 13:45 - 00000000 ____D C:\Users\Elaine\Local Settings\Application Data\NPE
2012-06-09 16:33 - 2011-12-10 13:45 - 00000000 ____D C:\Users\Elaine\AppData\Local\NPE
2012-06-09 16:20 - 2012-06-09 16:20 - 00000000 ____D C:\Users\Elaine\Application Data\GetRightToGo
2012-06-09 16:20 - 2012-06-09 16:20 - 00000000 ____D C:\Users\Elaine\AppData\Roaming\GetRightToGo
2012-06-09 16:10 - 2011-11-12 21:38 - 00000000 ____D C:\users\LogMeInRemoteUser
2012-06-09 16:10 - 2011-11-12 21:37 - 00000000 ____D C:\users\Charles
2012-06-09 15:57 - 2012-01-02 16:23 - 02022790 ____A C:\Windows\WindowsUpdate.log
2012-06-09 15:54 - 2012-06-09 15:54 - 00743538 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-09 15:54 - 2012-06-09 15:54 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-09 15:54 - 2012-06-09 15:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-09 15:54 - 2012-06-09 15:53 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-09 15:50 - 2012-06-09 15:50 - 00122884 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_15.50.27_log.txt
2012-06-09 15:47 - 2011-12-10 13:43 - 00000361 ____A C:\rkill.log
2012-06-09 15:45 - 2009-07-14 00:08 - 00032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-09 15:43 - 2009-07-13 23:45 - 00014240 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-09 15:43 - 2009-07-13 23:45 - 00014240 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-09 15:39 - 2009-07-14 00:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-09 15:38 - 2012-06-09 15:19 - 00000000 ____D C:\Program Files (x86)\PC Tools Security
2012-06-09 15:37 - 2010-05-06 22:23 - 00000000 ____D C:\Users\All Users\McAfee
2012-06-09 15:37 - 2010-05-06 22:23 - 00000000 ____D C:\Users\All Users\Application Data\McAfee
2012-06-09 15:37 - 2010-05-06 22:22 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2012-06-09 15:37 - 2010-05-06 22:22 - 00000000 ____D C:\Program Files (x86)\McAfee
2012-06-09 15:30 - 2012-01-02 16:30 - 00745778 ____A C:\Windows\PFRO.log
2012-06-09 15:28 - 2012-06-09 15:28 - 00000858 ____A C:\Users\Elaine\Desktop\pcdoctor.reg
2012-06-09 15:25 - 2011-12-13 23:52 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3591788337-4158028197-1570331696-1001UA.job
2012-06-09 15:19 - 2012-06-09 15:19 - 00002080 ____A C:\Users\Public\Desktop\Spyware Doctor.lnk
2012-06-09 15:19 - 2012-06-09 15:19 - 00002080 ____A C:\Users\All Users\Desktop\Spyware Doctor.lnk
2012-06-09 15:19 - 2012-06-09 15:19 - 00000000 ____D C:\Users\Elaine\Application Data\PC Tools
2012-06-09 15:19 - 2012-06-09 15:19 - 00000000 ____D C:\Users\Elaine\AppData\Roaming\PC Tools
2012-06-09 15:19 - 2012-06-09 15:19 - 00000000 ____D C:\Users\All Users\PC Tools
2012-06-09 15:19 - 2012-06-09 15:19 - 00000000 ____D C:\Users\All Users\Application Data\PC Tools
2012-06-09 15:19 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-06-09 15:17 - 2011-12-10 14:44 - 00000000 ____D C:\Users\Elaine\Local Settings\CrashDumps
2012-06-09 15:17 - 2011-12-10 14:44 - 00000000 ____D C:\Users\Elaine\Local Settings\Application Data\CrashDumps
2012-06-09 15:17 - 2011-12-10 14:44 - 00000000 ____D C:\Users\Elaine\AppData\Local\CrashDumps
2012-06-09 15:09 - 2012-05-12 07:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-09 14:50 - 2012-06-09 14:50 - 00000542 ____A C:\Users\Elaine\Desktop\venue3.reg
2012-06-09 14:49 - 2012-06-09 14:49 - 00000556 ____A C:\Users\Elaine\Desktop\venue2.reg
2012-06-09 14:49 - 2012-06-09 14:49 - 00000482 ____A C:\Users\Elaine\Desktop\venue.reg
2012-06-09 14:42 - 2012-06-09 14:41 - 00128202 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_14.41.44_log.txt
2012-06-09 14:37 - 2012-06-09 14:37 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-09 14:37 - 2012-06-09 14:36 - 00132436 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_14.36.29_log.txt
2012-06-09 14:35 - 2012-06-09 14:35 - 00000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 8b5b50bf-58c5-44ab-882e-8a24b8f056bc.job
2012-06-09 14:35 - 2012-06-09 14:35 - 00000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7cd39922-4a32-4112-8156-21da5e292f74.job
2012-06-09 14:35 - 2012-06-09 14:35 - 00000000 ____D C:\Users\Elaine\Application Data\SUPERAntiSpyware.com
2012-06-09 14:35 - 2012-06-09 14:35 - 00000000 ____D C:\Users\Elaine\AppData\Roaming\SUPERAntiSpyware.com
2012-06-09 14:35 - 2012-06-09 14:34 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-06-09 14:34 - 2012-06-09 14:34 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2012-06-09 14:34 - 2012-06-09 14:34 - 00001810 ____A C:\Users\All Users\Desktop\SUPERAntiSpyware Professional.lnk
2012-06-09 14:34 - 2012-06-09 14:34 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-06-09 14:34 - 2012-06-09 14:34 - 00000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com
2012-06-09 14:34 - 2012-06-09 14:19 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-09 14:34 - 2012-06-09 14:19 - 00000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy
2012-06-09 14:21 - 2012-06-09 14:19 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-09 14:19 - 2012-06-09 14:19 - 00001264 ____A C:\Users\Elaine\Desktop\Spybot - Search & Destroy.lnk
2012-06-09 14:17 - 2012-06-09 14:17 - 00270824 ____A C:\Windows\Minidump\060912-16629-01.dmp
2012-06-09 14:17 - 2011-11-14 09:25 - 00000000 ____D C:\Windows\Minidump
2012-06-09 14:16 - 2012-01-10 11:10 - 326795659 ____A C:\Windows\MEMORY.DMP
2012-06-08 18:33 - 2012-06-08 18:33 - 00277520 ____A C:\Windows\Minidump\060812-14960-01.dmp
2012-06-08 17:43 - 2012-06-08 17:43 - 00270824 ____A C:\Windows\Minidump\060812-17690-01.dmp
2012-06-08 17:32 - 2012-06-08 17:32 - 00000536 ____A C:\Users\Elaine\Desktop\2.reg
2012-06-08 17:27 - 2012-06-08 17:27 - 00000320 ____A C:\Users\Elaine\Desktop\1.reg
2012-06-08 16:41 - 2012-06-08 16:41 - 00270824 ____A C:\Windows\Minidump\060812-25880-01.dmp
2012-06-08 16:35 - 2012-06-08 16:34 - 00270824 ____A C:\Windows\Minidump\060812-16364-01.dmp
2012-06-08 16:31 - 2012-06-08 16:30 - 00270824 ____A C:\Windows\Minidump\060812-17175-01.dmp
2012-06-07 21:44 - 2011-11-12 21:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-07 21:07 - 2012-06-07 21:07 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-06-07 21:07 - 2012-06-07 21:07 - 00000000 ____D C:\Users\All Users\Application Data\Kaspersky Lab
2012-06-07 21:04 - 2012-06-07 21:04 - 00270824 ____A C:\Windows\Minidump\060712-16270-01.dmp
2012-06-07 20:59 - 2012-06-07 20:59 - 00001345 ____A C:\Users\Public\Desktop\Norton Security Scan.lnk
2012-06-07 20:59 - 2012-06-07 20:59 - 00001345 ____A C:\Users\All Users\Desktop\Norton Security Scan.lnk
2012-06-07 20:59 - 2012-06-07 20:59 - 00000450 ___AH C:\Windows\Tasks\Norton Security Scan for Elaine.job
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Windows\System32\Drivers\NSSx64
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Users\All Users\Symantec
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Users\All Users\NortonInstaller
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Users\All Users\Application Data\Symantec
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Users\All Users\Application Data\NortonInstaller
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2012-06-07 20:59 - 2012-06-07 20:59 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan
2012-06-07 20:59 - 2011-12-10 13:45 - 00000000 ____D C:\Users\All Users\Norton
2012-06-07 20:59 - 2011-12-10 13:45 - 00000000 ____D C:\Users\All Users\Application Data\Norton
2012-06-07 20:50 - 2012-06-07 20:50 - 00001401 ____A C:\Windows\System32\Drivers\etc\hosts.bak
2012-06-07 20:50 - 2009-07-13 21:34 - 00000054 ____N C:\Windows\System32\Drivers\etc\hosts
2012-06-07 20:30 - 2012-06-07 20:30 - 00277520 ____A C:\Windows\Minidump\060712-15646-01.dmp
2012-06-05 10:31 - 2012-06-05 10:31 - 00000607 ____A C:\Users\Elaine\Desktop\stinger - Shortcut.lnk
2012-06-05 10:24 - 2012-06-05 10:31 - 09504872 ____A (McAfee Inc.) C:\Users\Elaine\My Documents\stinger.exe
2012-06-05 10:24 - 2012-06-05 10:31 - 09504872 ____A (McAfee Inc.) C:\Users\Elaine\Documents\stinger.exe
2012-06-05 08:25 - 2011-12-13 23:52 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3591788337-4158028197-1570331696-1001Core.job
2012-06-04 12:02 - 2012-06-04 09:32 - 00000041 ____A C:\Users\Elaine\Application Data\667B93.dat
2012-06-04 12:02 - 2012-06-04 09:32 - 00000041 ____A C:\Users\Elaine\AppData\Roaming\667B93.dat
2012-06-04 09:52 - 2012-06-04 09:52 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-04 09:18 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Medical Information
2012-06-04 09:18 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Medical Information
2012-06-03 22:43 - 2012-06-03 08:13 - 00012256 ____A C:\Users\Elaine\My Documents\Drew's Graduation Party.docx
2012-06-03 22:43 - 2012-06-03 08:13 - 00012256 ____A C:\Users\Elaine\Documents\Drew's Graduation Party.docx
2012-06-03 09:10 - 2011-11-12 21:52 - 00259134 ____A C:\Users\All Users\lxeaJSW.log
2012-06-03 09:10 - 2011-11-12 21:52 - 00259134 ____A C:\Users\All Users\Application Data\lxeaJSW.log
2012-05-31 13:35 - 2012-05-31 13:10 - 00022934 ____A C:\Users\Elaine\My Documents\Grad Title 1.docx
2012-05-31 13:35 - 2012-05-31 13:10 - 00022934 ____A C:\Users\Elaine\Documents\Grad Title 1.docx
2012-05-31 13:33 - 2012-05-31 13:24 - 00034816 ____A C:\Users\Elaine\My Documents\Grad Title 2.pub
2012-05-31 13:33 - 2012-05-31 13:24 - 00034816 ____A C:\Users\Elaine\Documents\Grad Title 2.pub
2012-05-31 07:49 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Christmas 2011
2012-05-31 07:49 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Christmas 2011
2012-05-30 07:37 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Recipes
2012-05-30 07:37 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Recipes
2012-05-30 07:12 - 2012-05-30 07:12 - 00011557 ____A C:\Users\Elaine\My Documents\Wayne Neubauer.docx
2012-05-30 07:12 - 2012-05-30 07:12 - 00011557 ____A C:\Users\Elaine\Documents\Wayne Neubauer.docx
2012-05-29 13:34 - 2012-05-29 13:34 - 00103784 ____A C:\Users\Elaine\GoToAssistDownloadHelper.exe
