View Full Version : Can't get rid of win32.downloader.gen
I have read all the other posts on this issue and think I have completed everything you need to help me.
I did run Spybot as an administrator and it still could not remove it. I did run Erunt as directed.
Below is the DDS Txt report
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2
Run by Dawn work at 18:24:02 on 2014-01-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3476.1365 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\Rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Dawn work\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Dawn work\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Dawn work\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Users\Dawn work\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Users\Dawn work\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dawn work\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dawn work\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dawn work\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dawn work\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dawn work\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dawn work\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uDefault_Page_URL = hxxp://acer.msn.com
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Playtopus Games: {8EBA1B69-99D8-4135-BD43-729BA79D5CC4} - C:\Users\Dawn work\AppData\Local\Playtopus\Playtopus.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: DealPly Shopping: {9cf699ca-2174-4ed8-bec1-ba82095edce0} -
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Value Apps plugin: {F63AAEDC-3602-49EF-AA45-262380A98980} - C:\Users\Dawn work\AppData\Roaming\ValueApps\IE\MonPrx.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
uRun: [Akamai NetSession Interface] "C:\Users\Dawn work\AppData\Local\Akamai\netsession_win.exe"
uRun: [Google Update] "C:\Users\Dawn work\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [ConduitFloatingPlugin_ffekppndigniegkobcngkdmaadbhhonj] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\DAWNWO~1\AppData\Local\Temp\CT3306058\plugins\TBVerifier.dll",RunConduitFloatingPlugin ffekppndigniegkobcngkdmaadbhhonj
uRun: [BackgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Dawn work\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
uRun: [iCall] C:\Program Files (x86)\iCall\iCall.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [Bomgar_Cleanup_ZD2779911010] cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-00000000509828AA" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD2779911010 /f
dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\Users\DAWNWO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
TCP: NameServer = 172.16.0.1
TCP: Interfaces\{8F17FA2D-C019-4DFA-97B2-018BD0AE3A22} : DHCPNameServer = 172.16.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\PROGRA~2\MOVIES~1\Datamngr\mgrldr.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2011-6-29 280656]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-8-3 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-8-3 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-8-3 62776]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-8-3 204288]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2010-11-10 128904]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-8-3 244624]
R2 MSSQL$INFLOWSQL;SQL Server (INFLOWSQL);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 134944]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-6-25 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2012-1-7 87168]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2012-1-7 188544]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-8-3 231440]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-2 533096]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-21 173424]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-13 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-01-08 13:15:38 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FA6D1933-395D-4823-982B-E7C6B56118CA}\mpengine.dll
2014-01-06 16:48:23 10315576 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-21 13:35:53 -------- d-----w- C:\ProgramData\Oracle
2013-12-21 13:35:11 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-20 02:46:10 -------- d-----w- C:\Users\Dawn work\AppData\Roaming\Jewel Match 3
2013-12-11 09:02:30 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-11 09:02:30 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 09:02:29 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-11 09:02:28 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-11 04:48:14 335360 ----a-w- C:\Windows\System32\msieftp.dll
.
==================== Find3M ====================
.
2013-12-11 01:09:21 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-11 01:09:20 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
.
============= FINISH: 18:24:20.43 ===============
I cannot get the aswMBR to run. Please help me :/
Hi DawnW,
My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Please stay with this topic until I let you know that your system appears to be "All Clear"
Important: All tools MUST be run from the Desktop.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Security Check
Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) GMER Rootkit Scanner
Download the GMER Rootkit Scanner (http://www.gmer.net/gmer.zip). Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Right-click gmer.exe. select "Run as Administrator" The program will begin to run.
https://dl.dropbox.com/u/73555776/GMER_Open.JPG
**Caution** These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) OTL
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Make sure all other windows are closed and to let it run uninterrupted.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
services.*
/md5stop
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
dir "%systemdrive%\*" /S /A:L /C
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
BASESERVICES
DRIVES
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
You may need two posts to fit them both in.
=========================
In your next post please provide the following:
checkup.txt
GMER.txt
OTL.txt
Extras.txt
Hi DawnW,
Just checking in to see if you still need help?
Hi OCD!
Yes I do, I am just now starting on the info you gave me. Been working 14 hour days lately so haven't really had any time. Thank you and I am doing all of this now!
Ok, I think I have done everything.
Here is the checkup.
Results of screen317's Security Check version 0.99.79
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
JavaFX 2.1.1
Java 7 Update 45
Java version out of Date!
Adobe Flash Player 12.0.0.43 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox 24.0 Firefox out of Date!
Google Chrome 32.0.1700.72
Google Chrome 32.0.1700.76
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
The gmer I could not get to work, both times it gave me "gmer.exe has stopped working".
The OTL
OTL logfile created on: 1/17/2014 5:29:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dawn work\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.39 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 63.70% Memory free
6.79 Gb Paging File | 5.05 Gb Available in Paging File | 74.43% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.66 Gb Total Space | 320.80 Gb Free Space | 71.50% Space Free | Partition Type: NTFS
Computer Name: DAWNWORK-PC | User Name: Dawn work | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Dawn work\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Dawn work\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Users\Dawn work\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe ()
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe (CyberLink)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
PRC - C:\Windows\SysWOW64\WinMsgBalloonClient.exe ()
PRC - C:\Windows\SysWOW64\WinMsgBalloonServer.exe ()
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe ()
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Users\Dawn work\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Dawn work\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
MOD - C:\Users\Dawn work\AppData\Local\Google\Chrome\Application\32.0.1700.76\libglesv2.dll ()
MOD - C:\Users\Dawn work\AppData\Local\Google\Chrome\Application\32.0.1700.76\libegl.dll ()
MOD - C:\Users\Dawn work\AppData\Local\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll ()
MOD - C:\Program Files (x86)\Movies Toolbar\Datamngr\mgrldr.dll ()
MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe ()
MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (Live Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
SRV:64bit: - (PSI_SVC_2_x64) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (arvato digital services llc)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (AMD_RAIDXpert) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (Disc Soft Ltd)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (sscdserd) -- C:\Windows\SysNative\drivers\sscdserd.sys (MCCI Corporation)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=139&systemid=406&v=n8708-68&apn_uid=6753094631324127&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {373E341F-C4AC-4DD6-81E3-AD9A28C25121}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=139&systemid=406&v=n8708-68&apn_uid=6753094631324127&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://start.iminent.com/?appId=14684F1D-ECBD-42B9-AABB-98070DD1D797&ref=toolbox&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [String data over 1000 bytes]
IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3306058&octid=EB_ORIGINAL_CTID&SearchSource=62&CUI=UN18322490812240963&UM=2&UP=SP0891EB53-D931-4DC7-B1E8-9D58F977E411&q={searchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{373E341F-C4AC-4DD6-81E3-AD9A28C25121}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306058&CUI=UN18322490812240963&UM=2
IE - HKCU\..\SearchScopes\{7BE8A92F-5E65-416A-9D85-34393720F261}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=256A818B-5343-4846-AFBB-3782ADC446DD&apn_sauid=44209606-865C-473F-B146-FC9E139F718E
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=139&systemid=406&v=n8708-68&apn_uid=6753094631324127&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
IE - HKCU\..\SearchScopes\{CC86CF55-F39D-4A16-B65D-5053C0E019C5}: "URL" = http://search.genieo.com/results.html?v=w3i18W_29&wtag=W3i_IA,206,0_01,DefaultSearch,20130626,19841,6,0,&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dawn work\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dawn work\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dawn work\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2013/06/23 03:01:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawn work\AppData\Roaming\Mozilla\Extensions
[2014/01/14 16:57:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawn work\AppData\Roaming\Mozilla\Firefox\Profiles\e0jnnn4w.default\extensions
[2014/01/14 16:57:02 | 000,000,000 | ---D | M] (Connect DLC 2) -- C:\Users\Dawn work\AppData\Roaming\Mozilla\Firefox\Profiles\e0jnnn4w.default\extensions\{515b2424-5911-40bd-8a2c-bdb20286d8f5}
[2013/12/05 18:19:00 | 000,000,000 | ---D | M] (Value Apps) -- C:\Users\Dawn work\AppData\Roaming\Mozilla\Firefox\Profiles\e0jnnn4w.default\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd}
[2014/01/14 11:36:29 | 000,000,000 | ---D | M] (Iminent Toolbar) -- C:\Users\Dawn work\AppData\Roaming\Mozilla\Firefox\Profiles\e0jnnn4w.default\extensions\ffxtlbr@iminent.com
[2013/12/05 19:10:58 | 000,000,880 | ---- | M] () -- C:\Users\Dawn work\AppData\Roaming\Mozilla\Firefox\Profiles\e0jnnn4w.default\searchplugins\conduit-search.xml
[2014/01/14 11:36:30 | 000,001,368 | ---- | M] () -- C:\Users\Dawn work\AppData\Roaming\Mozilla\Firefox\Profiles\e0jnnn4w.default\searchplugins\iminent.xml
[2013/10/20 18:32:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/20 18:32:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.search.ask.com/?o=APN10645A&gct=hp&d=-&v=-&t=4
CHR - Extension: Connect DLC 2 = C:\Users\Dawn work\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffekppndigniegkobcngkdmaadbhhonj\10.26.0.540_0\
CHR - Extension: Connect DLC 2 = C:\Users\Dawn work\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffekppndigniegkobcngkdmaadbhhonj\10.26.0.540_0\nativeMessaging\nmHost
CHR - Extension: Google Wallet = C:\Users\Dawn work\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
O1 HOSTS File: ([2013/12/14 16:05:39 | 000,450,660 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15467 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (no name) - {9cf699ca-2174-4ed8-bec1-ba82095edce0} - No CLSID value found.
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Dawn work\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [BackgroundContainer] C:\Users\Dawn work\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (Conduit Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Dawn work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB (WNICheck2 Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F17FA2D-C019-4DFA-97B2-018BD0AE3A22}: DhcpNameServer = 172.16.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - C:\ProgramData\Wincert\win64cert.dll ()
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll) - C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\mgrldr.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~2\MOVIES~1\Datamngr\mgrldr.dll) - C:\Program Files (x86)\Movies Toolbar\Datamngr\mgrldr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8c5787a1-398d-11e1-853b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8c5787a1-398d-11e1-853b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\{d4792b56-7a8b-11e3-977e-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{d4792b56-7a8b-11e3-977e-005056c00008}\Shell\AutoRun\command - "" = J:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: x64 - (C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll) - C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll ()
O36 - AppCertDlls: x86 - (C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll) - C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll ()
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
System Restore Service not available.