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\Local Settings\Deployment
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\Local Settings\Citrix
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\Local Settings\Application Data\Deployment
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\Local Settings\Application Data\Citrix
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\AppData\Local\Deployment
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\AppData\Local\Citrix
2012-05-29 13:34 - 2012-05-29 13:34 - 00000000 ____D C:\Users\Elaine\AppData\Local\Apps\2.0
2012-05-29 13:34 - 2011-11-12 18:36 - 00000000 ____D C:\users\Elaine
2012-05-27 19:48 - 2012-06-10 20:04 - 02804712 ____A (Symantec Corporation) C:\Users\Elaine\Desktop\Norton Power Eraser.exe
2012-05-27 19:45 - 2012-06-10 20:00 - 04528653 ___RA (Swearware) C:\Users\Elaine\Desktop\iExplore.exe
2012-05-27 14:56 - 2012-05-26 08:07 - 00046592 ____A C:\Users\Elaine\My Documents\Grad Key Words.pub
2012-05-27 14:56 - 2012-05-26 08:07 - 00046592 ____A C:\Users\Elaine\Documents\Grad Key Words.pub
2012-05-27 07:31 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Michelle and Shawn
2012-05-27 07:31 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Michelle and Shawn
2012-05-26 19:47 - 2012-01-28 21:43 - 00000000 ____D C:\Users\Elaine\My Documents\ADDRESSES
2012-05-26 19:47 - 2012-01-28 21:43 - 00000000 ____D C:\Users\Elaine\Documents\ADDRESSES
2012-05-26 13:30 - 2012-05-26 13:30 - 00033280 ____A C:\Users\Elaine\My Documents\Grad Keys 2.pub
2012-05-26 13:30 - 2012-05-26 13:30 - 00033280 ____A C:\Users\Elaine\Documents\Grad Keys 2.pub
2012-05-26 11:57 - 2012-05-26 11:57 - 00277520 ____A C:\Windows\Minidump\052612-13447-01.dmp
2012-05-26 11:55 - 2012-05-26 11:55 - 00277576 ____A C:\Windows\Minidump\052612-11949-01.dmp
2012-05-23 07:20 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Class of 1960
2012-05-23 07:20 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Class of 1960
2012-05-22 08:36 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Genealogy
2012-05-22 08:36 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Genealogy
2012-05-18 09:17 - 2012-05-18 09:17 - 00277576 ____A C:\Windows\Minidump\051812-19968-01.dmp
2012-05-15 07:40 - 2011-11-12 19:18 - 00000000 ____D C:\Users\All Users\lx_Cats
2012-05-15 07:40 - 2011-11-12 19:18 - 00000000 ____D C:\Users\All Users\Application Data\lx_Cats
2012-05-13 07:48 - 2011-11-14 21:06 - 00000000 ____D C:\Users\Elaine\Local Settings\ElevatedDiagnostics
2012-05-13 07:48 - 2011-11-14 21:06 - 00000000 ____D C:\Users\Elaine\Local Settings\Application Data\ElevatedDiagnostics
2012-05-13 07:48 - 2011-11-14 21:06 - 00000000 ____D C:\Users\Elaine\AppData\Local\ElevatedDiagnostics
2012-05-12 07:13 - 2012-05-12 07:13 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-12 07:13 - 2011-11-12 18:50 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-12 03:32 - 2010-05-06 22:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-12 03:12 - 2011-11-12 19:13 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-12 03:12 - 2010-05-06 22:06 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-12 03:12 - 2010-05-06 22:06 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-05-12 03:00 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-10 22:04 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Family Stuff
2012-05-10 22:04 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Family Stuff
2012-05-09 13:25 - 2012-05-09 13:03 - 00000000 ____D C:\Users\Elaine\Local Settings\PhotoChannel
2012-05-09 13:25 - 2012-05-09 13:03 - 00000000 ____D C:\Users\Elaine\Local Settings\Application Data\PhotoChannel
2012-05-09 13:25 - 2012-05-09 13:03 - 00000000 ____D C:\Users\Elaine\AppData\Local\PhotoChannel
2012-05-07 22:34 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Shakespeare
2012-05-07 22:34 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Shakespeare
2012-05-07 22:31 - 2012-05-07 22:30 - 00088974 ____A C:\Users\Elaine\Downloads\s
2012-05-06 09:06 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Family Tree Maker
2012-05-06 09:06 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Family Tree Maker
2012-05-06 08:58 - 2011-11-12 18:36 - 00000000 ____D C:\Users\Elaine\Local Settings\VirtualStore
2012-05-06 08:58 - 2011-11-12 18:36 - 00000000 ____D C:\Users\Elaine\Local Settings\Application Data\VirtualStore
2012-05-06 08:58 - 2011-11-12 18:36 - 00000000 ____D C:\Users\Elaine\AppData\Local\VirtualStore
2012-05-06 08:43 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Birthday Menus, etc
2012-05-06 08:43 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Birthday Menus, etc
2012-05-06 07:56 - 2011-11-12 21:36 - 00000000 ____D C:\Users\Elaine\My Documents\Bagdad Cemetery
2012-05-06 07:56 - 2011-11-12 21:36 - 00000000 ____D C:\Users\Elaine\Documents\Bagdad Cemetery
2012-05-04 20:41 - 2012-04-21 09:35 - 00015247 ____A C:\Users\Elaine\My Documents\Fiesta Treasure Clues 2012.docx
2012-05-04 20:41 - 2012-04-21 09:35 - 00015247 ____A C:\Users\Elaine\Documents\Fiesta Treasure Clues 2012.docx
2012-04-30 11:05 - 2012-04-30 11:05 - 00000144 ____A C:\Users\Elaine\Desktop\suite (2).url
2012-04-28 07:54 - 2012-04-28 07:54 - 00012905 ____A C:\Users\Elaine\Desktop\untitled.png
2012-04-27 23:03 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\WMU
2012-04-27 23:03 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\WMU
2012-04-22 08:54 - 2011-12-15 17:22 - 00000431 ____A C:\Users\All Users\lxeaDiagnostics.log
2012-04-22 08:54 - 2011-12-15 17:22 - 00000431 ____A C:\Users\All Users\Application Data\lxeaDiagnostics.log
2012-04-21 19:56 - 2012-04-21 19:55 - 00277520 ____A C:\Windows\Minidump\042112-13930-01.dmp
2012-04-20 20:31 - 2011-11-12 21:36 - 00000000 ____D C:\Users\Elaine\My Documents\Bagdad Bunch
2012-04-20 20:31 - 2011-11-12 21:36 - 00000000 ____D C:\Users\Elaine\Documents\Bagdad Bunch
2012-04-20 15:37 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\BVPA
2012-04-20 15:37 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\BVPA
2012-04-17 20:41 - 2012-04-17 20:41 - 00030107 ____A C:\Users\Elaine\My Documents\Csablanca Presentation.docx
2012-04-17 20:41 - 2012-04-17 20:41 - 00030107 ____A C:\Users\Elaine\Documents\Csablanca Presentation.docx
2012-04-16 21:39 - 2012-04-16 21:34 - 00035328 ____A C:\Users\Elaine\My Documents\Bagdad Vichy Water.pub
2012-04-16 21:39 - 2012-04-16 21:34 - 00035328 ____A C:\Users\Elaine\Documents\Bagdad Vichy Water.pub
2012-04-16 21:08 - 2012-04-16 20:44 - 00036864 ____A C:\Users\Elaine\My Documents\Publication2.pub
2012-04-16 21:08 - 2012-04-16 20:44 - 00036864 ____A C:\Users\Elaine\Documents\Publication2.pub
2012-04-16 20:33 - 2012-04-16 20:33 - 00010440 ____A C:\Users\Elaine\My Documents\French Vichy Water.docx
2012-04-16 20:33 - 2012-04-16 20:33 - 00010440 ____A C:\Users\Elaine\Documents\French Vichy Water.docx
2012-04-15 16:13 - 2012-04-15 08:13 - 00029630 ____A C:\Users\Elaine\My Documents\Csablanca Movie.docx
2012-04-15 16:13 - 2012-04-15 08:13 - 00029630 ____A C:\Users\Elaine\Documents\Csablanca Movie.docx
2012-04-13 20:27 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Missions Committee
2012-04-13 20:27 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Missions Committee
2012-04-09 10:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF
2012-04-08 20:16 - 2012-04-08 20:16 - 00701805 ____A C:\Users\All Users\SPLCEEA.tmp
2012-04-08 20:16 - 2012-04-08 20:16 - 00701805 ____A C:\Users\All Users\Application Data\SPLCEEA.tmp
2012-04-05 15:04 - 2011-12-17 12:04 - 00000000 ____D C:\Program Files\Dell Support Center
2012-03-31 09:01 - 2012-03-31 09:01 - 00037888 ____A C:\Users\Elaine\My Documents\Spring Music Cards 2.pub
2012-03-31 09:01 - 2012-03-31 09:01 - 00037888 ____A C:\Users\Elaine\Documents\Spring Music Cards 2.pub
2012-03-31 09:00 - 2012-03-31 08:44 - 00035840 ____A C:\Users\Elaine\My Documents\Spring Music Cards.pub
2012-03-31 09:00 - 2012-03-31 08:44 - 00035840 ____A C:\Users\Elaine\Documents\Spring Music Cards.pub
2012-03-31 01:05 - 2012-05-11 04:08 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 23:39 - 2012-05-11 04:08 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 23:39 - 2012-05-11 04:08 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 22:10 - 2012-05-11 04:08 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 06:35 - 2012-05-11 04:07 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-28 08:44 - 2010-05-12 14:02 - 00072370 ____A C:\Users\Elaine\My Documents\Map to 5556 Michael Drive.docx
2012-03-28 08:44 - 2010-05-12 14:02 - 00072370 ____A C:\Users\Elaine\Documents\Map to 5556 Michael Drive.docx
2012-03-27 22:04 - 2012-03-27 22:04 - 00007680 __ASH C:\Users\Elaine\My Documents\Thumbs.db
2012-03-27 22:04 - 2012-03-27 22:04 - 00007680 __ASH C:\Users\Elaine\Documents\Thumbs.db
2012-03-27 00:51 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\My Documents\Wedding Photo Notes
2012-03-27 00:51 - 2011-11-12 21:38 - 00000000 ____D C:\Users\Elaine\Documents\Wedding Photo Notes
2012-03-20 20:44 - 2012-03-20 20:44 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 20:44 - 2012-03-20 20:44 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-17 02:58 - 2012-05-11 04:08 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3895.12 MB
Available physical RAM: 3330.17 MB
Total Pagefile: 3893.27 MB
Available Pagefile: 3321.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:243.48 GB) NTFS
3 Drive e: (KINGSTON) (Removable) (Total:7.26 GB) (Free:6.45 GB) FAT32
4 Drive f: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.4 GB) NTFS
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7441 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 283 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 F RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 283 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7437 MB 4032 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E KINGSTON FAT32 Removable 7437 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-29 06:44

======================= End Of Log ==========================

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:26 PM

Posted 13 June 2012 - 09:12 PM

we need to find a replacement for this file as it appears to be infected

C:\Windows\System32\services.exe



boot into System Recovery Options and run FRST again

Type the following in the edit box after "Search:" so it looks like this:

Search: services.exe

Click Search button and post the log it makes to your reply.

Edited by CatByte, 13 June 2012 - 09:13 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Matthew32

Matthew32
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 13 June 2012 - 10:11 PM

We have made progress!

First, I ran the FRST64 and saw there were 2 copies of the services.exe file. I copied C:\WINDOWS\ERDNT\cache64\services.exe to C:\WINDOWS\System32\ overwriting the one there. I then booted to regular mode and it came up and never said it was going to reboot.

At that point I downloaded ComboFix to my flash drive, renamed it MattSnow.exe, copied it to the desktop and tried to run it. RKill ran and I will post the log from it below. Needless to say, ComboFix did not continue to run.

I then decided I would try to run dds and GMER. dds ran and the log is below. GMER also ran but when it finished it said it did not find anything. I did not run FRST64 again.

So here are all the log files I currently have. Your continued help is GREATLY appreciated!

Matt

Farbar Recovery Scan Tool Version: 09-06-2012 01
Ran by SYSTEM at 2012-06-13 21:28:36
Running from J:\

================== Search: "services.exe" ===================

C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\WINDOWS\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

C:\WINDOWS\ERDNT\cache64\services.exe
[2011-12-10 13:16] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 06/13/2012 at 21:42:30.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

C:\Windows\SysWOW64\rundll32.exe


Rkill completed on 06/13/2012 at 21:42:36.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Elaine at 21:49:13 on 2012-06-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2648 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Windows\system32\lxeacoms.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
C:\Program Files (x86)\Common Files\PX Storage Engine\VxBlockServer.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\splwow64.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Google Update] "C:\Users\Elaine\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe"
mRun: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 97.64.209.36 97.64.168.13
TCP: Interfaces\{9D208FA7-3393-4542-8830-3DC7967F6F82} : DhcpNameServer = 97.64.209.36 97.64.168.13
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe"
mRun-x64: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 Sahdad64;HDD Filter Driver;C:\Windows\system32\Drivers\Sahdad64.sys --> C:\Windows\system32\Drivers\Sahdad64.sys [?]
R0 Saibad64;Volume Filter Driver;C:\Windows\system32\Drivers\Saibad64.sys --> C:\Windows\system32\Drivers\Saibad64.sys [?]
R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?]
R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\system32\Drivers\SaibVdAd64.sys --> C:\Windows\system32\Drivers\SaibVdAd64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2009-6-2 457200]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2009-6-23 127352]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-1-2 722616]
R2 lxea_device;lxea_device;C:\Windows\system32\lxeacoms.exe -service --> C:\Windows\system32\lxeacoms.exe -service [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-6-9 1153368]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-5-6 705856]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-1-2 722616]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-10 654408]
S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-7-24 219632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-12 257696]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 RoxMediaDB12;RoxMediaDB12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-7-24 1116656]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2012-6-9 366840]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2012-6-9 1150936]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-06-09 23:32:49 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B3451E74-057C-4956-9455-57A0BAA8129F}\offreg.dll
2012-06-09 21:20:21 -------- d-----w- C:\Users\Elaine\AppData\Roaming\GetRightToGo
2012-06-09 21:10:54 -------- d-----w- C:\FRST
2012-06-09 20:56:20 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7D9E3C41-ED79-46D0-B4A4-DB542C8149F4}\gapaengine.dll
2012-06-09 20:56:16 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B3451E74-057C-4956-9455-57A0BAA8129F}\mpengine.dll
2012-06-09 20:54:00 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-06-09 20:53:58 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-06-09 20:19:09 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2012-06-09 20:19:09 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2012-06-09 20:19:08 331368 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2012-06-09 20:19:08 136168 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2012-06-09 20:19:07 257232 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2012-06-09 20:19:04 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2012-06-09 20:19:00 -------- d-----w- C:\Users\Elaine\AppData\Roaming\PC Tools
2012-06-09 20:19:00 -------- d-----w- C:\ProgramData\PC Tools
2012-06-09 20:19:00 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2012-06-09 20:19:00 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-06-09 19:37:27 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-09 19:35:06 -------- d-----w- C:\Users\Elaine\AppData\Roaming\SUPERAntiSpyware.com
2012-06-09 19:34:47 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-06-09 19:34:47 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-06-09 19:19:53 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-06-09 19:19:53 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-08 02:07:39 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-06-08 01:59:20 -------- d-----w- C:\ProgramData\Symantec
2012-06-08 01:59:18 -------- d-----w- C:\Windows\System32\drivers\NSSx64\0307020.005
2012-06-08 01:59:18 -------- d-----w- C:\Windows\System32\drivers\NSSx64
2012-06-08 01:59:18 -------- d-----w- C:\Program Files (x86)\Norton Security Scan
2012-06-08 01:59:16 -------- d-----w- C:\ProgramData\NortonInstaller
2012-06-08 01:59:16 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-06-04 14:52:13 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-05-29 18:34:53 -------- d-----w- C:\Users\Elaine\AppData\Local\Citrix
2012-05-29 18:34:51 103784 ----a-w- C:\Users\Elaine\GoToAssistDownloadHelper.exe
2012-05-29 18:34:35 -------- d-----w- C:\Users\Elaine\AppData\Local\Apps
2012-05-29 18:34:34 -------- d-----w- C:\Users\Elaine\AppData\Local\Deployment
.
==================== Find3M ====================
.
2012-05-12 12:13:49 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-12 12:13:49 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-09 01:16:54 701805 ----a-w- C:\ProgramData\SPLCEEA.tmp
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-21 01:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 01:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
.
============= FINISH: 21:50:03.55 ===============

#8 Matthew32

Matthew32
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 13 June 2012 - 10:13 PM

Delete of double post.

Edited by Matthew32, 13 June 2012 - 10:16 PM.


#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:26 PM

Posted 14 June 2012 - 05:54 PM

OK

Let's try another tool


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 Matthew32

Matthew32
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 14 June 2012 - 09:28 PM

Here is OTL.txt

OTL logfile created on: 6/14/2012 8:53:46 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 61.38% Memory free
7.61 Gb Paging File | 6.05 Gb Available in Paging File | 79.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 243.29 Gb Free Space | 85.84% Space Free | Partition Type: NTFS
Drive E: | 7.26 Gb Total Space | 6.45 Gb Free Space | 88.86% Space Free | Partition Type: FAT32