========== Files/Folders - Created Within 30 Days ==========
[2014/01/17 17:28:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dawn work\Desktop\OTL.exe
[2014/01/15 08:46:22 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/01/15 08:46:22 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/01/15 08:46:20 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/01/14 12:08:15 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Local\FalloutNV
[2014/01/14 11:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2014/01/14 11:40:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2014/01/14 11:36:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IminentToolbar
[2014/01/14 11:36:25 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Roaming\IminentToolbar
[2014/01/14 11:36:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Umbrella
[2014/01/14 11:36:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent
[2014/01/14 11:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2014/01/14 11:35:02 | 000,283,064 | ---- | C] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2014/01/14 11:35:00 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Roaming\DAEMON Tools Lite
[2014/01/14 11:34:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2014/01/14 11:32:43 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2014/01/14 11:32:33 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Roaming\OpenCandy
[2014/01/14 11:32:18 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Roaming\rmi
[2014/01/14 11:26:56 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Roaming\Nero
[2014/01/05 11:05:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2014/01/05 11:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/01/05 11:04:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/12/21 07:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/12/21 07:35:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/12/21 07:35:17 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/12/21 07:35:11 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/12/21 07:35:11 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/12/21 07:35:11 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/12/21 07:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/12/19 20:46:10 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Roaming\Jewel Match 3
[2 C:\Users\Dawn work\AppData\Local\*.tmp files -> C:\Users\Dawn work\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/01/17 17:28:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dawn work\Desktop\OTL.exe
[2014/01/17 17:18:09 | 000,379,904 | ---- | M] () -- C:\Users\Dawn work\Desktop\gmer.exe
[2014/01/17 17:16:26 | 000,370,610 | ---- | M] () -- C:\Users\Dawn work\Desktop\gmer.zip
[2014/01/17 17:09:05 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1649779396-1205929758-1027307738-1001UA.job
[2014/01/17 17:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/17 17:01:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\DealPlyLiveUpdateTaskMachineUA.job
[2014/01/17 16:01:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\DealPlyLiveUpdateTaskMachineCore.job
[2014/01/17 15:45:46 | 000,987,425 | ---- | M] () -- C:\Users\Dawn work\Desktop\SecurityCheck.exe
[2014/01/17 02:09:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1649779396-1205929758-1027307738-1001Core.job
[2014/01/16 21:19:43 | 000,794,348 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/16 21:19:43 | 000,671,952 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/16 21:19:43 | 000,124,944 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/16 16:34:00 | 000,028,121 | ---- | M] () -- C:\Users\Dawn work\Documents\Invertebrates to Cnidarians (1).odt
[2014/01/16 03:29:08 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/16 03:29:08 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/16 03:21:53 | 000,451,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/16 03:21:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/16 03:20:46 | 2733,404,160 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/14 21:13:10 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/01/14 21:13:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/01/14 16:49:20 | 000,000,033 | ---- | M] () -- C:\Windows\popcinfo.dat
[2014/01/14 11:56:43 | 000,001,443 | ---- | M] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
[2014/01/14 11:35:40 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2014/01/14 11:35:02 | 000,283,064 | ---- | M] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2014/01/05 11:04:47 | 000,001,112 | ---- | M] () -- C:\Users\Dawn work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/01/05 11:04:43 | 000,000,913 | ---- | M] () -- C:\Users\Dawn work\Desktop\ERUNT.lnk
[2013/12/22 12:59:56 | 000,063,488 | ---- | M] () -- C:\Users\Dawn work\Desktop\SnowFlake_Vectors_sm.gif
[2013/12/22 08:51:02 | 000,001,479 | ---- | M] () -- C:\Users\Dawn work\AppData\Local\recently-used.xbel
[2013/12/22 08:48:03 | 001,285,429 | ---- | M] () -- C:\Users\Dawn work\Desktop\impeach.xcf
[2 C:\Users\Dawn work\AppData\Local\*.tmp files -> C:\Users\Dawn work\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/01/17 17:16:23 | 000,370,610 | ---- | C] () -- C:\Users\Dawn work\Desktop\gmer.zip
[2014/01/17 15:45:41 | 000,987,425 | ---- | C] () -- C:\Users\Dawn work\Desktop\SecurityCheck.exe
[2014/01/16 16:33:57 | 000,028,121 | ---- | C] () -- C:\Users\Dawn work\Documents\Invertebrates to Cnidarians (1).odt
[2014/01/14 11:56:43 | 000,001,443 | ---- | C] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
[2014/01/14 11:35:40 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2014/01/05 11:04:47 | 000,001,112 | ---- | C] () -- C:\Users\Dawn work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/01/05 11:04:43 | 000,000,913 | ---- | C] () -- C:\Users\Dawn work\Desktop\ERUNT.lnk
[2013/12/22 08:51:02 | 000,001,479 | ---- | C] () -- C:\Users\Dawn work\AppData\Local\recently-used.xbel
[2013/12/22 08:48:03 | 001,285,429 | ---- | C] () -- C:\Users\Dawn work\Desktop\impeach.xcf
[2013/07/17 20:54:43 | 000,000,033 | ---- | C] () -- C:\Windows\popcinfo.dat
[2013/07/05 14:08:54 | 000,558,080 | ---- | C] () -- C:\Users\Dawn work\AppData\Roaming\SharedSettings.ccs
[2013/06/27 17:54:51 | 000,000,022 | ---- | C] () -- C:\Users\Dawn work\.gtk-bookmarks
[2013/05/28 21:49:27 | 000,000,049 | ---- | C] () -- C:\Users\Dawn work\jagex_cl_runescape_LIVE1.dat
[2013/01/28 19:15:33 | 000,000,048 | ---- | C] () -- C:\Users\Dawn work\jagex_cl_runescape_LIVE.dat
[2013/01/28 19:15:33 | 000,000,024 | ---- | C] () -- C:\Users\Dawn work\random.dat
[2012/07/28 16:05:16 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\set.ini
[2012/07/13 07:36:48 | 000,017,492 | ---- | C] () -- C:\Windows\wininit.ini
[2012/07/13 06:31:15 | 000,748,576 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/21 10:14:54 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\HTSound.dll
========== ZeroAccess Check ==========
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/11/15 19:58:29 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\.minecraft
[2013/04/15 19:49:48 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\adelantado_big_fish_en
[2012/08/07 16:50:50 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\aliasworlds
[2014/01/14 14:35:33 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\BitLord
[2013/04/17 14:06:59 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\BlamGames
[2013/07/05 14:11:51 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\CoffeeCup Software
[2012/11/14 12:05:30 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\CvgQuickConnect
[2014/01/14 11:36:13 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\DAEMON Tools Lite
[2013/12/30 07:03:44 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\dclogs
[2012/08/07 14:32:23 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\DivoGames
[2013/08/07 18:47:11 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\FFP
[2012/08/07 15:40:12 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\HipSoft
[2014/01/14 11:36:25 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\IminentToolbar
[2013/08/22 06:01:12 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\inkscape
[2013/12/19 21:48:37 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\Jewel Match 3
[2013/11/20 10:48:05 | 000,000,000 | -HSD | M] -- C:\Users\Dawn work\AppData\Roaming\msgr
[2013/06/24 22:05:43 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\Mumble
[2013/04/08 20:27:34 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\Nitreal Games
[2012/07/13 06:11:03 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\OEM
[2014/01/14 11:32:33 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\OpenCandy
[2012/12/11 19:16:29 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\OpenOffice.org
[2013/08/24 16:58:13 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\Python-Eggs
[2013/01/22 21:15:42 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\raidcall
[2014/01/14 11:32:33 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\rmi
[2013/09/09 22:47:12 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\SoftGrid Client
[2013/06/24 11:45:56 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\Strongvault
[2012/08/07 16:24:49 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\SulusGames
[2012/12/11 22:28:05 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\Synthesia
[2012/11/21 19:44:26 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\TFP
[2012/07/13 16:35:55 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\TP
[2013/08/03 23:22:46 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\TS3Client
[2012/07/13 16:56:16 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\Unity
[2013/12/05 18:19:04 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\ValueApps
[2013/04/09 05:37:25 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\Virtual City
[2013/05/14 22:09:43 | 000,000,000 | ---D | M] -- C:\Users\Dawn work\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
========== Custom Scans ==========
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< %temp%\smtmp\*.* /s > >
< MD5 for: EXPLORER.ADML >
[2010/11/21 01:06:30 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml
< MD5 for: EXPLORER.ADMX >
[2009/06/10 14:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
< MD5 for: EXPLORER.DESIGNER.VB >
[2008/07/30 06:54:20 | 000,036,545 | ---- | M] () MD5=0BFA552D19A4A7F9130A71DFBBCB1407 -- C:\ProgramData\Microsoft\VSTAHost\CorelDRAW\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.designer.vb
[2008/07/30 06:54:20 | 000,036,545 | ---- | M] () MD5=0BFA552D19A4A7F9130A71DFBBCB1407 -- C:\ProgramData\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.designer.vb
[2008/07/30 06:54:20 | 000,036,545 | ---- | M] () MD5=0BFA552D19A4A7F9130A71DFBBCB1407 -- C:\Users\All Users\Microsoft\VSTAHost\CorelDRAW\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.designer.vb
[2008/07/30 06:54:20 | 000,036,545 | ---- | M] () MD5=0BFA552D19A4A7F9130A71DFBBCB1407 -- C:\Users\All Users\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.designer.vb
< MD5 for: EXPLORER.EXE >
[2011/07/13 23:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/07/13 23:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/07/13 23:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/07/13 23:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 21:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/07/13 23:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/07/13 23:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 21:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
< MD5 for: EXPLORER.EXE.MUI >
[2010/11/21 01:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2010/11/21 01:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2010/11/21 01:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2010/11/21 01:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui
< MD5 for: EXPLORER.EXE-D5E97654.PF >
[2014/01/16 06:07:19 | 000,165,060 | ---- | M] () MD5=E0EB348F65E9BCD835BD3972495E1649 -- C:\Windows\Prefetch\EXPLORER.EXE-D5E97654.pf
< MD5 for: EXPLORER.RESX >