Computer Name: ELAINE-PC | User Name: Elaine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/14 20:15:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2011/12/12 02:47:08 | 000,722,616 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2011/01/23 21:08:55 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
PRC - [2011/01/23 21:08:52 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
PRC - [2011/01/13 14:54:26 | 000,464,856 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/13 14:42:12 | 003,811,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/01/13 14:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2011/01/13 14:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/07/21 12:50:02 | 000,084,464 | ---- | M] () -- C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
PRC - [2009/06/23 18:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/02 20:05:58 | 000,457,200 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
PRC - [2009/03/24 02:01:00 | 000,113,136 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\PX Storage Engine\VxBlockServer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/12 03:46:11 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/12 03:35:26 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/12 03:35:04 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll
MOD - [2012/05/12 03:34:53 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/12 03:34:47 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/12 03:34:45 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll
MOD - [2012/05/12 03:34:36 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/12 03:34:32 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 03:34:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 03:34:26 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 03:34:21 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/01/23 21:08:55 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
MOD - [2011/01/23 21:08:52 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
MOD - [2011/01/13 14:42:02 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
MOD - [2011/01/13 14:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2011/01/13 14:37:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2011/01/13 14:37:26 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2011/01/13 14:37:24 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2011/01/13 14:37:20 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2011/01/13 14:37:18 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2011/01/13 14:37:14 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2011/01/13 14:37:04 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
MOD - [2011/01/13 14:36:50 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/04/05 06:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epoemdll.dll
MOD - [2010/04/05 06:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epstring.dll
MOD - [2010/04/05 06:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epwizres.dll
MOD - [2010/04/05 06:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epwizard.dll
MOD - [2010/04/05 06:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\customui.dll
MOD - [2010/04/05 06:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epfunct.dll
MOD - [2010/04/05 06:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\eputil.dll
MOD - [2010/04/05 06:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\imagutil.dll
MOD - [2010/04/01 13:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadrs.dll
MOD - [2010/04/01 13:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll
MOD - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/07/21 12:50:02 | 000,084,464 | ---- | M] () -- C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
MOD - [2009/05/27 08:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll
MOD - [2009/05/27 08:13:36 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacats.dll
MOD - [2009/04/07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\iptk.dll
MOD - [2009/03/10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll
MOD - [2009/03/02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaptp.dll
MOD - [2009/02/20 09:48:44 | 000,023,552 | ---- | M] () -- C:\WINDOWS\SysWOW64\lxeasmr.dll
MOD - [2009/02/20 09:48:04 | 000,299,008 | ---- | M] () -- C:\WINDOWS\SysWOW64\lxeasm.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/04/14 21:45:38 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\SysNative\lxeacoms.exe -- (lxea_device)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/05/12 07:13:50 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/12 02:47:08 | 000,722,616 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/12/12 02:47:08 | 000,722,616 | ---- | M] (iolo technologies, LLC) [Auto | Stopped] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2011/01/13 14:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/04/14 16:45:21 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\SysWOW64\lxeacoms.exe -- (lxea_device)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/24 09:33:34 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe -- (RoxWatch12)
SRV - [2009/07/24 09:33:10 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe -- (RoxMediaDB12)
SRV - [2009/06/23 18:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/02 20:05:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/25 10:43:26 | 000,257,232 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/16 14:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2010/06/29 10:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2009/11/21 19:31:18 | 007,778,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/16 06:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 02:00:00 | 000,027,632 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\SaibVdAd64.sys -- (SaibVdAd64)
DRV:64bit: - [2009/06/02 02:00:00 | 000,027,120 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\Sahdad64.sys -- (Sahdad64)
DRV:64bit: - [2009/06/02 02:00:00 | 000,019,952 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\Saibad64.sys -- (Saibad64)
DRV:64bit: - [2008/12/09 10:59:28 | 000,023,464 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {4090D9D7-9B32-47D1-8E11-F1FFDF9BB157}
IE:64bit: - HKLM\..\SearchScopes\{4090D9D7-9B32-47D1-8E11-F1FFDF9BB157}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {24E064CE-4ED8-4397-80D6-6E0C40302DAF}
IE - HKLM\..\SearchScopes\{24E064CE-4ED8-4397-80D6-6E0C40302DAF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {24E064CE-4ED8-4397-80D6-6E0C40302DAF}
IE - HKCU\..\SearchScopes\{A4C77330-B443-43E7-AB4F-FB742B13EA97}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Elaine\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Elaine\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Elaine\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Elaine\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Elaine\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Elaine\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/06/07 20:50:32 | 000,000,054 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxeamon.exe] C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [CPMonitor] C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe ()
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [iolo Startup] C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.209.36 97.64.168.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D208FA7-3393-4542-8830-3DC7967F6F82}: DhcpNameServer = 97.64.209.36 97.64.168.13
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\x-sdch - No CLSID value found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - E:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/13 21:49:01 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Elaine\Desktop\dds.scr
[2012/06/10 20:04:19 | 002,804,712 | ---- | C] (Symantec Corporation) -- C:\Users\Elaine\Desktop\Norton Power Eraser.exe
[2012/06/09 16:20:24 | 000,000,000 | ---D | C] -- C:\Users\Elaine\Desktop\Downloads
[2012/06/09 16:20:21 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Roaming\GetRightToGo
[2012/06/09 16:10:54 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/09 15:54:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/06/09 15:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/09 15:19:09 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2012/06/09 15:19:09 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2012/06/09 15:19:08 | 000,331,368 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2012/06/09 15:19:08 | 000,136,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2012/06/09 15:19:07 | 000,257,232 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2012/06/09 15:19:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/06/09 15:19:04 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2012/06/09 15:19:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2012/06/09 15:19:00 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Roaming\PC Tools
[2012/06/09 15:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/06/09 15:19:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/06/09 15:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/06/09 14:37:27 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/09 14:35:06 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/09 14:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/06/09 14:34:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/09 14:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/09 14:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/06/09 14:19:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/09 14:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/06/07 21:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/06/07 20:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012/06/07 20:59:18 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2012/06/07 20:59:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2012/06/07 20:59:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2012/06/07 20:59:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0307020.005
[2012/06/07 20:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/06/07 20:59:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012/06/07 20:36:11 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/06/05 10:31:10 | 009,504,872 | ---- | C] (McAfee Inc.) -- C:\Users\Elaine\Documents\stinger.exe
[2012/06/04 09:52:13 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/05/29 13:34:53 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Local\Citrix
[2012/05/29 13:34:35 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Local\Apps
[2012/05/29 13:34:34 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Local\Deployment
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/14 21:05:03 | 001,975,236 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/06/14 21:00:19 | 000,014,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/14 21:00:19 | 000,014,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/14 20:59:55 | 000,729,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/14 20:59:55 | 000,626,290 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/14 20:59:55 | 000,107,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/14 20:51:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/14 20:51:29 | 3063,242,752 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/13 22:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/13 21:48:10 | 000,302,592 | ---- | M] () -- C:\Users\Elaine\Desktop\ny9uvy3l.exe
[2012/06/13 21:47:24 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Elaine\Desktop\dds.scr
[2012/06/13 21:37:19 | 000,003,432 | ---- | M] () -- C:\bootsqm.dat
[2012/06/09 18:32:31 | 000,453,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/09 15:54:13 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/09 15:54:02 | 000,743,538 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/09 15:28:49 | 000,000,858 | ---- | M] () -- C:\Users\Elaine\Desktop\pcdoctor.reg
[2012/06/09 15:25:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3591788337-4158028197-1570331696-1001UA.job
[2012/06/09 15:19:06 | 000,002,080 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2012/06/09 14:50:15 | 000,000,542 | ---- | M] () -- C:\Users\Elaine\Desktop\venue3.reg
[2012/06/09 14:49:39 | 000,000,556 | ---- | M] () -- C:\Users\Elaine\Desktop\venue2.reg
[2012/06/09 14:49:04 | 000,000,482 | ---- | M] () -- C:\Users\Elaine\Desktop\venue.reg
[2012/06/09 14:35:08 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 8b5b50bf-58c5-44ab-882e-8a24b8f056bc.job
[2012/06/09 14:35:08 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7cd39922-4a32-4112-8156-21da5e292f74.job
[2012/06/09 14:34:50 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2012/06/09 14:19:56 | 000,001,288 | ---- | M] () -- C:\Users\Elaine\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/06/09 14:19:56 | 000,001,264 | ---- | M] () -- C:\Users\Elaine\Desktop\Spybot - Search & Destroy.lnk
[2012/06/09 14:16:54 | 326,795,659 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/08 17:32:17 | 000,000,536 | ---- | M] () -- C:\Users\Elaine\Desktop\2.reg
[2012/06/08 17:27:41 | 000,000,320 | ---- | M] () -- C:\Users\Elaine\Desktop\1.reg
[2012/06/07 20:59:20 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Elaine.job
[2012/06/07 20:59:19 | 000,001,345 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2012/06/07 20:50:32 | 000,001,401 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2012/06/07 20:50:32 | 000,000,054 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/05 10:31:18 | 000,000,607 | ---- | M] () -- C:\Users\Elaine\Desktop\stinger - Shortcut.lnk
[2012/06/05 10:24:54 | 009,504,872 | ---- | M] (McAfee Inc.) -- C:\Users\Elaine\Documents\stinger.exe
[2012/06/05 08:25:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3591788337-4158028197-1570331696-1001Core.job
[2012/06/04 14:21:36 | 001,012,656 | ---- | M] () -- C:\Users\Elaine\Desktop\MattSnow.exe
[2012/06/04 12:02:53 | 000,000,041 | ---- | M] () -- C:\Users\Elaine\AppData\Roaming\667B93.dat
[2012/05/31 13:33:02 | 000,034,816 | ---- | M] () -- C:\Users\Elaine\Documents\Grad Title 2.pub
[2012/05/29 13:34:51 | 000,103,784 | ---- | M] () -- C:\Users\Elaine\GoToAssistDownloadHelper.exe
[2012/05/27 19:48:56 | 002,804,712 | ---- | M] (Symantec Corporation) -- C:\Users\Elaine\Desktop\Norton Power Eraser.exe
[2012/05/27 14:56:17 | 000,046,592 | ---- | M] () -- C:\Users\Elaine\Documents\Grad Key Words.pub
[2012/05/26 13:30:35 | 000,033,280 | ---- | M] () -- C:\Users\Elaine\Documents\Grad Keys 2.pub
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/13 21:49:07 | 000,302,592 | ---- | C] () -- C:\Users\Elaine\Desktop\ny9uvy3l.exe
[2012/06/13 21:41:25 | 001,012,656 | ---- | C] () -- C:\Users\Elaine\Desktop\MattSnow.exe
[2012/06/13 21:37:19 | 000,003,432 | ---- | C] () -- C:\bootsqm.dat
[2012/06/09 15:54:13 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/06/09 15:54:05 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/09 15:54:02 | 000,743,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/09 15:28:49 | 000,000,858 | ---- | C] () -- C:\Users\Elaine\Desktop\pcdoctor.reg
[2012/06/09 15:19:11 | 001,956,688 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/06/09 15:19:06 | 000,002,080 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2012/06/09 14:50:15 | 000,000,542 | ---- | C] () -- C:\Users\Elaine\Desktop\venue3.reg
[2012/06/09 14:49:39 | 000,000,556 | ---- | C] () -- C:\Users\Elaine\Desktop\venue2.reg
[2012/06/09 14:49:04 | 000,000,482 | ---- | C] () -- C:\Users\Elaine\Desktop\venue.reg
[2012/06/09 14:35:08 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 8b5b50bf-58c5-44ab-882e-8a24b8f056bc.job
[2012/06/09 14:35:08 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7cd39922-4a32-4112-8156-21da5e292f74.job
[2012/06/09 14:34:50 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2012/06/09 14:19:56 | 000,001,288 | ---- | C] () -- C:\Users\Elaine\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/06/09 14:19:56 | 000,001,264 | ---- | C] () -- C:\Users\Elaine\Desktop\Spybot - Search & Destroy.lnk
[2012/06/08 17:32:17 | 000,000,536 | ---- | C] () -- C:\Users\Elaine\Desktop\2.reg
[2012/06/08 17:27:41 | 000,000,320 | ---- | C] () -- C:\Users\Elaine\Desktop\1.reg
[2012/06/07 20:59:20 | 000,000,450 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Elaine.job
[2012/06/07 20:59:19 | 000,001,345 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2012/06/07 20:59:18 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0307020.005\isolate.ini
[2012/06/05 10:31:18 | 000,000,607 | ---- | C] () -- C:\Users\Elaine\Desktop\stinger - Shortcut.lnk
[2012/06/04 09:32:24 | 000,000,041 | ---- | C] () -- C:\Users\Elaine\AppData\Roaming\667B93.dat
[2012/05/31 13:24:01 | 000,034,816 | ---- | C] () -- C:\Users\Elaine\Documents\Grad Title 2.pub
[2012/05/29 13:34:51 | 000,103,784 | ---- | C] () -- C:\Users\Elaine\GoToAssistDownloadHelper.exe
[2012/05/26 13:30:35 | 000,033,280 | ---- | C] () -- C:\Users\Elaine\Documents\Grad Keys 2.pub
[2012/05/26 08:07:01 | 000,046,592 | ---- | C] () -- C:\Users\Elaine\Documents\Grad Key Words.pub
[2012/01/08 15:26:34 | 000,008,820 | -HS- | C] () -- C:\Users\Elaine\AppData\Local\445q26y51mrgmx4e4gkp5d
[2012/01/08 15:26:34 | 000,008,820 | -HS- | C] () -- C:\ProgramData\445q26y51mrgmx4e4gkp5d
[2012/01/01 20:49:06 | 000,007,617 | ---- | C] () -- C:\Users\Elaine\AppData\Local\Resmon.ResmonCfg
[2012/01/01 18:38:34 | 000,011,130 | -HS- | C] () -- C:\Users\Elaine\AppData\Local\qdc6io7rx11746o6u722u7
[2012/01/01 18:38:34 | 000,011,130 | -HS- | C] () -- C:\ProgramData\qdc6io7rx11746o6u722u7
[2011/12/28 21:23:10 | 000,008,966 | -HS- | C] () -- C:\Users\Elaine\AppData\Local\8kx8w56xix4p43nqxui3320ng437tdg17b0j
[2011/12/28 21:23:10 | 000,008,966 | -HS- | C] () -- C:\ProgramData\8kx8w56xix4p43nqxui3320ng437tdg17b0j
[2011/12/24 12:35:29 | 000,011,658 | -HS- | C] () -- C:\Users\Elaine\AppData\Local\3xa7x07qip7w26gcide1810we443mdj01d3f
[2011/12/24 12:35:29 | 000,011,658 | -HS- | C] () -- C:\ProgramData\3xa7x07qip7w26gcide1810we443mdj01d3f
[2011/12/24 11:53:21 | 000,000,288 | ---- | C] () -- C:\Users\Elaine\AppData\Roaming\.backup.dm
[2011/12/23 17:46:52 | 000,011,338 | -HS- | C] () -- C:\Users\Elaine\AppData\Local\v14t2bh563n5as76745dwtr26wri550bq6f8
[2011/12/23 17:46:52 | 000,011,338 | -HS- | C] () -- C:\ProgramData\v14t2bh563n5as76745dwtr26wri550bq6f8
[2011/12/10 14:32:28 | 000,837,787 | ---- | C] () -- C:\Users\Elaine\AppData\Local\census.cache
[2011/12/10 14:31:57 | 000,103,860 | ---- | C] () -- C:\Users\Elaine\AppData\Local\ars.cache
[2011/12/10 14:25:17 | 000,000,036 | ---- | C] () -- C:\Users\Elaine\AppData\Local\housecall.guid.cache
[2011/12/10 12:27:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/10 12:27:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/10 12:27:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/10 12:27:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/10 12:27:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/16 22:18:31 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2011/11/12 22:29:26 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/11/12 22:01:20 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\LXEAinst.dll
[2011/11/12 22:01:19 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaserv.dll
[2011/11/12 22:01:19 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeausb1.dll
[2011/11/12 22:01:19 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeapmui.dll
[2011/11/12 22:01:19 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeainpa.dll
[2011/11/12 22:01:19 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeacomx.dll
[2011/11/12 22:01:19 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaiesc.dll
[2011/11/12 22:01:19 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeains.dll
[2011/11/12 22:01:19 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeainsb.dll
[2011/11/12 22:01:19 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeacu.dll
[2011/11/12 22:01:19 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxeainsr.dll
[2011/11/12 22:01:19 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeacub.dll
[2011/11/12 22:01:19 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeajswr.dll
[2011/11/12 22:01:19 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeacur.dll
[2011/11/12 22:01:18 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomc.dll
[2011/11/12 22:01:18 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeahbn3.dll
[2011/11/12 22:01:18 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacoms.exe
[2011/11/12 22:01:18 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxealmpm.dll
[2011/11/12 22:01:18 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacfg.exe
[2011/11/12 22:01:18 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomm.dll
[2011/11/12 22:01:18 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaih.exe