[2008/07/30 06:54:20 | 000,040,049 | ---- | M] () MD5=B16D2C77324DE7222CB0EA55C7B32784 -- C:\ProgramData\Microsoft\VSTAHost\CorelDRAW\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.resx
[2008/07/30 06:54:20 | 000,040,049 | ---- | M] () MD5=B16D2C77324DE7222CB0EA55C7B32784 -- C:\ProgramData\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.resx
[2008/07/30 06:54:20 | 000,040,049 | ---- | M] () MD5=B16D2C77324DE7222CB0EA55C7B32784 -- C:\Users\All Users\Microsoft\VSTAHost\CorelDRAW\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.resx
[2008/07/30 06:54:20 | 000,040,049 | ---- | M] () MD5=B16D2C77324DE7222CB0EA55C7B32784 -- C:\Users\All Users\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.resx
< MD5 for: EXPLORER.VB >
[2008/07/30 06:54:20 | 000,008,501 | ---- | M] () MD5=55808E7AF87B5C18B97707BEF8EBDDEA -- C:\ProgramData\Microsoft\VSTAHost\CorelDRAW\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.vb
[2008/07/30 06:54:20 | 000,008,501 | ---- | M] () MD5=55808E7AF87B5C18B97707BEF8EBDDEA -- C:\ProgramData\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.vb
[2008/07/30 06:54:20 | 000,008,501 | ---- | M] () MD5=55808E7AF87B5C18B97707BEF8EBDDEA -- C:\Users\All Users\Microsoft\VSTAHost\CorelDRAW\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.vb
[2008/07/30 06:54:20 | 000,008,501 | ---- | M] () MD5=55808E7AF87B5C18B97707BEF8EBDDEA -- C:\Users\All Users\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.vb
< MD5 for: EXPLORER.VSTEMPLATE >
[2008/07/30 06:54:20 | 000,006,491 | ---- | M] () MD5=FB731348042E3356E2215A6747CE893C -- C:\ProgramData\Microsoft\VSTAHost\CorelDRAW\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.vstemplate
[2008/07/30 06:54:20 | 000,006,491 | ---- | M] () MD5=FB731348042E3356E2215A6747CE893C -- C:\ProgramData\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.vstemplate
[2008/07/30 06:54:20 | 000,006,491 | ---- | M] () MD5=FB731348042E3356E2215A6747CE893C -- C:\Users\All Users\Microsoft\VSTAHost\CorelDRAW\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.vstemplate
[2008/07/30 06:54:20 | 000,006,491 | ---- | M] () MD5=FB731348042E3356E2215A6747CE893C -- C:\Users\All Users\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.vstemplate
< MD5 for: EXPLORER.ZIP >
[2008/07/30 06:54:22 | 000,024,306 | ---- | M] () MD5=15FB707D04E269482E95D08430955719 -- C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\ItemTemplates\VisualBasic\Windows Forms\1033\Explorer.zip
< MD5 for: IEXPLORE.EXE >
[2012/06/02 05:47:54 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=004640AB259C1572EBD5FB0A32F63686 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_0dbfc836999db0ca\iexplore.exe
[2013/01/08 19:53:45 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=0100BCF23941C83462E4A70F94C3392E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_0d2c5bc980874648\iexplore.exe
[2013/12/03 03:02:19 | 000,804,560 | ---- | M] (Microsoft Corporation) MD5=0685765C0CBE095BA0C6C8790BAE21EF -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/12/03 03:02:19 | 000,804,560 | ---- | M] (Microsoft Corporation) MD5=0685765C0CBE095BA0C6C8790BAE21EF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_7b0d6f67c2d3f97a\iexplore.exe
[2013/05/16 20:32:12 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=07DFD28E57879554D054464EE4A5662D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_20d88bb252a3770f\iexplore.exe
[2012/11/13 20:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=0D286C0FE561D1A7EB30E83A0FF305B2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_178ed6e5b4dd3857\iexplore.exe
[2012/06/28 23:02:52 | 000,754,784 | ---- | M] (Microsoft Corporation) MD5=1223ACBFC1093852DFF039E189599BBD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_0d45fcc9807373c2\iexplore.exe
[2013/07/26 00:23:39 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=133CEF30905806A35606652D409EEEBA -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_16893df21e3dcd43\iexplore.exe
[2013/08/10 00:31:28 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=1F3B062444AD6F667B5336E78D5A02B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_ffb36d2837eafb72\iexplore.exe
[2012/08/24 01:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_1787d4dfb4e386f6\iexplore.exe
[2013/02/22 01:04:50 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=25B53709A37C3FD814B68EA0A92D18F9 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_0d238c71808d94e7\iexplore.exe
[2012/10/08 02:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_178cd651b4df05a9\iexplore.exe
[2013/06/11 22:41:27 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=2A5F565327BFD679EC5F790DC15BBF25 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_0a0343986c500b78\iexplore.exe
[2012/08/24 05:23:44 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=2D53C5F71653EF94E7829846405D4ED2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_0d332a8d8082c4fb\iexplore.exe
[2013/04/04 23:55:38 | 000,770,624 | ---- | M] (Microsoft Corporation) MD5=2DC6BD1047553611DAEF97C751131A5D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20681_none_0a122b746c443b42\iexplore.exe
[2013/06/11 18:23:57 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=30E7CA4620500FE012EB464F0E1DE91E -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_20da757e52a1c35e\iexplore.exe
[2013/02/21 22:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_177836c3b4ee56e2\iexplore.exe
[2012/06/02 03:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=34B01BBD8F00B6B9C9248DC4F1E3CD01 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_1799a6d1b4d51c66\iexplore.exe
[2013/08/10 00:10:22 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=351657C79B62B91E16A95AD23EA3710D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_168ab5d61e3c99b7\iexplore.exe
[2013/08/09 22:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=37287D98A1BF5D56AA729CEB9B27C6B1 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_20df6028529d5bb2\iexplore.exe
[2013/05/16 19:57:28 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=3902E280F6117A468D5573343A7AA1F6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_09ffa3426c5372da\iexplore.exe
[2013/10/12 15:42:28 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=39D0074C59F6D1A62731942C7FA8B60B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16736_none_167ae4781e4936f5\iexplore.exe
[2013/10/12 03:49:48 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=3C8C00380462B1023C9F8EA2A9A7A137 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20848_none_ffa340aa37f7ff34\iexplore.exe
[2013/02/21 22:10:31 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=4145E2B5663F6FACC08EFDB17B658BB2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_17f703a2ce14129d\iexplore.exe
[2013/08/09 23:13:42 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=48A1306191216997F717C451B8D15139 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_0a08177a6c4bbd6d\iexplore.exe
[2012/10/08 06:29:46 | 000,754,848 | ---- | M] (Microsoft Corporation) MD5=49442BA6DCE4B4E3C1CB0AB193FE29AD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_0d382bff807e43ae\iexplore.exe
[2012/08/24 04:49:07 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=5A150AFABB25BEA50CEDC8650A7B8A9E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_0dc3c95e999a1626\iexplore.exe
[2012/06/28 20:45:31 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=5D03518409F37D1483C98869D86E23FF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_0dc0c880999cca21\iexplore.exe
[2012/06/02 06:52:21 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=610F6596921C4BAA8834ADBB9BE272EE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_0d44fc7f80745a6b\iexplore.exe
[2012/08/24 01:49:25 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=62188720CE27B982B4285C03163C9FB3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_181873b0cdfad821\iexplore.exe
[2013/04/29 21:34:20 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=6554208814632C25C77EE02355EB8E95 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16540_none_16920d4a1e377ea4\iexplore.exe
[2013/01/08 16:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_1781061bb4e80843\iexplore.exe
[2013/07/25 21:49:06 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=7BA1862B8A5698DC5FCFDFF3BC359DE9 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_20dde844529e8f3e\iexplore.exe
[2013/02/02 02:09:12 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=7C2923004FFC497E54F38E835F108EE8 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_0d9c579499b8b898\iexplore.exe
[2010/11/20 21:24:43 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2013/07/25 23:47:06 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=8D805B4EEEE0ECF6B604BE284978F135 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_ffb0112a37ee15f1\iexplore.exe
[2013/05/16 21:02:08 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=8F00471CA24ADF8D2AFAACF856EB70A4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_ffaaf8f037f2b0df\iexplore.exe
[2012/01/07 18:42:28 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
[2012/06/28 19:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_179aa71bb4d435bd\iexplore.exe
[2013/06/11 20:28:00 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=98C6F2A9A981A54222602B87C6310BDE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_1685cb2c1e410163\iexplore.exe
[2013/10/12 01:16:06 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=9DFE1678738DD968D7BA5559B52706D1 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20848_none_09f7eafc6c58c12f\iexplore.exe
[2013/02/01 22:19:03 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=A285E1965C115031DA02B777EE9D7689 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_17f101e6ce197a93\iexplore.exe
[2013/02/02 01:37:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=A8EBEBCD9F5C49475194099FCD276992 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_0d1d8ab58092fcdd\iexplore.exe
[2013/04/05 00:02:26 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_20e92fca5296266a\iexplore.exe
[2012/11/15 21:08:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=AC4957E154F750DF54F36ADC8E3E040D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_0db6f8de99a3ff69\iexplore.exe
[2013/02/22 01:17:45 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=B21A57AA4CB928059A0C0C58A9E77A02 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_0da2595099b350a2\iexplore.exe
[2012/06/02 02:51:58 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=BE967C74B89577B78FB57C061E12B04C -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_18147288cdfe72c5\iexplore.exe
[2010/11/20 21:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2013/12/03 03:02:22 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013/12/03 03:02:22 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_856219b9f734bb75\iexplore.exe
[2013/06/12 01:51:43 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=CA88A25280B1D85ED0BC26B042ABBCCF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_ffae994637ef497d\iexplore.exe
[2013/04/05 01:53:33 | 000,775,232 | ---- | M] (Microsoft Corporation) MD5=CEA304830B4770BDA3572B87D0841848 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_169485781e35646f\iexplore.exe
[2012/10/08 02:22:05 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=CECB15F834FC2B4B150449717ADE18DD -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_1808a252ce07755f\iexplore.exe
[2013/09/22 17:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=D6B7DDB68436F13C3CAE2B92524F1FEC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_20cf006852aa5f74\iexplore.exe
[2013/10/12 01:44:13 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=D7D5768B8A697FCBAEE2CFE137070F02 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16736_none_20cf8eca52a9f8f0\iexplore.exe
[2013/09/22 18:01:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=DB352EBF77E8655E0C46B6923F3C9950 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_09f78a2a6c58f471\iexplore.exe
[2013/02/01 22:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=DDE5A0DFAF7C6370FB36402D7A746ED3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_17723507b4f3bed8\iexplore.exe