========== LOP Check ==========

[2012/01/29 09:06:23 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\064E6
[2012/02/17 18:10:36 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\E0006
[2012/06/09 16:20:22 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\GetRightToGo
[2011/11/16 22:33:57 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\iolo
[2011/11/13 23:10:36 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\PCDr
[2011/12/24 21:27:00 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\SanDisk
[2011/11/13 10:56:23 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\Simple Star
[2012/01/18 09:02:05 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2012/06/09 15:45:26 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/20 03:19:06 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU[1].TXT
[2012/06/09 14:35:08 | 000,000,512 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7cd39922-4a32-4112-8156-21da5e292f74.job
[2012/06/09 14:35:08 | 000,000,512 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 8b5b50bf-58c5-44ab-882e-8a24b8f056bc.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2010/05/07 00:45:18 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/05/07 00:45:26 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\WINDOWS\ERDNT\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\WINDOWS\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$R0DJMQN\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$R4DERGQ\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$R6Z3X6G\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$R9ZVF3F\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$RKXGYWP\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$RORAMVQ\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$RUSU4SU\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$RVHPMVO\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Temp\RarSFX3\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Temp\RarSFX4\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Temp\RarSFX3\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Temp\RarSFX4\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Temp\RarSFX3\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Application Data\Temp\RarSFX4\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Temp\RarSFX3\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\AppData\Local\Temp\RarSFX4\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Temp\RarSFX3\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Temp\RarSFX4\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Temp\RarSFX3\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Temp\RarSFX4\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Temp\RarSFX3\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Application Data\Temp\RarSFX4\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Temp\RarSFX3\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Elaine\Local Settings\Temp\RarSFX4\procs\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/05/07 00:45:18 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/05/07 00:45:20 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\WINDOWS\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/05/07 00:45:26 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/05/07 00:45:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$R0DJMQN\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$R4DERGQ\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$R6Z3X6G\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$R9ZVF3F\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$RKXGYWP\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$RORAMVQ\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$RUSU4SU\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$RVHPMVO\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Temp\RarSFX2\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Temp\RarSFX3\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Temp\RarSFX4\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Temp\RarSFX2\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Temp\RarSFX3\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Temp\RarSFX4\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Temp\RarSFX2\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Temp\RarSFX3\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Application Data\Temp\RarSFX4\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Temp\RarSFX2\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Temp\RarSFX3\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\AppData\Local\Temp\RarSFX4\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Temp\RarSFX2\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Temp\RarSFX3\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Temp\RarSFX4\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Temp\RarSFX2\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Temp\RarSFX3\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Temp\RarSFX4\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Temp\RarSFX2\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Temp\RarSFX3\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Application Data\Temp\RarSFX4\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Temp\RarSFX2\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Temp\RarSFX3\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Elaine\Local Settings\Temp\RarSFX4\h\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/05/07 00:45:26 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/05/07 00:45:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/05/07 00:45:26 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/05/07 00:45:18 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/05/07 00:45:20 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/05/07 00:45:18 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\WINDOWS\ERDNT\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\WINDOWS\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\WINDOWS\ERDNT\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\WINDOWS\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\WINDOWS\ERDNT\cache86\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\WINDOWS\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$R0DJMQN\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$R4DERGQ\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$R6Z3X6G\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$R9ZVF3F\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$RKXGYWP\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$RORAMVQ\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$RUSU4SU\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$RVHPMVO\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Temp\RarSFX2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Temp\RarSFX3\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Temp\RarSFX4\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Temp\RarSFX2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Temp\RarSFX3\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Temp\RarSFX4\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Temp\RarSFX2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Temp\RarSFX3\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Temp\RarSFX4\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Temp\RarSFX2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Temp\RarSFX3\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Temp\RarSFX4\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Temp\RarSFX2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Temp\RarSFX3\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Temp\RarSFX4\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Temp\RarSFX2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Temp\RarSFX3\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Temp\RarSFX4\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Temp\RarSFX2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Temp\RarSFX3\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Temp\RarSFX4\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Temp\RarSFX2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Temp\RarSFX3\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Temp\RarSFX4\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\WINDOWS\ERDNT\cache64\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\WINDOWS\ERDNT\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/05/07 00:45:26 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$R0DJMQN\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$R4DERGQ\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$R6Z3X6G\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$R9ZVF3F\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$RKXGYWP\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$RORAMVQ\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$RUSU4SU\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\$RECYCLE.BIN\S-1-5-21-3591788337-4158028197-1570331696-1001\$RVHPMVO\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Temp\RarSFX2\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Temp\RarSFX3\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Application Data\Temp\RarSFX4\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Temp\RarSFX2\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Temp\RarSFX3\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Application Data\Temp\RarSFX4\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Temp\RarSFX2\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Temp\RarSFX3\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Application Data\Temp\RarSFX4\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Temp\RarSFX2\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Temp\RarSFX3\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\AppData\Local\Temp\RarSFX4\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX2\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX3\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\RarSFX4\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Temp\RarSFX2\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Temp\RarSFX3\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Application Data\Temp\RarSFX4\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Temp\RarSFX2\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Temp\RarSFX3\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Application Data\Temp\RarSFX4\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Temp\RarSFX2\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Temp\RarSFX3\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Application Data\Temp\RarSFX4\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Temp\RarSFX2\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Temp\RarSFX3\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Elaine\Local Settings\Temp\RarSFX4\winlogon.exe
[2010/05/07 00:45:26 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /rp /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD3200AAKS-75L9A0 ATA Device
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic- SD/MMC USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic- Compact Flash USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic- SM/xD Picture USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic- MS/MS-Pro USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE5 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: Kingston DataTraveler 109 USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 41943040
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 283.00GB
Starting Offset: 15770583040
Hidden sectors: 0


DeviceID: Disk #5, Partition #0
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 7.00GB
Starting Offset: 4128768
Hidden sectors: 0


========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Thanks!

Matt

Here is Extras.txt

OTL Extras logfile created on: 6/14/2012 8:53:46 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 61.38% Memory free
7.61 Gb Paging File | 6.05 Gb Available in Paging File | 79.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 243.29 Gb Free Space | 85.84% Space Free | Partition Type: NTFS
Drive E: | 7.26 Gb Total Space | 6.45 Gb Free Space | 88.86% Space Free | Partition Type: FAT32

Computer Name: ELAINE-PC | User Name: Elaine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Lexmark S300-S400 Series" = Lexmark S300-S400 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15F53CD8-552B-40D3-BEB1-13E710CA6C3F}" = Family Tree Maker 2008
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 29
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46578609-AD6D-4E69-AC8F-28B89C090F3B}" = Roxio Creator 2010 Pro
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.0
"{4D0AAB66-E604-4E82-A5AF-01AB97CB506D}" = Roxio Creator 2010 Content
"{5491453D-8C3E-4785-AC5C-E9A4DABF378A}" = Roxio Venue
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65A79175-3C4C-41F4-92AF-BA1DDDBA0626}" = Roxio Burn Manager CDB
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6FB8135C-FF1B-4772-BFA7-197F75A75AB5}" = Microsoft Money 2006 System Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{733CDF24-0A93-426E-AA89-DF281EB54793}" = Roxio CinePlayer
"{74DC8A26-4E05-40B6-AD11-C9428A1AE150}" = Roxio Creator 2010 Pro
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
"{87A83C6F-F53C-448A-B078-FF00E3EAEB29}" = Roxio Disaster Recovery
"{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}" = Roxio Creator 2010 Pro
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{906C01EE-B242-4197-AE85-6C506E1B869B}" = Roxio Burn Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Roxio CinePlayer Decoder Pack
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Cisco Connect" = Cisco Connect
"Dell Dock" = Dell Dock
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{15F53CD8-552B-40D3-BEB1-13E710CA6C3F}" = Family Tree Maker 2008
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Money2006b" = Microsoft Money 2006
"NSS" = Norton Security Scan
"Roxio PhotoShow" = Roxio PhotoShow
"Spyware Doctor" = Spyware Doctor 8.0
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/8/2012 5:52:43 PM | Computer Name = Elaine-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/8/2012 5:52:43 PM | Computer Name = Elaine-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/8/2012 5:53:05 PM | Computer Name = Elaine-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/8/2012 5:53:05 PM | Computer Name = Elaine-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/8/2012 5:53:05 PM | Computer Name = Elaine-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/8/2012 5:53:05 PM | Computer Name = Elaine-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/8/2012 5:53:05 PM | Computer Name = Elaine-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/8/2012 5:53:05 PM | Computer Name = Elaine-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/8/2012 5:53:05 PM | Computer Name = Elaine-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/8/2012 6:55:23 PM | Computer Name = Elaine-PC | Source = VSS | ID = 8194
Description =

[ Dell Events ]
Error - 4/5/2012 3:26:17 PM | Computer Name = Elaine-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/13/2012 9:03:20 AM | Computer Name = Elaine-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/13/2012 9:03:20 AM | Computer Name = Elaine-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/20/2012 9:11:22 AM | Computer Name = Elaine-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/20/2012 9:11:22 AM | Computer Name = Elaine-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/22/2012 6:26:00 PM | Computer Name = Elaine-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/22/2012 6:26:00 PM | Computer Name = Elaine-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/27/2012 9:15:50 AM | Computer Name = Elaine-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/27/2012 9:15:50 AM | Computer Name = Elaine-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/5/2012 8:38:41 AM | Computer Name = Elaine-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ iolo Applications Events ]
Error - 6/9/2012 5:04:49 PM | Computer Name = Elaine-PC | Source = Service Manager | ID = 1
Description =

Error - 6/9/2012 5:10:08 PM | Computer Name = Elaine-PC | Source = Service Manager | ID = 1
Description =

Error - 6/9/2012 5:12:48 PM | Computer Name = Elaine-PC | Source = Service Manager | ID = 1
Description =

Error - 6/9/2012 5:27:05 PM | Computer Name = Elaine-PC | Source = Service Manager | ID = 1
Description =

Error - 6/9/2012 5:30:24 PM | Computer Name = Elaine-PC | Source = Service Manager | ID = 1
Description =

Error - 6/9/2012 5:33:05 PM | Computer Name = Elaine-PC | Source = Service Manager | ID = 1
Description =

Error - 6/9/2012 5:35:43 PM | Computer Name = Elaine-PC | Source = Service Manager | ID = 1
Description =

Error - 6/9/2012 7:49:10 PM | Computer Name = Elaine-PC | Source = Service Manager | ID = 1
Description =

Error - 6/9/2012 8:35:40 PM | Computer Name = Elaine-PC | Source = Service Manager | ID = 1
Description =

Error - 6/9/2012 8:38:42 PM | Computer Name = Elaine-PC | Source = Service Manager | ID = 1
Description =

[ System Events ]
Error - 6/14/2012 9:52:18 PM | Computer Name = Elaine-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 6/14/2012 9:52:18 PM | Computer Name = Elaine-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 6/14/2012 9:52:49 PM | Computer Name = Elaine-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
Hard Drive Watcher 12 service to connect.

Error - 6/14/2012 9:52:49 PM | Computer Name = Elaine-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 6/14/2012 9:52:59 PM | Computer Name = Elaine-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 6/14/2012 9:52:59 PM | Computer Name = Elaine-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 6/14/2012 9:53:03 PM | Computer Name = Elaine-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 6/14/2012 9:53:03 PM | Computer Name = Elaine-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 6/14/2012 9:54:56 PM | Computer Name = Elaine-PC | Source = Service Control Manager | ID = 7000
Description = The MBAMProtector service failed to start due to the following error:
%%2

Error - 6/14/2012 9:54:56 PM | Computer Name = Elaine-PC | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%2


< End of report >

Thanks!

Matt

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:26 PM

Posted 15 June 2012 - 04:51 PM

sorry to keep you waiting for a reply, but you have some unusual entries in your OTL log that I need to do more research on,

I will get back to you as soon as I can, sorry for the delay

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:26 PM

Posted 15 June 2012 - 07:23 PM

Hi,


Something has changed the default junction points on your system by editing the security on them.(possibly a tool but impossible to know) These junctions are protected for a reason and when the security is changed it creates an endless loop.

To fix this situation requires replacing the security on all of the default junctions back to the default values. There is a tool that will accomplish this.

  • Download JunctionBox and save it to your desktop
  • Extract the program
  • Run JunctionBox.exe
  • Select "All Profiles and System Junctions" from the dropdown menu.
  • Click "Backup Junctions" button.
  • Name the backup file junction.old and let it continue
  • Click the "Restore Junctions" button.
  • Select "DefaultJunctions.ntj"
  • allow it to continue


When you are done, please post a fresh OTL log

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 Matthew32

Matthew32
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 17 June 2012 - 04:56 PM

Ran Junctionbox with no problems.

I then ran OTL. Below is the log.

OTL logfile created on: 6/17/2012 4:34:45 PM - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 50.22% Memory free
7.61 Gb Paging File | 5.49 Gb Available in Paging File | 72.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 242.13 Gb Free Space | 85.44% Space Free | Partition Type: NTFS
Drive E: | 7.26 Gb Total Space | 6.45 Gb Free Space | 88.85% Space Free | Partition Type: FAT32

Computer Name: ELAINE-PC | User Name: Elaine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/14 20:15:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2011/12/12 02:47:08 | 000,722,616 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2011/01/23 21:08:55 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
PRC - [2011/01/23 21:08:52 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
PRC - [2011/01/13 14:54:26 | 000,464,856 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/13 14:42:12 | 003,811,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/01/13 14:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2011/01/13 14:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/07/21 12:50:02 | 000,084,464 | ---- | M] () -- C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
PRC - [2009/06/23 18:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/02 20:05:58 | 000,457,200 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
PRC - [2009/03/24 02:01:00 | 000,113,136 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\PX Storage Engine\VxBlockServer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/12 03:46:11 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/12 03:35:26 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/12 03:35:04 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll
MOD - [2012/05/12 03:34:53 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/12 03:34:47 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/12 03:34:45 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll
MOD - [2012/05/12 03:34:36 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/12 03:34:32 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 03:34:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 03:34:26 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 03:34:21 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/01/23 21:08:55 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
MOD - [2011/01/23 21:08:52 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
MOD - [2011/01/13 14:42:02 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
MOD - [2011/01/13 14:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2011/01/13 14:37:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2011/01/13 14:37:26 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2011/01/13 14:37:24 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2011/01/13 14:37:20 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2011/01/13 14:37:18 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2011/01/13 14:37:14 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2011/01/13 14:37:04 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
MOD - [2011/01/13 14:36:50 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/04/05 06:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epoemdll.dll
MOD - [2010/04/05 06:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epstring.dll
MOD - [2010/04/05 06:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epwizres.dll
MOD - [2010/04/05 06:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epwizard.dll
MOD - [2010/04/05 06:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\customui.dll
MOD - [2010/04/05 06:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epfunct.dll
MOD - [2010/04/05 06:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\eputil.dll
MOD - [2010/04/05 06:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\imagutil.dll
MOD - [2010/04/01 13:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadrs.dll
MOD - [2010/04/01 13:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll
MOD - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/07/21 12:50:02 | 000,084,464 | ---- | M] () -- C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
MOD - [2009/05/27 08:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll
MOD - [2009/05/27 08:13:36 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacats.dll
MOD - [2009/04/07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\iptk.dll
MOD - [2009/03/10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll
MOD - [2009/03/02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaptp.dll
MOD - [2009/02/20 09:48:44 | 000,023,552 | ---- | M] () -- C:\WINDOWS\SysWOW64\lxeasmr.dll
MOD - [2009/02/20 09:48:04 | 000,299,008 | ---- | M] () -- C:\WINDOWS\SysWOW64\lxeasm.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/04/14 21:45:38 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\SysNative\lxeacoms.exe -- (lxea_device)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/05/12 07:13:50 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/12 02:47:08 | 000,722,616 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/12/12 02:47:08 | 000,722,616 | ---- | M] (iolo technologies, LLC) [Auto | Stopped] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2011/01/13 14:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/04/14 16:45:21 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\SysWOW64\lxeacoms.exe -- (lxea_device)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/24 09:33:34 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe -- (RoxWatch12)
SRV - [2009/07/24 09:33:10 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe -- (RoxMediaDB12)
SRV - [2009/06/23 18:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/02 20:05:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/25 10:43:26 | 000,257,232 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/16 14:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2010/06/29 10:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2009/11/21 19:31:18 | 007,778,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/16 06:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 02:00:00 | 000,027,632 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\SaibVdAd64.sys -- (SaibVdAd64)
DRV:64bit: - [2009/06/02 02:00:00 | 000,027,120 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\Sahdad64.sys -- (Sahdad64)
DRV:64bit: - [2009/06/02 02:00:00 | 000,019,952 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\Saibad64.sys -- (Saibad64)
DRV:64bit: - [2008/12/09 10:59:28 | 000,023,464 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {4090D9D7-9B32-47D1-8E11-F1FFDF9BB157}
IE:64bit: - HKLM\..\SearchScopes\{4090D9D7-9B32-47D1-8E11-F1FFDF9BB157}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {24E064CE-4ED8-4397-80D6-6E0C40302DAF}
IE - HKLM\..\SearchScopes\{24E064CE-4ED8-4397-80D6-6E0C40302DAF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {24E064CE-4ED8-4397-80D6-6E0C40302DAF}
IE - HKCU\..\SearchScopes\{A4C77330-B443-43E7-AB4F-FB742B13EA97}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Elaine\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Elaine\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Elaine\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Elaine\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Elaine\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Elaine\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: SiteAdvisor = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: Gmail = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2012/06/07 20:50:32 | 000,000,054 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxeamon.exe] C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [CPMonitor] C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe ()
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [iolo Startup] C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.209.36 97.64.168.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D208FA7-3393-4542-8830-3DC7967F6F82}: DhcpNameServer = 97.64.209.36 97.64.168.13
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\x-sdch - No CLSID value found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - E:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/17 16:36:14 | 000,000,000 | ---D | C] -- C:\d5197da438632c582348b2cdc21b
[2012/06/17 16:28:01 | 000,000,000 | ---D | C] -- C:\Users\Elaine\Desktop\junctionbox
[2012/06/13 21:49:01 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Elaine\Desktop\dds.scr
[2012/06/10 20:04:19 | 002,804,712 | ---- | C] (Symantec Corporation) -- C:\Users\Elaine\Desktop\Norton Power Eraser.exe
[2012/06/09 16:20:24 | 000,000,000 | ---D | C] -- C:\Users\Elaine\Desktop\Downloads
[2012/06/09 16:20:21 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Roaming\GetRightToGo
[2012/06/09 16:10:54 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/09 15:54:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/06/09 15:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/09 15:19:09 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2012/06/09 15:19:09 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2012/06/09 15:19:08 | 000,331,368 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2012/06/09 15:19:08 | 000,136,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2012/06/09 15:19:07 | 000,257,232 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2012/06/09 15:19:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/06/09 15:19:04 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2012/06/09 15:19:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2012/06/09 15:19:00 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Roaming\PC Tools
[2012/06/09 15:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/06/09 15:19:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/06/09 15:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/06/09 14:37:27 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/09 14:35:06 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/09 14:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/06/09 14:34:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/09 14:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/09 14:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/06/09 14:19:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/09 14:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/06/07 21:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/06/07 20:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012/06/07 20:59:18 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2012/06/07 20:59:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2012/06/07 20:59:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2012/06/07 20:59:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0307020.005
[2012/06/07 20:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/06/07 20:59:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012/06/07 20:36:11 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/06/05 10:31:10 | 009,504,872 | ---- | C] (McAfee Inc.) -- C:\Users\Elaine\Documents\stinger.exe
[2012/06/04 09:52:13 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/05/29 13:34:53 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Local\Citrix
[2012/05/29 13:34:35 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Local\Apps
[2012/05/29 13:34:34 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Local\Deployment
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/17 16:49:56 | 000,743,758 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/17 16:49:56 | 000,626,290 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/17 16:49:56 | 000,107,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/17 16:32:57 | 000,014,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/17 16:32:57 | 000,014,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/17 16:31:51 | 001,981,596 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/06/17 16:27:53 | 000,500,024 | ---- | M] () -- C:\Users\Elaine\Desktop\junctionbox.zip
[2012/06/17 16:25:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/17 16:25:02 | 3063,242,752 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/14 21:26:32 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3591788337-4158028197-1570331696-1001UA.job
[2012/06/14 21:09:12 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/13 21:48:10 | 000,302,592 | ---- | M] () -- C:\Users\Elaine\Desktop\ny9uvy3l.exe
[2012/06/13 21:47:24 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Elaine\Desktop\dds.scr
[2012/06/13 21:37:19 | 000,003,432 | ---- | M] () -- C:\bootsqm.dat
[2012/06/09 18:32:31 | 000,453,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/09 15:54:13 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/09 15:54:02 | 000,743,538 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/09 15:28:49 | 000,000,858 | ---- | M] () -- C:\Users\Elaine\Desktop\pcdoctor.reg
[2012/06/09 15:19:06 | 000,002,080 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2012/06/09 14:50:15 | 000,000,542 | ---- | M] () -- C:\Users\Elaine\Desktop\venue3.reg
[2012/06/09 14:49:39 | 000,000,556 | ---- | M] () -- C:\Users\Elaine\Desktop\venue2.reg
[2012/06/09 14:49:04 | 000,000,482 | ---- | M] () -- C:\Users\Elaine\Desktop\venue.reg
[2012/06/09 14:35:08 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 8b5b50bf-58c5-44ab-882e-8a24b8f056bc.job
[2012/06/09 14:35:08 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7cd39922-4a32-4112-8156-21da5e292f74.job
[2012/06/09 14:34:50 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2012/06/09 14:19:56 | 000,001,288 | ---- | M] () -- C:\Users\Elaine\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/06/09 14:19:56 | 000,001,264 | ---- | M] () -- C:\Users\Elaine\Desktop\Spybot - Search & Destroy.lnk
[2012/06/09 14:16:54 | 326,795,659 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/08 17:32:17 | 000,000,536 | ---- | M] () -- C:\Users\Elaine\Desktop\2.reg
[2012/06/08 17:27:41 | 000,000,320 | ---- | M] () -- C:\Users\Elaine\Desktop\1.reg
[2012/06/07 20:59:20 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Elaine.job
[2012/06/07 20:59:19 | 000,001,345 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2012/06/07 20:50:32 | 000,001,401 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2012/06/07 20:50:32 | 000,000,054 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/05 10:31:18 | 000,000,607 | ---- | M] () -- C:\Users\Elaine\Desktop\stinger - Shortcut.lnk
[2012/06/05 10:24:54 | 009,504,872 | ---- | M] (McAfee Inc.) -- C:\Users\Elaine\Documents\stinger.exe
[2012/06/05 08:25:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3591788337-4158028197-1570331696-1001Core.job
[2012/06/04 14:21:36 | 001,012,656 | ---- | M] () -- C:\Users\Elaine\Desktop\MattSnow.exe
[2012/06/04 12:02:53 | 000,000,041 | ---- | M] () -- C:\Users\Elaine\AppData\Roaming\667B93.dat
[2012/05/31 13:33:02 | 000,034,816 | ---- | M] () -- C:\Users\Elaine\Documents\Grad Title 2.pub
[2012/05/29 13:34:51 | 000,103,784 | ---- | M] () -- C:\Users\Elaine\GoToAssistDownloadHelper.exe
[2012/05/27 19:48:56 | 002,804,712 | ---- | M] (Symantec Corporation) -- C:\Users\Elaine\Desktop\Norton Power Eraser.exe
[2012/05/27 14:56:17 | 000,046,592 | ---- | M] () -- C:\Users\Elaine\Documents\Grad Key Words.pub
[2012/05/26 13:30:35 | 000,033,280 | ---- | M] () -- C:\Users\Elaine\Documents\Grad Keys 2.pub
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/17 16:27:50 | 000,500,024 | ---- | C] () -- C:\Users\Elaine\Desktop\junctionbox.zip
[2012/06/13 21:49:07 | 000,302,592 | ---- | C] () -- C:\Users\Elaine\Desktop\ny9uvy3l.exe
[2012/06/13 21:41:25 | 001,012,656 | ---- | C] () -- C:\Users\Elaine\Desktop\MattSnow.exe
[2012/06/13 21:37:19 | 000,003,432 | ---- | C] () -- C:\bootsqm.dat
[2012/06/09 15:54:13 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/06/09 15:54:05 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/09 15:54:02 | 000,743,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/09 15:28:49 | 000,000,858 | ---- | C] () -- C:\Users\Elaine\Desktop\pcdoctor.reg
[2012/06/09 15:19:11 | 001,981,596 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/06/09 15:19:06 | 000,002,080 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2012/06/09 14:50:15 | 000,000,542 | ---- | C] () -- C:\Users\Elaine\Desktop\venue3.reg
[2012/06/09 14:49:39 | 000,000,556 | ---- | C] () -- C:\Users\Elaine\Desktop\venue2.reg
[2012/06/09 14:49:04 | 000,000,482 | ---- | C] () -- C:\Users\Elaine\Desktop\venue.reg
[2012/06/09 14:35:08 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 8b5b50bf-58c5-44ab-882e-8a24b8f056bc.job
[2012/06/09 14:35:08 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7cd39922-4a32-4112-8156-21da5e292f74.job
[2012/06/09 14:34:50 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2012/06/09 14:19:56 | 000,001,288 | ---- | C] () -- C:\Users\Elaine\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/06/09 14:19:56 | 000,001,264 | ---- | C] () -- C:\Users\Elaine\Desktop\Spybot - Search & Destroy.lnk
[2012/06/08 17:32:17 | 000,000,536 | ---- | C] () -- C:\Users\Elaine\Desktop\2.reg
[2012/06/08 17:27:41 | 000,000,320 | ---- | C] () -- C:\Users\Elaine\Desktop\1.reg
[2012/06/07 20:59:20 | 000,000,450 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Elaine.job
[2012/06/07 20:59:19 | 000,001,345 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2012/06/07 20:59:18 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0307020.005\isolate.ini
[2012/06/05 10:31:18 | 000,000,607 | ---- | C] () -- C:\Users\Elaine\Desktop\stinger - Shortcut.lnk
[2012/06/04 09:32:24 | 000,000,041 | ---- | C] () -- C:\Users\Elaine\AppData\Roaming\667B93.dat
[2012/05/31 13:24:01 | 000,034,816 | ---- | C] () -- C:\Users\Elaine\Documents\Grad Title 2.pub
[2012/05/29 13:34:51 | 000,103,784 | ---- | C] () -- C:\Users\Elaine\GoToAssistDownloadHelper.exe
[2012/05/26 13:30:35 | 000,033,280 | ---- | C] () -- C:\Users\Elaine\Documents\Grad Keys 2.pub
[2012/05/26 08:07:01 | 000,046,592 | ---- | C] () -- C:\Users\Elaine\Documents\Grad Key Words.pub
[2012/01/08 15:26:34 | 000,008,820 | -HS- | C] () -- C:\Users\Elaine\AppData\Local\445q26y51mrgmx4e4gkp5d
[2012/01/08 15:26:34 | 000,008,820 | -HS- | C] () -- C:\ProgramData\445q26y51mrgmx4e4gkp5d
[2012/01/01 20:49:06 | 000,007,617 | ---- | C] () -- C:\Users\Elaine\AppData\Local\Resmon.ResmonCfg
[2012/01/01 18:38:34 | 000,011,130 | -HS- | C] () -- C:\Users\Elaine\AppData\Local\qdc6io7rx11746o6u722u7
[2012/01/01 18:38:34 | 000,011,130 | -HS- | C] () -- C:\ProgramData\qdc6io7rx11746o6u722u7
[2011/12/28 21:23:10 | 000,008,966 | -HS- | C] () -- C:\Users\Elaine\AppData\Local\8kx8w56xix4p43nqxui3320ng437tdg17b0j
[2011/12/28 21:23:10 | 000,008,966 | -HS- | C] () -- C:\ProgramData\8kx8w56xix4p43nqxui3320ng437tdg17b0j
[2011/12/24 12:35:29 | 000,011,658 | -HS- | C] () -- C:\Users\Elaine\AppData\Local\3xa7x07qip7w26gcide1810we443mdj01d3f
[2011/12/24 12:35:29 | 000,011,658 | -HS- | C] () -- C:\ProgramData\3xa7x07qip7w26gcide1810we443mdj01d3f
[2011/12/24 11:53:21 | 000,000,288 | ---- | C] () -- C:\Users\Elaine\AppData\Roaming\.backup.dm
[2011/12/23 17:46:52 | 000,011,338 | -HS- | C] () -- C:\Users\Elaine\AppData\Local\v14t2bh563n5as76745dwtr26wri550bq6f8
[2011/12/23 17:46:52 | 000,011,338 | -HS- | C] () -- C:\ProgramData\v14t2bh563n5as76745dwtr26wri550bq6f8
[2011/12/10 14:32:28 | 000,837,787 | ---- | C] () -- C:\Users\Elaine\AppData\Local\census.cache
[2011/12/10 14:31:57 | 000,103,860 | ---- | C] () -- C:\Users\Elaine\AppData\Local\ars.cache
[2011/12/10 14:25:17 | 000,000,036 | ---- | C] () -- C:\Users\Elaine\AppData\Local\housecall.guid.cache
[2011/12/10 12:27:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/10 12:27:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/10 12:27:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/10 12:27:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/10 12:27:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/16 22:18:31 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2011/11/12 22:29:26 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/11/12 22:01:20 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\LXEAinst.dll
[2011/11/12 22:01:19 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaserv.dll
[2011/11/12 22:01:19 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeausb1.dll
[2011/11/12 22:01:19 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeapmui.dll
[2011/11/12 22:01:19 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeainpa.dll
[2011/11/12 22:01:19 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeacomx.dll
[2011/11/12 22:01:19 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaiesc.dll
[2011/11/12 22:01:19 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeains.dll
[2011/11/12 22:01:19 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeainsb.dll
[2011/11/12 22:01:19 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeacu.dll
[2011/11/12 22:01:19 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxeainsr.dll
[2011/11/12 22:01:19 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeacub.dll
[2011/11/12 22:01:19 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeajswr.dll
[2011/11/12 22:01:19 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeacur.dll
[2011/11/12 22:01:18 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomc.dll
[2011/11/12 22:01:18 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeahbn3.dll
[2011/11/12 22:01:18 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacoms.exe
[2011/11/12 22:01:18 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxealmpm.dll
[2011/11/12 22:01:18 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacfg.exe
[2011/11/12 22:01:18 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomm.dll
[2011/11/12 22:01:18 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaih.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