[2013/04/05 01:23:03 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=DE751E18F8DBF7BCCE46989CBA4A9828 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20681_none_ffbd812237e37947\iexplore.exe
[2013/04/29 21:34:22 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=E4F6125ED5185F8FA37CC4F449B85526 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16540_none_20e6b79c5298409f\iexplore.exe
[2013/07/25 23:09:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=E70D60B3A350BD09D86CDAD9CF55F36B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_0a04bb7c6c4ed7ec\iexplore.exe
[2013/09/22 19:55:58 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=E9F843E7E412AE9A507FD5ABBBD06462 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_ffa2dfd837f83276\iexplore.exe
[2012/06/28 17:35:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=EB4105348272018D096FEB655CD1608C -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_181572d2cdfd8c1c\iexplore.exe
[2013/05/16 21:30:45 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=EDC77CF787FA015205936C9A3228486E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_1683e1601e42b514\iexplore.exe
[2013/01/08 18:51:57 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=EF1F6F41FB2C9BBB484B21017F380201 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_0daa285e99ade8ac\iexplore.exe
[2013/01/08 15:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_17fed2b0ce0eaaa7\iexplore.exe
[2012/01/07 18:42:28 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_0d549a9b80698a7f\iexplore.exe
[2012/10/08 05:09:10 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=F61714ABCF9BF0CEF0A6249AD4FD490B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_0db3f80099a6b364\iexplore.exe
[2012/11/13 20:19:28 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F691418EE9A6344AEB5C1B0518FBF8AE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_180ba330ce04c164\iexplore.exe
[2013/09/22 19:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=F6A7D9C0BC326F695526069C1DA1E8B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_167a56161e499d79\iexplore.exe
[2012/11/14 01:11:18 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=FD0D2E1FAEBAE5031BE2EB8000D973F1 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_0d3a2c93807c765c\iexplore.exe
< MD5 for: IEXPLORE.EXE.MUI >
[2013/12/03 03:02:22 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2013/12/03 03:02:19 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/12/03 03:02:19 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_74ba04defa813a61\iexplore.exe.mui
[2013/12/03 03:02:22 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_7f0eaf312ee1fc5c\iexplore.exe.mui
[2012/01/07 18:42:28 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2012/01/07 18:42:28 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2013/04/29 21:34:20 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_103c8b6555e6a67e\iexplore.exe.mui
[2013/04/29 21:34:22 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_1a9135b78a476879\iexplore.exe.mui
[2009/07/13 20:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/13 20:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui
< MD5 for: SERVICES >
[2009/06/10 15:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
< MD5 for: SERVICES.CFG >
[2012/09/23 19:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/12/21 00:04:16 | 000,559,392 | ---- | M] () MD5=F9FBA73F44366AB3514BD1985707F178 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
< MD5 for: SERVICES.EXE >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 01:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 01:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
< MD5 for: SERVICES.LNK >
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOF >
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
< MD5 for: SERVICES.MSC >
[2010/11/21 01:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 01:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 01:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 01:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
< MD5 for: SERVICES.PTXML >
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
< MD5 for: SERVICES.RDB >
[2012/08/13 10:51:02 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb
[2012/08/13 10:51:02 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files (x86)\OpenOffice.org 3\program\services.rdb
[2012/08/10 15:12:16 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb
< MD5 for: SERVICES.SBS >
[2013/07/16 12:21:30 | 000,034,818 | ---- | M] () MD5=E2ACBC77020C8D5CE97CA61D0D859A44 -- C:\Program Files (x86)\Spybot - Search & Destroy\Includes\Services.sbs
< MD5 for: WINLOGON.ADML >
[2010/11/21 01:06:30 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml
< MD5 for: WINLOGON.ADMX >
[2009/06/10 15:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx
< MD5 for: WINLOGON.EXE >
[2010/11/20 21:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 21:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
< MD5 for: WINLOGON.EXE.MUI >
[2010/11/21 01:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2010/11/21 01:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
< MD5 for: WINLOGON.MFL >
[2010/11/21 01:06:15 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2010/11/21 01:06:15 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl
< MD5 for: WINLOGON.MOF >
[2009/07/13 14:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 14:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
< %SYSTEMDRIVE%\*.* >
[2014/01/16 03:20:46 | 2733,404,160 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/16 03:21:19 | 3644,538,880 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\Fonts\*.com >
[2012/12/24 15:15:17 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2012/12/24 15:15:17 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2012/12/24 15:15:17 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2012/12/24 15:15:17 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/06/10 14:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2011/05/13 16:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is Acer
Volume Serial Number is 1CE4-DAA2
Directory of C:\
07/13/2012 06:06 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/2012 06:06 AM <JUNCTION> Application Data [C:\ProgramData]
07/13/2012 06:06 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2012 06:06 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2012 06:06 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2012 06:06 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2012 06:06 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2012 06:06 AM <SYMLINKD> All Users [C:\ProgramData]
07/13/2012 06:06 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2012 06:06 AM <JUNCTION> Application Data [C:\ProgramData]
07/13/2012 06:06 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2012 06:06 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2012 06:06 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2012 06:06 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2012 06:06 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Dawn work
07/13/2012 06:06 AM <JUNCTION> Application Data [C:\Users\Dawn work\AppData\Roaming]
07/13/2012 06:06 AM <JUNCTION> Cookies [C:\Users\Dawn work\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2012 06:06 AM <JUNCTION> Local Settings [C:\Users\Dawn work\AppData\Local]
07/13/2012 06:06 AM <JUNCTION> My Documents [C:\Users\Dawn work\Documents]
07/13/2012 06:06 AM <JUNCTION> NetHood [C:\Users\Dawn work\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2012 06:06 AM <JUNCTION> PrintHood [C:\Users\Dawn work\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2012 06:06 AM <JUNCTION> Recent [C:\Users\Dawn work\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2012 06:06 AM <JUNCTION> SendTo [C:\Users\Dawn work\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2012 06:06 AM <JUNCTION> Start Menu [C:\Users\Dawn work\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2012 06:06 AM <JUNCTION> Templates [C:\Users\Dawn work\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Dawn work\AppData\Local
07/13/2012 06:06 AM <JUNCTION> Application Data [C:\Users\Dawn work\AppData\Local]
07/13/2012 06:06 AM <JUNCTION> History [C:\Users\Dawn work\AppData\Local\Microsoft\Windows\History]
07/13/2012 06:06 AM <JUNCTION> Temporary Internet Files [C:\Users\Dawn work\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Dawn work\Documents
07/13/2012 06:06 AM <JUNCTION> My Music [C:\Users\Dawn work\Music]
07/13/2012 06:06 AM <JUNCTION> My Pictures [C:\Users\Dawn work\Pictures]
07/13/2012 06:06 AM <JUNCTION> My Videos [C:\Users\Dawn work\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2012 06:06 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2012 06:06 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2012 06:06 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2012 06:06 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2012 06:06 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2012 06:06 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2012 06:06 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2012 06:06 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2012 06:06 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2012 06:06 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2012 06:06 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2012 06:06 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2012 06:06 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2012 06:06 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2012 06:06 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2012 06:06 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2012 06:06 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2012 06:06 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2012 06:06 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
01/07/2012 06:18 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
01/07/2012 06:18 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
01/07/2012 06:18 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
01/07/2012 06:18 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
01/07/2012 06:18 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/07/2012 06:18 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/07/2012 06:18 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
01/07/2012 06:18 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
01/07/2012 06:18 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
01/07/2012 06:18 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
01/07/2012 06:18 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
01/07/2012 06:18 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
01/07/2012 06:18 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
01/07/2012 06:18 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
01/07/2012 06:18 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
01/07/2012 06:18 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile
01/07/2012 06:18 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
01/07/2012 06:18 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
01/07/2012 06:18 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
01/07/2012 06:18 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
01/07/2012 06:18 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/07/2012 06:18 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/07/2012 06:18 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
01/07/2012 06:18 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
01/07/2012 06:18 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
01/07/2012 06:18 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
01/07/2012 06:18 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
01/07/2012 06:18 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
01/07/2012 06:18 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
01/07/2012 06:18 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
01/07/2012 06:18 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
01/07/2012 06:18 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
82 Dir(s) 344,452,661,248 bytes free
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/07/13 06:20:25 | 000,000,221 | -HS- | M] () -- C:\Users\Dawn work\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2014/01/17 17:18:09 | 000,379,904 | ---- | M] () -- C:\Users\Dawn work\Desktop\gmer.exe
[2014/01/17 17:28:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dawn work\Desktop\OTL.exe
[2014/01/17 15:45:46 | 000,987,425 | ---- | M] () -- C:\Users\Dawn work\Desktop\SecurityCheck.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
========== Base Services ==========
SRV:64bit: - [2009/07/13 19:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/26 23:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 19:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 21:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 21:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/24 19:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 16:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/08 23:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 22:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 21:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 21:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/07/13 23:28:35 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 19:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 19:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 19:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 21:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/13 19:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 19:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 19:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 19:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 11:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 19:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 05:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 00:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/24 19:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 19:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 21:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 21:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/24 19:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 21:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 21:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 21:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 21:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 21:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 21:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 19:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 23:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 21:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 21:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 21:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 21:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 21:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 21:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 21:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 21:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 21:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 16:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 21:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 19:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 21:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
========== Drive Information ==========
Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: SCSI
Media Type: Fixed hard disk media
Model: WDC WD5000AAKX-001CA SCSI Disk Device
Partitions: 3
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic- Compact Flash USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic- SM/xD-Picture USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic- SD/MMC USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic- MS/MS-Pro/HG USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE5 -
Interface type: USB
Media Type:
Model: Generic- SD/MMC/MS/MSPRO USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE6 -
Interface type: USB
Media Type:
Model: HP Photosmart C4500 USB Device
Partitions: 0
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 17.00GB
Starting Offset: 1048576
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 18254659584
Hidden sectors: 0
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 449.00GB
Starting Offset: 18359517184
Hidden sectors: 0
========== Alternate Data Streams ==========
@Alternate Data Stream - 249 bytes -> C:\ProgramData\Temp:E1D06077
@Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:8967C154
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:8C12CFCD
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:928DF32E
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:E153075C
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:0E61938B
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:2CB9631F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:EFECABA9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:08DB8D99
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:60E0AB2A
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:E6D148BC
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:A2B3764A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:2F5A06FD
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:F591490A
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:FACB65E7
< End of report >
The Extras
OTL Extras logfile created on: 1/17/2014 5:29:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dawn work\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.39 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 63.70% Memory free
6.79 Gb Paging File | 5.05 Gb Available in Paging File | 74.43% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.66 Gb Total Space | 320.80 Gb Free Space | 71.50% Space Free | Partition Type: NTFS
Computer Name: DAWNWORK-PC | User Name: Dawn work | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B78AF4C-C3F7-4261-A16E-BE7E7836C8C6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{206DF459-1BEF-4FD7-9B1F-9A62050E2A34}" = lport=137 | protocol=17 | dir=in | app=system |
"{261D1B33-C88E-406F-A3A2-E02D9CAE9A72}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2FA77D07-5548-4353-8D16-CA15BA817AB4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3C606704-6AF6-48A9-9C44-5EEBC6A88748}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3E073F03-E07E-4598-8A2B-75C0B00AE8C0}" = rport=138 | protocol=17 | dir=out | app=system |
"{5775AA85-7FC2-435C-87C7-DE1AB1E37848}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7494CEFB-0CF0-4185-A256-290913C2B8C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7CF2F9B0-3E89-4240-B6E7-8056D6205AB8}" = rport=445 | protocol=6 | dir=out | app=system |
"{862EC17C-282B-46F2-B3A9-D65D15DAFEEE}" = lport=138 | protocol=17 | dir=in | app=system |
"{8807DFB7-7D3F-4793-93D2-7F87B76ED053}" = lport=139 | protocol=6 | dir=in | app=system |
"{8FAF5CF4-DB8D-4AD7-BF19-067DA7BFB443}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{95BA82BC-6B05-4442-819C-AABC2440BE14}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{99C306BD-74B5-4D5A-B7EF-59F7D5F6CC52}" = lport=12000 | protocol=6 | dir=in | app=system |
"{A0860F8B-F6A1-4140-8AC7-60BE0C7EAF27}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A0E30E68-D0B0-496D-A7C0-A969F6282198}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B03ABC7A-5229-4865-B12E-A97DA20989DE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BE66FC34-F33C-45D0-AC7D-56F2D959C426}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C1AC2D00-56EC-4852-84FE-DD31656F1F5F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C902E3FA-CA0C-472D-9891-EF73329E45EF}" = rport=137 | protocol=17 | dir=out | app=system |
"{CF649825-7880-4216-996A-0BB407F914E6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DB93E46C-99E1-4AC9-98EF-2FA1B1AC78E6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DE368B86-9510-4298-9F2C-440514C6AA20}" = lport=445 | protocol=6 | dir=in | app=system |
"{F2D0B536-AB72-4CCD-B3AE-80418F4827E2}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0178880F-CC0C-43AE-B8E0-A59D0D33FE6F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0937E43B-A9CC-440F-9C59-6EFBBED75457}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0AEAC1D4-8FE0-42FA-B96E-F901980A9D38}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0E3F2551-89CE-4F70-9955-AAD836CCC67F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1BE01C1D-2895-4D68-834C-A82B231B550B}" = protocol=6 | dir=out | app=system |
"{1DCCEE4C-2181-405B-A50A-7BBAE421A6D3}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{20C0A843-1300-40A6-8C98-FBADF65FB98C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{224FB4C1-6508-40B2-A3D7-7FA1FB4C62FF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2597A7C0-55E9-4F51-BE0B-A1A935753B4E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{29702C1A-B98B-4C74-AB8E-51C6E201F05F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2979358D-B6A2-4AFD-912B-1DEB93B2CB95}" = protocol=17 | dir=in | app=c:\program files (x86)\bitlord 2\bitlord files\bitlord.exe |
"{2F7019AD-92F9-4AA5-A2E9-9047469291A2}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe |
"{3463676A-1A12-4D22-ACAE-6FD51A44463E}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"{3A9FAFD2-0C5B-4554-9944-8E6A9A226019}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe |
"{3CC438B7-ED80-496B-A4B6-F5435A90A357}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{411DDC94-C7EF-4F8E-BD1D-8DAE562D9749}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{49282F1A-6761-47DA-94E3-67989F715217}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{5216C884-F111-442B-8EA4-4C47513FFA2A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{56A28D6D-352E-4F61-B19D-0BC0C90ED34B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{57A67721-8699-4F70-884E-DADD6623C802}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{667B75D1-C098-4C36-9309-C3CA495799AC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6E9F888B-9CB5-4A58-A04C-13F4F917326D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{6F850C0F-5282-42CF-A5B3-CF363D5356CB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{70B3FFCF-6D38-4B9C-B00C-C5B7EA11CB7E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{861BF0FE-D8D6-40DF-861C-0209A1C50E61}" = protocol=17 | dir=in | app=c:\users\dawn work\appdata\local\akamai\netsession_win.exe |
"{8850865A-AF3D-42A1-B0FF-3365EB0D6A1F}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe |
"{948778AD-ABA8-4204-853B-7D33535DE2FF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{949DEF95-9D95-49E8-A14D-A7FA2B1592FF}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{94A7F264-0CF9-45CA-BB70-3D41BBFB34DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9C432D54-C51D-467D-AF59-B42C0A3E6B24}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9CBA0240-2A7B-40A3-BABA-2385AB6C1656}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9FDCC279-A744-4D24-BF7A-DBEBACB2B001}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A5DC8F6E-165B-49E5-A855-A42B771E706C}" = protocol=6 | dir=in | app=c:\users\dawn work\appdata\local\akamai\netsession_win.exe |
"{AD4284DE-70CC-4C04-819D-C0070A7977FD}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe |
"{B1519095-E271-4B76-A81C-5015AC2E8A7B}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"{B2D41AE8-1494-4ED8-9A87-EE4C7B2F37C3}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{BF1EE2C2-75CE-4A2A-98C3-F030EAC9A69D}" = protocol=6 | dir=in | app=c:\program files (x86)\bitlord 2\bitlord files\bitlord.exe |
"{C77E55B9-9F06-45D4-8878-ED3D56EC9471}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\playmovie.exe |
"{C9221653-D27A-433D-910C-E4AE419810E7}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
"{CBC191B7-AAEB-4070-A43C-F05331142200}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D22F380C-8CE6-43F6-841D-B8364E5725FD}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\clmsservice.exe |
"{D2F56A7D-0BA0-4525-94C7-1B372E460CB6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D8D95AD9-B10B-48ED-863E-D1F21BD2D2A6}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe |
"{DF59380F-1E32-4393-851E-6FDBE56E773B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E2DE5A7D-7BC4-4835-BF3C-9369C15B5D10}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{E40154AE-EBA2-4C4C-B7D7-4699E966F3AD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E5DDBD72-914F-49A9-ACBE-7B911F1210B4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EDE65739-98DB-49A3-94D9-35D7F877A4D9}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{F00821DF-1464-47B1-82F1-A3E82671BAF3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F7E3264D-C7A7-4A44-8275-88709ED06659}" = dir=in | app=c:\users\dawn work\appdata\local\torch\plugins\torrent\torchtorrent.exe |
"TCP Query User{5A41C406-8006-4319-82D3-352566AE567B}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{756ABCE8-CBDB-4EAC-BC3D-38E1D81BF365}C:\users\dawn work\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\dawn work\appdata\local\akamai\netsession_win.exe |
"TCP Query User{A0581FD8-3620-4D76-B9A5-AEEFCDFADB2F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{B95FBF55-BF21-4E86-B72B-908627CB7BCE}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{2569ADDC-2239-4626-85D8-E9302FED5E1D}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{8C1D8610-5E9F-4D8F-AA84-99F0D6C45A15}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{E2282815-FA13-4BFF-97AA-AE4788D953F3}C:\users\dawn work\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\dawn work\appdata\local\akamai\netsession_win.exe |
"UDP Query User{E97E5F27-DE91-4786-A363-E0D11F1FE496}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{B16BB34E-B7BF-47DF-8658-BEABCF40CD6A}" = Corel Graphics - Windows Shell Extension
"_{BDBFAC49-8877-472F-876B-75ADB7DBC955}" = CorelDRAW Graphics Suite X6 (64-Bit)
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{0CEA94E0-E6F4-4F2D-AA98-D0EFD6833754}" = Corel Graphics - Windows Shell Extension 32 Bit
"{10762393-1B90-4AC2-AF1A-4C0C04AE303F}" = CorelDRAW Graphics Suite X6 - VBA (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1967EF95-E00B-4669-8B1C-A589BE8BF24F}" = CorelDRAW Graphics Suite X6 - Capture (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E3A578C-0A7D-4820-990F-B7545C0B2303}" = CorelDRAW Graphics Suite X6 - VSTA (x64)
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{27AE72A4-B217-4CDC-B82B-3311E9D7460E}" = CorelDRAW Graphics Suite X6 - Draw (x64)
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{2C72B5E4-AA34-4F1A-8C7E-468530F9F6A3}" = CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64)
"{35869A6C-BA31-4F23-B52D-BC1B1E41EC1B}" = CorelDRAW Graphics Suite X6 - Common (x64)
"{3933C06C-8239-432B-87FC-F2BDC5B49A10}" = CorelDRAW Graphics Suite X6 - FontNav (x64)
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6099F026-0A98-4D40-9B3D-ED2123A8CBD0}" = CorelDRAW Graphics Suite X6 - Redist (x64)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{73538094-00F2-4C0F-974F-90C8FFA1D353}" = inFlow Inventory 64-bit
"{7386B5FA-8715-481D-821F-7785110506DF}" = CorelDRAW Graphics Suite X6 - Custom Data (x64)
"{7B79AE44-9B76-4815-84E5-ACAC3F0F0278}" = CorelDRAW Graphics Suite X6 - VideoBrowser (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120064-0070-0000-0000-4000000FF1CE}" = Microsoft Visual Basic for Applications 7.1 (x64)
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90F60409-7000-11D3-8CFE-0150048383C9}" = Microsoft Visual Basic for Applications 7.1 (x64) English
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AAAB95-AEBE-437A-B7CA-37C7BE13FFE9}" = CorelDRAW Graphics Suite X6 - Connect (x64)
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{B16BB34E-B7BF-47DF-8658-BEABCF40CD6A}" = Corel Graphics - Windows Shell Extension
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6DF7031-2843-44FD-9CAB-DECAB4257456}" = CorelDRAW Graphics Suite X6 - IPM
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BB65D262-3EBC-4F10-89D9-67A320E94EAA}" = CorelDRAW Graphics Suite X6 - EN (x64)
"{BBA8B8FD-ADB2-0E86-731D-BBEE82329C4B}" = ccc-utility64
"{BDBFAC49-8877-472F-876B-75ADB7DBC955}" = CorelDRAW Graphics Suite X6 - Setup Files (x64)
"{CCE7423E-1D84-4CD3-9E32-220EC9358D97}" = CorelDRAW Graphics Suite X6 (x64)
"{D7C2687D-924E-4485-B367-C7D95CBF8DDD}" = CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64)
"{D9B8D7C4-BE13-5877-6999-B076956AA3F9}" = ATI Catalyst Install Manager
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DDE82E3D-20C4-48E1-AE1D-B1F10E42CA44}" = CorelDRAW Graphics Suite X6 - Writing Tools (x64)
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{E699230D-4B5E-411E-9F45-FF50789B18DD}" = CorelDRAW Graphics Suite X6 - Filters (x64)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{924CC858-47F5-4535-ABA8-B553D5A5F489}" = CorelDRAW Home & Student Suite X6 - Registration Gift
"_{E1E3FDB9-0A58-492D-BE04-BF7FB44281DF}" = CorelDRAW Home & Student Suite X6
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{050C0087-340A-5E97-F33A-1BD2F766A2F5}" = CCC Help Italian
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D05BD1B-C316-D17C-6CD0-CC570AEAB787}" = CCC Help Thai
"{0E6AAB73-4530-A41E-849A-EF10340A84DF}" = CCC Help Polish
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11C77D7D-43A3-42AD-B677-7A89476073D1}" = CorelDRAW Home & Student Suite X6 - IPM
"{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = clear.fi
"{150F483A-A4AA-12A1-7C34-D9DB1919547A}" = CCC Help Portuguese
"{179089AA-A14F-5A07-3835-433AA14AB635}" = CCC Help Chinese Traditional
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{1895E5C2-A9F8-4757-AD7B-0E9EA8BA1C46}" = Catalyst Control Center - Branding
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}" = Evernote v. 4.5.1
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AC970FC-758E-EF0C-1583-435FFF47EFA9}" = CCC Help Danish
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (INFLOWSQL)
"{2E1FF168-C322-B776-81A9-37CB1E3791D8}" = CCC Help French
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36BBD93F-D3F9-4AA9-9E4E-4150A47E6338}" = CorelDRAW Home & Student Suite X6
"{37126D87-E4FD-4614-B908-A0BB7ECE3992}" = clear.fi
"{37FD8298-B5F2-4902-B19F-1D8E26206D60}" = CorelDRAW Home & Student Suite X6 - Custom Data
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3BFFE355-F475-476A-AA8C-744556440E4C}" = CorelDRAW Home & Student Suite X6 - Writing Tools
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B30B934-B6B5-50D5-FFC8-F354CEFD4674}" = AMD VISION Engine Control Center
"{4FEA1BF1-26BA-B8E5-B6B2-A193DCBF66F8}" = CCC Help Japanese
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{53462064-5F28-4C03-855B-ECEF95A49B26}" = CorelDRAW Home & Student Suite X6 - Connect
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{556971D4-C072-46A5-8994-983873FA7625}" = CorelDRAW Home & Student Suite X6 - Redist
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{585B4766-DF69-BD72-42CC-5A092FFF49D2}" = CCC Help Chinese Standard
"{58FFBFA9-F8E6-4BF6-8849-29BEFD0C9AB3}" = CorelDRAW Home & Student Suite X6 - BR
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5C146655-3335-431B-BE08-06AEADC4A711}" = CorelDRAW Home & Student Suite X6 - ES
"{602F13D5-39C7-44C5-92E8-023F2B1F18CE}" = CorelDRAW Home & Student Suite X6 - Extra Content
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68D6BB05-DA20-A311-29D5-7460A9321E89}" = CCC Help Finnish
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{709EB5DE-FB19-15F6-1789-A5C2BF5AAAAB}" = Catalyst Control Center Localization All
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{721a8a51-7e8f-4536-b0a0-ab4410949055}" = inFlow Inventory
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73E6B077-E73F-4851-B78B-05D8C45678B5}" = CorelDRAW Home & Student Suite X6 - FontNav
"{750EC77A-2DCC-416F-B97B-A64499C04451}" = CorelDRAW Home & Student Suite X6 - Capture
"{76F61A3E-2FF1-53CD-8DEC-DAFAD3F0ADDB}" = CCC Help Spanish
"{7C9DBDCE-235B-A3AD-09E5-3B68C75CF389}" = CCC Help English
"{7E8519C4-9CE7-761A-60CC-E2C9EEE1A8B2}" = CCC Help Greek
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80008A1D-93D2-4236-A0F6-FA1B7384ABAA}" = CorelDRAW Home & Student Suite X6 - EN
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8549F8C6-3BFE-47D7-A0B9-83681F0C6D30}" = CorelDRAW Home & Student Suite X6 - PHOTO-PAINT
"{85592690-8D8D-B8C9-BB8E-F97D35D4B1F0}" = CCC Help Hungarian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC392C3-70F8-D3DB-7AD5-CE578968E97D}" = CCC Help Turkish
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{924CC858-47F5-4535-ABA8-B553D5A5F489}" = CorelDRAW Home & Student Suite X6 - Registration Gift
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{964FAFF4-D98B-4990-85EF-62DAC493865E}" = CorelDRAW Home & Student Suite X6 - Draw
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A4B1C9D6-C4C9-9227-C135-350CFB38CFED}" = CCC Help Norwegian
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A984885F-709A-47D4-8A00-6579A97DFB39}" = CorelDRAW Home & Student Suite X6 - Filters
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AD17FA66-84BC-7EE6-3FFD-8652331B3F62}" = CCC Help Russian
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BB6CBCD2-D932-4A1B-AED6-A0CEF1D5ACB8}" = CorelDRAW Home & Student Suite X6 - Common
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C383C5E6-CF3F-3456-6405-0BB1C7836905}" = CCC Help Swedish
"{C3A1ED0C-D956-9E30-D5E9-03AA15EA5524}" = CCC Help Czech
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CD21E772-60AF-45C7-A884-82C3B9FF7AC8}" = CorelDRAW Home & Student Suite X6 - FR
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC2B92A-C046-7F20-FB5B-7E2D9FAC3640}" = CCC Help German
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1F1771F-E62F-1F6C-DCCB-6C55F8852F9D}" = Catalyst Control Center InstallProxy
"{D2437C5C-2D8C-40D2-8059-689AD7239FA3}" = Intel(R) C++ Redistributables for Windows* on Intel(R) 64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1E3FDB9-0A58-492D-BE04-BF7FB44281DF}" = CorelDRAW Home & Student Suite X6 - Setup Files
"{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8E37C4F-DE01-4286-AFB6-9FBEC8265A1A}" = clear.fi
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F199A7FB-D9BF-85BF-5CF1-D2E80C927B37}" = CCC Help Dutch
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F620365A-6ED3-F9C0-2E60-E2DC40B79EBE}" = CCC Help Korean
"{F7E0867C-B149-4018-9835-37ADC42A6E29}" = CorelDRAW Home & Student Suite X6 - VideoBrowser
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"BFG-A Gnome's Home - The Great Crystal Crusade" = A Gnome's Home: The Great Crystal Crusade
"BFG-Adelantado Trilogy - Book One" = Adelantado Trilogy: Book One
"BFG-Big Bang West" = Big Bang West
"BFGC" = Big Fish: Game Manager
"BFG-Insaniquarium! Deluxe" = Insaniquarium! Deluxe
"Big Money" = Big Money
"BitLord" = BitLord 2.3
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"DAEMON Tools Lite" = DAEMON Tools Lite
"ERUNT_is1" = ERUNT 1.1j
"Fallout New Vegas Ultimate Edition_is1" = Fallout New Vegas Ultimate Edition
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"Inkscape" = Inkscape 0.48.4
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{37126D87-E4FD-4614-B908-A0BB7ECE3992}" = clear.fi
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Minecraft1.6.2" = Minecraft1.6.2
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OpenAL" = OpenAL
"Synthesia" = Synthesia
"Trusted Software Assistant_is1" = File Type Assistant
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WTA-3eb3e557-5736-43e6-af42-016c9bccacc4" = Governor of Poker 2 Premium Edition
"WTA-4ae3f49b-d977-4afe-9cd3-30ee6ba52944" = Polar Bowler
"WTA-502cffac-4783-44d5-b24e-4a37e176400a" = Mystery of Mortlake Mansion
"WTA-64c86e89-fd55-4885-a73b-b1035fda3e4e" = Final Drive: Nitro
"WTA-7727b8d1-cb97-4a79-b626-27557b4b2f81" = Plants vs. Zombies - Game of the Year
"WTA-871b2b69-ccf8-466e-907d-2502732427f7" = Jewel Match 3
"WTA-88b3a091-21f3-4921-b861-0dcab7176efe" = Agatha Christie - Death on the Nile
"WTA-8c6320e5-b3f9-4ba1-930a-9b0e2b6d7cf1" = Bejeweled 2 Deluxe
"WTA-a3d7cde4-5d32-41d5-b798-de37b1e8c45a" = Virtual Villagers 5 - New Believers
"WTA-a4d21338-bf5f-4229-bff6-44e4b258ca4b" = Cradle of Rome 2
"WTA-b01f779d-b18d-46b5-823a-8b08ee032e21" = Chronicles of Albian
"WTA-c7ca15d4-ea04-434c-8f3f-e1551ad8e3ea" = Penguins!