#14 Matthew32

Matthew32
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 17 June 2012 - 05:31 PM

Sorry to do this, it may not matter but after I posted the last log as I was shutting down the computer it installed a Windows update. I then decided to boot it back up and run OTL again and see if there was anything different. A real quick look at it showed a few differences. I do not know if they matter but thought I would post in case they do!

OTL logfile created on: 6/17/2012 5:03:42 PM - Run 3
OTL by OldTimer - Version 3.2.48.0 Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 49.31% Memory free
7.61 Gb Paging File | 5.55 Gb Available in Paging File | 73.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 241.71 Gb Free Space | 85.29% Space Free | Partition Type: NTFS
Drive E: | 7.26 Gb Total Space | 6.45 Gb Free Space | 88.86% Space Free | Partition Type: FAT32

Computer Name: ELAINE-PC | User Name: Elaine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/14 20:15:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2011/12/12 02:47:08 | 000,722,616 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2011/01/23 21:08:55 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
PRC - [2011/01/23 21:08:52 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
PRC - [2011/01/13 14:54:26 | 000,464,856 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/13 14:42:12 | 003,811,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/01/13 14:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2011/01/13 14:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/07/21 12:50:02 | 000,084,464 | ---- | M] () -- C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
PRC - [2009/06/23 18:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/02 20:05:58 | 000,457,200 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
PRC - [2009/03/24 02:01:00 | 000,113,136 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\PX Storage Engine\VxBlockServer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/12 03:46:11 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/12 03:35:26 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/12 03:34:36 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/12 03:34:32 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 03:34:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 03:34:26 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 03:34:21 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/04/23 17:35:09 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/03/21 17:32:36 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/02/10 18:31:41 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2012/02/10 18:31:40 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2011/01/23 21:08:55 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
MOD - [2011/01/23 21:08:52 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
MOD - [2011/01/13 14:42:02 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
MOD - [2011/01/13 14:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2011/01/13 14:37:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2011/01/13 14:37:26 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2011/01/13 14:37:24 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2011/01/13 14:37:20 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2011/01/13 14:37:18 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2011/01/13 14:37:14 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2011/01/13 14:37:04 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
MOD - [2011/01/13 14:36:50 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/04/05 06:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epoemdll.dll
MOD - [2010/04/05 06:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epstring.dll
MOD - [2010/04/05 06:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epwizres.dll
MOD - [2010/04/05 06:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epwizard.dll
MOD - [2010/04/05 06:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\customui.dll
MOD - [2010/04/05 06:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epfunct.dll
MOD - [2010/04/05 06:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\eputil.dll
MOD - [2010/04/05 06:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\imagutil.dll
MOD - [2010/04/01 13:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadrs.dll
MOD - [2010/04/01 13:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll
MOD - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/07/21 12:50:02 | 000,084,464 | ---- | M] () -- C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
MOD - [2009/05/27 08:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll
MOD - [2009/05/27 08:13:36 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacats.dll
MOD - [2009/04/07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\iptk.dll
MOD - [2009/03/10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll
MOD - [2009/03/02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaptp.dll
MOD - [2009/02/20 09:48:44 | 000,023,552 | ---- | M] () -- C:\WINDOWS\SysWOW64\lxeasmr.dll
MOD - [2009/02/20 09:48:04 | 000,299,008 | ---- | M] () -- C:\WINDOWS\SysWOW64\lxeasm.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/04/14 21:45:38 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\SysNative\lxeacoms.exe -- (lxea_device)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/05/12 07:13:50 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/12 02:47:08 | 000,722,616 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/12/12 02:47:08 | 000,722,616 | ---- | M] (iolo technologies, LLC) [Auto | Stopped] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2011/01/13 14:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/04/14 16:45:21 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\SysWOW64\lxeacoms.exe -- (lxea_device)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/24 09:33:34 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe -- (RoxWatch12)
SRV - [2009/07/24 09:33:10 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe -- (RoxMediaDB12)
SRV - [2009/06/23 18:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/02 20:05:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/25 10:43:26 | 000,257,232 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/16 14:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2010/06/29 10:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2009/11/21 19:31:18 | 007,778,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/16 06:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 02:00:00 | 000,027,632 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\SaibVdAd64.sys -- (SaibVdAd64)
DRV:64bit: - [2009/06/02 02:00:00 | 000,027,120 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\Sahdad64.sys -- (Sahdad64)
DRV:64bit: - [2009/06/02 02:00:00 | 000,019,952 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\Saibad64.sys -- (Saibad64)
DRV:64bit: - [2008/12/09 10:59:28 | 000,023,464 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {4090D9D7-9B32-47D1-8E11-F1FFDF9BB157}
IE:64bit: - HKLM\..\SearchScopes\{4090D9D7-9B32-47D1-8E11-F1FFDF9BB157}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {24E064CE-4ED8-4397-80D6-6E0C40302DAF}
IE - HKLM\..\SearchScopes\{24E064CE-4ED8-4397-80D6-6E0C40302DAF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {24E064CE-4ED8-4397-80D6-6E0C40302DAF}
IE - HKCU\..\SearchScopes\{A4C77330-B443-43E7-AB4F-FB742B13EA97}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Elaine\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Elaine\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Elaine\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Elaine\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Elaine\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Elaine\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: SiteAdvisor = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: Gmail = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2012/06/07 20:50:32 | 000,000,054 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxeamon.exe] C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [CPMonitor] C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe ()
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [iolo Startup] C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.209.36 97.64.168.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D208FA7-3393-4542-8830-3DC7967F6F82}: DhcpNameServer = 97.64.209.36 97.64.168.13
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\x-sdch - No CLSID value found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - E:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/17 16:30:44 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/17 16:30:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/17 16:30:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/17 16:30:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/17 16:30:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/17 16:30:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/17 16:30:33 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/17 16:30:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/17 16:30:19 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/17 16:30:19 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/17 16:30:16 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/17 16:30:15 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/17 16:30:14 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/17 16:28:01 | 000,000,000 | ---D | C] -- C:\Users\Elaine\Desktop\junctionbox
[2012/06/14 21:06:46 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/14 21:06:46 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/14 21:06:46 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/14 21:06:15 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/14 21:06:12 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/14 21:06:11 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/14 21:06:02 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/14 21:05:52 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/14 21:05:50 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/13 21:49:01 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Elaine\Desktop\dds.scr
[2012/06/10 20:04:19 | 002,804,712 | ---- | C] (Symantec Corporation) -- C:\Users\Elaine\Desktop\Norton Power Eraser.exe
[2012/06/09 16:20:24 | 000,000,000 | ---D | C] -- C:\Users\Elaine\Desktop\Downloads
[2012/06/09 16:20:21 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Roaming\GetRightToGo
[2012/06/09 16:10:54 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/09 15:54:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/06/09 15:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/09 15:19:09 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2012/06/09 15:19:09 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2012/06/09 15:19:08 | 000,331,368 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2012/06/09 15:19:08 | 000,136,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2012/06/09 15:19:07 | 000,257,232 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2012/06/09 15:19:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/06/09 15:19:04 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2012/06/09 15:19:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2012/06/09 15:19:00 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Roaming\PC Tools
[2012/06/09 15:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/06/09 15:19:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/06/09 15:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/06/09 14:37:27 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/09 14:35:06 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/09 14:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/06/09 14:34:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/09 14:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/09 14:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/06/09 14:19:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/09 14:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/06/07 21:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/06/07 20:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012/06/07 20:59:18 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2012/06/07 20:59:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2012/06/07 20:59:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2012/06/07 20:59:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0307020.005