"WTA-c86b86af-d878-4b3a-a431-66b858031e88" = Polar Golfer
"WTA-cf1ef031-927a-43f0-a20c-a0d73dbd287d" = Build-a-lot 4 - Power Source
"WTA-d026a866-bb5b-4e33-9c1a-9151f3aa109c" = Zuma's Revenge
"WTA-eee6e5ff-b312-452c-bb4f-3962e006e27b" = Dora's World Adventure
"WTA-f15b6443-6a5d-435b-a8f9-5b8e0a9b5124" = Torchlight
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12/14/2013 9:08:02 AM | Computer Name = Dawnwork-PC | Source = WinMgmt | ID = 10
Description =
Error - 12/14/2013 5:24:38 PM | Computer Name = Dawnwork-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
Error - 12/14/2013 5:59:55 PM | Computer Name = Dawnwork-PC | Source = Chrome | ID = 1
Description =
Error - 12/14/2013 8:04:22 PM | Computer Name = Dawnwork-PC | Source = Application Hang | ID = 1002
Description = The program ZipOpenerSetup.exe version 0.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 830 Start
Time: 01cef92911218dba Termination Time: 0 Application Path: C:\Users\Dawn work\Downloads\ZipOpenerSetup.exe
Report
Id: 5c2846af-651c-11e3-8967-005056c00008
Error - 12/14/2013 8:10:46 PM | Computer Name = Dawnwork-PC | Source = WinMgmt | ID = 10
Description =
Error - 12/15/2013 3:29:56 AM | Computer Name = Dawnwork-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
Error - 12/15/2013 9:00:02 PM | Computer Name = Dawnwork-PC | Source = Windows Backup | ID = 4103
Description =
Error - 12/16/2013 2:32:52 AM | Computer Name = Dawnwork-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
Error - 12/17/2013 2:32:53 AM | Computer Name = Dawnwork-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
Error - 12/18/2013 2:33:03 AM | Computer Name = Dawnwork-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
Error - 12/19/2013 2:59:54 AM | Computer Name = Dawnwork-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
[ System Events ]
Error - 1/14/2014 1:33:50 PM | Computer Name = Dawnwork-PC | Source = Service Control Manager | ID = 7030
Description = The OutfoxTvService service is marked as an interactive service.
However, the system is configured to not allow interactive services. This service
may not function properly.
Error - 1/14/2014 1:33:58 PM | Computer Name = Dawnwork-PC | Source = Service Control Manager | ID = 7030
Description = The OutfoxTvService service is marked as an interactive service.
However, the system is configured to not allow interactive services. This service
may not function properly.
Error - 1/14/2014 1:36:17 PM | Computer Name = Dawnwork-PC | Source = Service Control Manager | ID = 7030
Description = The SProtection service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.
Error - 1/14/2014 1:36:18 PM | Computer Name = Dawnwork-PC | Source = Service Control Manager | ID = 7030
Description = The WinkHandler service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.
Error - 1/14/2014 1:36:18 PM | Computer Name = Dawnwork-PC | Source = Service Control Manager | ID = 7034
Description = The Search Protect by Conduit Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 1/14/2014 1:36:21 PM | Computer Name = Dawnwork-PC | Source = Service Control Manager | ID = 7034
Description = The SProtection service terminated unexpectedly. It has done this
1 time(s).
Error - 1/14/2014 4:45:35 PM | Computer Name = Dawnwork-PC | Source = DCOM | ID = 10010
Description =
Error - 1/14/2014 11:09:01 PM | Computer Name = Dawnwork-PC | Source = DCOM | ID = 10010
Description =
Error - 1/16/2014 5:19:08 AM | Computer Name = Dawnwork-PC | Source = DCOM | ID = 10010
Description =
Error - 1/17/2014 7:51:29 PM | Computer Name = Dawnwork-PC | Source = volsnap | ID = 393283
Description = The shadow copy of volume C: being created failed to install.
< End of report >
I think that was everything, thank you for all your help and let me know what you want me to do about the gmer.
I appreciate it so much!
Dawn
Hi DawnW,
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Malwarebytes Anti-Rootkit
Download Malwarebytes Anti-Rootkit (http://downloads.malwarebytes.org/file/mbar)
Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit1_zps4613be8c.png (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMAnti-Rootkit1_zps4613be8c.png.html)
Please click by the introduction screen on the Next button to continue.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit2update_zpsf85fca28.png (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMAnti-Rootkit2update_zpsf85fca28.png.html)
Next you will see the Update Database screen.
Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitupdatecomplete_zpscf9f4cdb.png (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMAnti-Rootkitupdatecomplete_zpscf9f4cdb.png.html)
When the update has finished, click on the Next button.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan_zps9b346fe7.png (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMAnti-Rootkitscan_zps9b346fe7.png.html)
Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan-results_zps9f0fdf8e.png (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMAnti-Rootkitscan-results_zps9f0fdf8e.png.html)
When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
Make sure everything is selected and that the option to create a restore point is checked.
Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
Click on Yes button to restart your computer.
There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Run OTL.exe
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=139&systemid=406&v=n8708-68&apn_uid=6753094631324127&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=139&systemid=406&v=n8708-68&apn_uid=6753094631324127&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://start.iminent.com/?appId=14684F1D-ECBD-42B9-AABB-98070DD1D797&ref=toolbox&q={searchTerms}
IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3306058&octid=EB_ORIGINAL_CTID&SearchSource=62&CUI=UN18322490812240963&UM=2&UP=SP0891EB53-D931-4DC7-B1E8-9D58F977E411&q={searchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{373E341F-C4AC-4DD6-81E3-AD9A28C25121}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306058&CUI=UN18322490812240963&UM=2
IE - HKCU\..\SearchScopes\{7BE8A92F-5E65-416A-9D85-34393720F261}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=256A818B-5343-4846-AFBB-3782ADC446DD&apn_sauid=44209606-865C-473F-B146-FC9E139F718E
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=139&systemid=406&v=n8708-68&apn_uid=6753094631324127&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
[2014/01/14 16:57:02 | 000,000,000 | ---D | M] (Connect DLC 2) -- C:\Users\Dawn work\AppData\Roaming\Mozilla\Firefox\Profiles\e0jnnn4w.default\extensions\{515b2424-5911-40bd-8a2c-bdb20286d8f5}
[2013/12/05 18:19:00 | 000,000,000 | ---D | M] (Value Apps) -- C:\Users\Dawn work\AppData\Roaming\Mozilla\Firefox\Profiles\e0jnnn4w.default\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd}
[2014/01/14 11:36:29 | 000,000,000 | ---D | M] (Iminent Toolbar) -- C:\Users\Dawn work\AppData\Roaming\Mozilla\Firefox\Profiles\e0jnnn4w.default\extensions\ffxtlbr@iminent.com
[2013/12/05 19:10:58 | 000,000,880 | ---- | M] () -- C:\Users\Dawn work\AppData\Roaming\Mozilla\Firefox\Profiles\e0jnnn4w.default\searchplugins\conduit-search.xml
[2014/01/14 11:36:30 | 000,001,368 | ---- | M] () -- C:\Users\Dawn work\AppData\Roaming\Mozilla\Firefox\Profiles\e0jnnn4w.default\searchplugins\iminent.xml
CHR - Extension: Connect DLC 2 = C:\Users\Dawn work\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffekppndigniegkobcngkdmaadbhhonj\10.26.0.540_0\
CHR - Extension: Connect DLC 2 = C:\Users\Dawn work\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffekppndigniegkobcngkdmaadbhhonj\10.26.0.540_0\nativeMessaging\nmHos
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (no name) - {9cf699ca-2174-4ed8-bec1-ba82095edce0} - No CLSID value found.
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKCU..\Run: C:\Users\Dawn work\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (Conduit Ltd.)
[2014/01/14 11:36:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IminentToolbar
[2014/01/14 11:36:25 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Roaming\IminentToolbar
[2014/01/14 11:36:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent
:Commands
[purity]
[createrestorepoint]
[emptyjava]
[emptyflash]
[Reboot]
Then click the [b]Run Fix button at the top
Let the program run unhindered, reboot when it is done
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a log file (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that log file in your next reply.
A copy of all log files are saved in the C:\AdwCleaner folder which was created when running the tool.
=========================
In your next post please provide the following:
system-log.txt
mbar-log
OTL fix log
AdwCleaner[R0].txt
What symptoms are you experiencing?
Hello OCD,
System log
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.16476
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.196000 GHz
Memory total: 3644538880, free: 2007658496
Downloaded database version: v2014.01.18.06
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
01/18/2014 15:35:33
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\ahcix64s.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\amdxhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\usbohci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\amdhub30.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_ahcix64s.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\drivers\usbccgp.sys
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\??\C:\Users\DAWNWO~1\AppData\Local\Temp\uwddqkog.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\shell32.dll
\Windows\System32\ole32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\user32.dll
\Windows\System32\urlmon.dll
\Windows\System32\msvcrt.dll
\Windows\System32\nsi.dll
\Windows\System32\normaliz.dll
\Windows\System32\wininet.dll
\Windows\System32\kernel32.dll
\Windows\System32\imm32.dll
\Windows\System32\gdi32.dll
\Windows\System32\psapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\comdlg32.dll
\Windows\System32\lpk.dll
\Windows\System32\setupapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\iertutil.dll
\Windows\System32\sechost.dll
\Windows\System32\difxapi.dll
\Windows\System32\usp10.dll
\Windows\System32\ws2_32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\msctf.dll
\Windows\System32\advapi32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR23
Upper Device Object: 0xfffffa80039d7430
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000117\
Lower Device Object: 0xfffffa8005f01060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR20
Upper Device Object: 0xfffffa8003742060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000f4\
Lower Device Object: 0xfffffa800369eb60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR19
Upper Device Object: 0xfffffa8003968060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000f3\
Lower Device Object: 0xfffffa800389da60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR18
Upper Device Object: 0xfffffa8003964060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000f2\
Lower Device Object: 0xfffffa8003743b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR17
Upper Device Object: 0xfffffa800386e060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000f1\
Lower Device Object: 0xfffffa8003698060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR16
Upper Device Object: 0xfffffa8003743060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000f0\
Lower Device Object: 0xfffffa8003803990
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004667790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000065\
Lower Device Object: 0xfffffa800455e9c0
Lower Device Driver Name: \Driver\ahcix64s\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004667790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80046672c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004667790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800455e9c0, DeviceName: \Device\00000065\, DriverName: \Driver\ahcix64s\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7B4D19A1
Partition information:
Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 35651584
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 35653632 Numsec = 204800
Partition is not bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 35858432 Numsec = 940912640
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8003743060, DeviceName: \Device\Harddisk1\DR16\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003969400, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003743060, DeviceName: \Device\Harddisk1\DR16\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8003803990, DeviceName: \Device\000000f0\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800386e060, DeviceName: \Device\Harddisk2\DR17\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800383c400, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800386e060, DeviceName: \Device\Harddisk2\DR17\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8003698060, DeviceName: \Device\000000f1\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8003964060, DeviceName: \Device\Harddisk3\DR18\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800654e040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003964060, DeviceName: \Device\Harddisk3\DR18\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8003743b60, DeviceName: \Device\000000f2\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8003968060, DeviceName: \Device\Harddisk4\DR19\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003805400, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003968060, DeviceName: \Device\Harddisk4\DR19\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800389da60, DeviceName: \Device\000000f3\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa8003742060, DeviceName: \Device\Harddisk5\DR20\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003964b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003742060, DeviceName: \Device\Harddisk5\DR20\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800369eb60, DeviceName: \Device\000000f4\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa80039d7430, DeviceName: \Device\Harddisk6\DR23\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004251040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80039d7430, DeviceName: \Device\Harddisk6\DR23\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005f01060, DeviceName: \Device\00000117\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\Users\Dawn work\AppData\Local\Temp\winlogon.exe.mui --> [Trojan.Agent]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-11-20-4.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-14-7.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-11-21-5.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-11-22-6.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-11-23-7.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-11-28-5.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-11-29-6.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-11-30-7.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-01-1.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-03-3.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-04-4.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-05-5.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-06-6.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-11-4.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-12-5.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-13-6.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-15-1.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-22-1.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-23-2.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-24-3.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-25-4.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-26-5.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-27-6.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-29-1.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-30-2.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Local\Temp\AppLunch\WinUpdate.exe --> [Trojan.Agent]
Infected: C:\Users\Dawn work\AppData\Local\Temp\explorer.exe.mui --> [Heuristics.Reserved.Word.Exploit]
Scan finished
Creating System Restore point...