[2012/06/07 20:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/06/07 20:59:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012/06/07 20:36:11 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/06/05 10:31:10 | 009,504,872 | ---- | C] (McAfee Inc.) -- C:\Users\Elaine\Documents\stinger.exe
[2012/06/04 09:52:13 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/05/29 13:34:53 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Local\Citrix
[2012/05/29 13:34:35 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Local\Apps
[2012/05/29 13:34:34 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Local\Deployment
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/17 17:19:48 | 000,014,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/17 17:19:48 | 000,014,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/17 17:11:56 | 000,729,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/17 17:11:56 | 000,626,290 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/17 17:11:56 | 000,107,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/17 17:09:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/17 17:00:41 | 000,453,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/17 17:00:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/17 17:00:11 | 3063,242,752 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/17 16:31:51 | 001,981,596 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/06/17 16:27:53 | 000,500,024 | ---- | M] () -- C:\Users\Elaine\Desktop\junctionbox.zip
[2012/06/14 21:26:32 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3591788337-4158028197-1570331696-1001UA.job
[2012/06/13 21:48:10 | 000,302,592 | ---- | M] () -- C:\Users\Elaine\Desktop\ny9uvy3l.exe
[2012/06/13 21:47:24 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Elaine\Desktop\dds.scr
[2012/06/13 21:37:19 | 000,003,432 | ---- | M] () -- C:\bootsqm.dat
[2012/06/09 15:54:13 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/09 15:54:02 | 000,743,538 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/09 15:28:49 | 000,000,858 | ---- | M] () -- C:\Users\Elaine\Desktop\pcdoctor.reg
[2012/06/09 15:19:06 | 000,002,080 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2012/06/09 14:50:15 | 000,000,542 | ---- | M] () -- C:\Users\Elaine\Desktop\venue3.reg
[2012/06/09 14:49:39 | 000,000,556 | ---- | M] () -- C:\Users\Elaine\Desktop\venue2.reg
[2012/06/09 14:49:04 | 000,000,482 | ---- | M] () -- C:\Users\Elaine\Desktop\venue.reg
[2012/06/09 14:35:08 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 8b5b50bf-58c5-44ab-882e-8a24b8f056bc.job
[2012/06/09 14:35:08 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7cd39922-4a32-4112-8156-21da5e292f74.job
[2012/06/09 14:34:50 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2012/06/09 14:19:56 | 000,001,288 | ---- | M] () -- C:\Users\Elaine\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/06/09 14:19:56 | 000,001,264 | ---- | M] () -- C:\Users\Elaine\Desktop\Spybot - Search & Destroy.lnk
[2012/06/09 14:16:54 | 326,795,659 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/08 17:32:17 | 000,000,536 | ---- | M] () -- C:\Users\Elaine\Desktop\2.reg
[2012/06/08 17:27:41 | 000,000,320 | ---- | M] () -- C:\Users\Elaine\Desktop\1.reg
[2012/06/07 20:59:20 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Elaine.job
[2012/06/07 20:59:19 | 000,001,345 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2012/06/07 20:50:32 | 000,001,401 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2012/06/07 20:50:32 | 000,000,054 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/05 10:31:18 | 000,000,607 | ---- | M] () -- C:\Users\Elaine\Desktop\stinger - Shortcut.lnk
[2012/06/05 10:24:54 | 009,504,872 | ---- | M] (McAfee Inc.) -- C:\Users\Elaine\Documents\stinger.exe
[2012/06/05 08:25:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3591788337-4158028197-1570331696-1001Core.job
[2012/06/04 14:21:36 | 001,012,656 | ---- | M] () -- C:\Users\Elaine\Desktop\MattSnow.exe
[2012/06/04 12:02:53 | 000,000,041 | ---- | M] () -- C:\Users\Elaine\AppData\Roaming\667B93.dat
[2012/05/31 13:33:02 | 000,034,816 | ---- | M] () -- C:\Users\Elaine\Documents\Grad Title 2.pub
[2012/05/29 13:34:51 | 000,103,784 | ---- | M] () -- C:\Users\Elaine\GoToAssistDownloadHelper.exe
[2012/05/27 19:48:56 | 002,804,712 | ---- | M] (Symantec Corporation) -- C:\Users\Elaine\Desktop\Norton Power Eraser.exe
[2012/05/27 14:56:17 | 000,046,592 | ---- | M] () -- C:\Users\Elaine\Documents\Grad Key Words.pub
[2012/05/26 13:30:35 | 000,033,280 | ---- | M] () -- C:\Users\Elaine\Documents\Grad Keys 2.pub
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/17 16:27:50 | 000,500,024 | ---- | C] () -- C:\Users\Elaine\Desktop\junctionbox.zip
[2012/06/13 21:49:07 | 000,302,592 | ---- | C] () -- C:\Users\Elaine\Desktop\ny9uvy3l.exe
[2012/06/13 21:41:25 | 001,012,656 | ---- | C] () -- C:\Users\Elaine\Desktop\MattSnow.exe
[2012/06/13 21:37:19 | 000,003,432 | ---- | C] () -- C:\bootsqm.dat
[2012/06/09 15:54:13 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/06/09 15:54:05 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/09 15:54:02 | 000,743,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/09 15:28:49 | 000,000,858 | ---- | C] () -- C:\Users\Elaine\Desktop\pcdoctor.reg
[2012/06/09 15:19:11 | 001,981,596 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/06/09 15:19:06 | 000,002,080 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2012/06/09 14:50:15 | 000,000,542 | ---- | C] () -- C:\Users\Elaine\Desktop\venue3.reg
[2012/06/09 14:49:39 | 000,000,556 | ---- | C] () -- C:\Users\Elaine\Desktop\venue2.reg
[2012/06/09 14:49:04 | 000,000,482 | ---- | C] () -- C:\Users\Elaine\Desktop\venue.reg
[2012/06/09 14:35:08 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 8b5b50bf-58c5-44ab-882e-8a24b8f056bc.job
[2012/06/09 14:35:08 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7cd39922-4a32-4112-8156-21da5e292f74.job
[2012/06/09 14:34:50 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2012/06/09 14:19:56 | 000,001,288 | ---- | C] () -- C:\Users\Elaine\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/06/09 14:19:56 | 000,001,264 | ---- | C] () -- C:\Users\Elaine\Desktop\Spybot - Search & Destroy.lnk
[2012/06/08 17:32:17 | 000,000,536 | ---- | C] () -- C:\Users\Elaine\Desktop\2.reg
[2012/06/08 17:27:41 | 000,000,320 | ---- | C] () -- C:\Users\Elaine\Desktop\1.reg
[2012/06/07 20:59:20 | 000,000,450 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Elaine.job
[2012/06/07 20:59:19 | 000,001,345 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2012/06/07 20:59:18 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0307020.005\isolate.ini
[2012/06/05 10:31:18 | 000,000,607 | ---- | C] () -- C:\Users\Elaine\Desktop\stinger - Shortcut.lnk
[2012/06/04 09:32:24 | 000,000,041 | ---- | C] () -- C:\Users\Elaine\AppData\Roaming\667B93.dat
[2012/05/31 13:24:01 | 000,034,816 | ---- | C] () -- C:\Users\Elaine\Documents\Grad Title 2.pub
[2012/05/29 13:34:51 | 000,103,784 | ---- | C] () -- C:\Users\Elaine\GoToAssistDownloadHelper.exe
[2012/05/26 13:30:35 | 000,033,280 | ---- | C] () -- C:\Users\Elaine\Documents\Grad Keys 2.pub
[2012/05/26 08:07:01 | 000,046,592 | ---- | C] () -- C:\Users\Elaine\Documents\Grad Key Words.pub
[2012/01/08 15:26:34 | 000,008,820 | -HS- | C] () -- C:\Users\Elaine\AppData\Local\445q26y51mrgmx4e4gkp5d
[2012/01/08 15:26:34 | 000,008,820 | -HS- | C] () -- C:\ProgramData\445q26y51mrgmx4e4gkp5d
[2012/01/01 20:49:06 | 000,007,617 | ---- | C] () -- C:\Users\Elaine\AppData\Local\Resmon.ResmonCfg
[2012/01/01 18:38:34 | 000,011,130 | -HS- | C] () -- C:\Users\Elaine\AppData\Local\qdc6io7rx11746o6u722u7
[2012/01/01 18:38:34 | 000,011,130 | -HS- | C] () -- C:\ProgramData\qdc6io7rx11746o6u722u7
[2011/12/28 21:23:10 | 000,008,966 | -HS- | C] () -- C:\Users\Elaine\AppData\Local\8kx8w56xix4p43nqxui3320ng437tdg17b0j
[2011/12/28 21:23:10 | 000,008,966 | -HS- | C] () -- C:\ProgramData\8kx8w56xix4p43nqxui3320ng437tdg17b0j
[2011/12/24 12:35:29 | 000,011,658 | -HS- | C] () -- C:\Users\Elaine\AppData\Local\3xa7x07qip7w26gcide1810we443mdj01d3f
[2011/12/24 12:35:29 | 000,011,658 | -HS- | C] () -- C:\ProgramData\3xa7x07qip7w26gcide1810we443mdj01d3f
[2011/12/24 11:53:21 | 000,000,288 | ---- | C] () -- C:\Users\Elaine\AppData\Roaming\.backup.dm
[2011/12/23 17:46:52 | 000,011,338 | -HS- | C] () -- C:\Users\Elaine\AppData\Local\v14t2bh563n5as76745dwtr26wri550bq6f8
[2011/12/23 17:46:52 | 000,011,338 | -HS- | C] () -- C:\ProgramData\v14t2bh563n5as76745dwtr26wri550bq6f8
[2011/12/10 14:32:28 | 000,837,787 | ---- | C] () -- C:\Users\Elaine\AppData\Local\census.cache
[2011/12/10 14:31:57 | 000,103,860 | ---- | C] () -- C:\Users\Elaine\AppData\Local\ars.cache
[2011/12/10 14:25:17 | 000,000,036 | ---- | C] () -- C:\Users\Elaine\AppData\Local\housecall.guid.cache
[2011/12/10 12:27:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/10 12:27:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/10 12:27:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/10 12:27:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/10 12:27:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/16 22:18:31 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2011/11/12 22:29:26 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/11/12 22:01:20 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\LXEAinst.dll
[2011/11/12 22:01:19 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaserv.dll
[2011/11/12 22:01:19 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeausb1.dll
[2011/11/12 22:01:19 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeapmui.dll
[2011/11/12 22:01:19 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeainpa.dll
[2011/11/12 22:01:19 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeacomx.dll
[2011/11/12 22:01:19 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaiesc.dll
[2011/11/12 22:01:19 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeains.dll
[2011/11/12 22:01:19 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeainsb.dll
[2011/11/12 22:01:19 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeacu.dll
[2011/11/12 22:01:19 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxeainsr.dll
[2011/11/12 22:01:19 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeacub.dll
[2011/11/12 22:01:19 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeajswr.dll
[2011/11/12 22:01:19 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeacur.dll
[2011/11/12 22:01:18 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomc.dll
[2011/11/12 22:01:18 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeahbn3.dll
[2011/11/12 22:01:18 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacoms.exe
[2011/11/12 22:01:18 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxealmpm.dll
[2011/11/12 22:01:18 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacfg.exe
[2011/11/12 22:01:18 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomm.dll
[2011/11/12 22:01:18 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaih.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:26 PM

Posted 17 June 2012 - 07:24 PM

Hi,

That looks much better,

please run the following:


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    [2012/06/04 12:02:53 | 000,000,041 | ---- | M] () -- C:\Users\Elaine\AppData\Roaming\667B93.dat
    [2012/01/08 15:26:34 | 000,008,820 | -HS- | C] () -- C:\Users\Elaine\AppData\Local\445q26y51mrgmx4e4gkp5d
    [2012/01/08 15:26:34 | 000,008,820 | -HS- | C] () -- C:\ProgramData\445q26y51mrgmx4e4gkp5d
    [2012/01/01 18:38:34 | 000,011,130 | -HS- | C] () -- C:\Users\Elaine\AppData\Local\qdc6io7rx11746o6u722u7
    [2012/01/01 18:38:34 | 000,011,130 | -HS- | C] () -- C:\ProgramData\qdc6io7rx11746o6u722u7
    [2011/12/28 21:23:10 | 000,008,966 | -HS- | C] () -- C:\Users\Elaine\AppData\Local\8kx8w56xix4p43nqxui3320ng437tdg17b0j
    [2011/12/28 21:23:10 | 000,008,966 | -HS- | C] () -- C:\ProgramData\8kx8w56xix4p43nqxui3320ng437tdg17b0j
    [2011/12/24 12:35:29 | 000,011,658 | -HS- | C] () -- C:\Users\Elaine\AppData\Local\3xa7x07qip7w26gcide1810we443mdj01d3f
    [2011/12/24 12:35:29 | 000,011,658 | -HS- | C] () -- C:\ProgramData\3xa7x07qip7w26gcide1810we443mdj01d3f
    [2011/12/23 17:46:52 | 000,011,338 | -HS- | C] () -- C:\Users\Elaine\AppData\Local\v14t2bh563n5as76745dwtr26wri550bq6f8
    [2011/12/23 17:46:52 | 000,011,338 | -HS- | C] () -- C:\ProgramData\v14t2bh563n5as76745dwtr26wri550bq6f8
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log


NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users