Could not create restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_35653632_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.16476
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.196000 GHz
Memory total: 3644538880, free: 2409947136
=======================================
MBAR log
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org
Database version: v2014.01.18.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Dawn work :: DAWNWORK-PC [administrator]
1/18/2014 3:35:41 PM
mbar-log-2014-01-18 (15-35-41).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 244768
Time elapsed: 18 minute(s), 5 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 1
C:\Users\Dawn work\AppData\Roaming\dclogs (Stolen.Data) -> Delete on reboot.
Files Detected: 28
C:\Users\Dawn work\AppData\Local\Temp\winlogon.exe.mui (Trojan.Agent) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-11-20-4.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-14-7.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-11-21-5.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-11-22-6.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-11-23-7.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-11-28-5.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-11-29-6.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-11-30-7.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-01-1.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-03-3.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-04-4.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-05-5.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-06-6.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-11-4.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-12-5.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-13-6.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-15-1.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-22-1.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-23-2.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-24-3.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-25-4.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-26-5.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-27-6.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-29-1.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-30-2.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Local\Temp\AppLunch\WinUpdate.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Dawn work\AppData\Local\Temp\explorer.exe.mui (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
Physical Sectors Detected: 0
(No malicious items detected)
(end)
OTL
It didn't give me a log?
# AdwCleaner v3.017 - Report created 19/01/2014 at 16:34:52
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dawn work - DAWNWORK-PC
# Running from : C:\Users\Dawn work\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
Service Found : BackupStack
***** [ Files / Folders ] *****
File Found : C:\Users\Dawn work\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Found : C:\Users\Dawn work\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage-journal
File Found : C:\Users\Dawn work\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
File Found : C:\Users\Dawn work\AppData\Local\mysearchdial-speeddial.crx
File Found : C:\Users\Dawn work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Found : C:\Users\Dawn work\AppData\Roaming\Mozilla\Firefox\Profiles\e0jnnn4w.default\searchplugins\Mysearchdial.xml
File Found : C:\Users\Dawn work\AppData\Roaming\Mozilla\Firefox\Profiles\e0jnnn4w.default\user.js
File Found : C:\Users\Dawn work\Desktop\Mobogenie.lnk
File Found : C:\Users\Dawn work\Desktop\MyPC Backup.lnk
File Found : C:\Users\Dawn work\Desktop\MySearchDial.url
File Found : C:\Users\Public\Desktop\Advanced System Protector.lnk
File Found : C:\Users\Public\Desktop\Open It!.lnk
File Found : C:\Users\Public\Desktop\RegClean Pro.lnk
File Found : C:\Windows\System32\roboot64.exe
File Found : C:\Windows\System32\Tasks\Advanced System Protector
File Found : C:\Windows\System32\Tasks\Advanced System Protector_startup
File Found : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
File Found : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore
File Found : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
File Found : C:\Windows\System32\Tasks\DealPlyUpdate
File Found : C:\Windows\System32\Tasks\MySearchDial
File Found : C:\Windows\System32\Tasks\RegClean Pro
File Found : C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
File Found : C:\Windows\System32\Tasks\RegClean Pro_UPDATES
File Found : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
File Found : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
File Found : C:\Windows\Tasks\MySearchDial.job
File Found : C:\Windows\Tasks\RegClean Pro_DEFAULT.job
File Found : C:\Windows\Tasks\RegClean Pro_UPDATES.job
Folder Found : C:\Users\Dawn work\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Folder Found C:\Program Files (x86)\Advanced System Protector
Folder Found C:\Program Files (x86)\BitLord 2
Folder Found C:\Program Files (x86)\Common Files\Umbrella
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\Mobogenie
Folder Found C:\Program Files (x86)\Movies Toolbar
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\Program Files (x86)\Mysearchdial
Folder Found C:\Program Files (x86)\openit
Folder Found C:\Program Files (x86)\RegClean Pro
Folder Found C:\Program Files (x86)\SoftwareUpdater
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\Ask
Folder Found C:\ProgramData\Browser Manager
Folder Found C:\ProgramData\Conduit
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Folder Found C:\ProgramData\Systweak
Folder Found C:\ProgramData\VisualBee
Folder Found C:\ProgramData\wincert
Folder Found C:\Searchprotect
Folder Found C:\Users\Dawn work\AppData\Local\Conduit
Folder Found C:\Users\Dawn work\AppData\Local\emaze
Folder Found C:\Users\Dawn work\AppData\Local\filetypeassistant
Folder Found C:\Users\Dawn work\AppData\Local\genienext
Folder Found C:\Users\Dawn work\AppData\Local\Mobogenie
Folder Found C:\Users\Dawn work\AppData\Local\NativeMessaging
Folder Found C:\Users\Dawn work\AppData\Local\torch
Folder Found C:\Users\Dawn work\AppData\Local\visualbeeexe
Folder Found C:\Users\Dawn work\AppData\LocalLow\Conduit
Folder Found C:\Users\Dawn work\AppData\LocalLow\PriceGong
Folder Found C:\Users\Dawn work\AppData\LocalLow\searchresultstb
Folder Found C:\Users\Dawn work\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Folder Found C:\Users\Dawn work\AppData\Roaming\BitLord
Folder Found C:\Users\Dawn work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord
Folder Found C:\Users\Dawn work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Found C:\Users\Dawn work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Found C:\Users\Dawn work\AppData\Roaming\Mysearchdial
Folder Found C:\Users\Dawn work\AppData\Roaming\newnext.me
Folder Found C:\Users\Dawn work\AppData\Roaming\OpenCandy
Folder Found C:\Users\Dawn work\AppData\Roaming\strongvault
Folder Found C:\Users\Dawn work\AppData\Roaming\Systweak
Folder Found C:\Users\Dawn work\AppData\Roaming\ValueApps
Folder Found C:\Users\Dawn work\Documents\BitLord
Folder Found C:\Users\Dawn work\Documents\Mobogenie
Folder Found C:\Users\DAWNWO~1\AppData\Local\Temp\Iminent
Folder Found C:\Users\DAWNWO~1\AppData\Local\Temp\NativeMessaging
***** [ Shortcuts ] *****
***** [ Registry ] *****
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\MOVIES~1\Datamngr\mgrldr.dll
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\Wincert\WIN32C~1.DLL
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\Wincert\WIN64C~1.DLL
Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Iminent
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Found : HKCU\Software\mysearchdial
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\torch
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\dsiteproducts
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\Iminent
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKCU\Software\mysearchdial
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\torch
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Iminent
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : HKLM\Software\Iminent
Key Found : HKLM\Software\InstallCore
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F63AAEDC-3602-49EF-AA45-262380A98980}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Key Found : HKLM\Software\systweak
Key Found : HKLM\Software\torch
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F63AAEDC-3602-49EF-AA45-262380A98980}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x86]
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCyEtDzz0CzzyD0D0A0AtBtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1178464931&ir=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCyEtDzz0CzzyD0D0A0AtBtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1178464931&ir=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.mysearchdial.com/?f=2&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCyEtDzz0CzzyD0D0A0AtBtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1178464931&ir=
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCyEtDzz0CzzyD0D0A0AtBtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1178464931&ir=
-\\ Mozilla Firefox v24.0 (en-US)
[ File : C:\Users\Dawn work\AppData\Roaming\Mozilla\Firefox\Profiles\e0jnnn4w.default\prefs.js ]
Line Found : user_pref("CT3309350.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("browser.search.defaultenginename", "Mysearchdial");
Line Found : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Found : user_pref("extensions.iminent.admin", false);
Line Found : user_pref("extensions.iminent.aflt", "orgnl");
Line Found : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
Line Found : user_pref("extensions.iminent.autoRvrt", "false");
Line Found : user_pref("extensions.iminent.dfltLng", "");
Line Found : user_pref("extensions.iminent.excTlbr", false);
Line Found : user_pref("extensions.iminent.ffxUnstlRst", false);
Line Found : user_pref("extensions.iminent.id", "1ce4daa2000000000000f80f41408c85");
Line Found : user_pref("extensions.iminent.instlDay", "16084");
Line Found : user_pref("extensions.iminent.instlRef", "");
Line Found : user_pref("extensions.iminent.newTab", false);
Line Found : user_pref("extensions.iminent.prdct", "iminent");
Line Found : user_pref("extensions.iminent.prtnrId", "iminent");
Line Found : user_pref("extensions.iminent.rvrt", "false");
Line Found : user_pref("extensions.iminent.smplGrp", "none");
Line Found : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
Line Found : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
Line Found : user_pref("extensions.iminent.vrsn", "1.8.28.3");
Line Found : user_pref("extensions.iminent.vrsnTs", "1.8.28.311:36:29");
Line Found : user_pref("extensions.iminent.vrsni", "1.8.28.3");
Line Found : user_pref("iminent.enabledAds", "false");
Line Found : user_pref("CT3306058.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCyEtDzz0CzzyD0D0A0AtBtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtC[...]
-\\ Google Chrome v
[ File : C:\Users\Dawn work\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found : homepage
*************************
AdwCleaner[R0].txt - [18459 octets] - [19/01/2014 16:34:52]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [18520 octets] ##########
well tons of little pop ups, the search engines keep changing, oh and for instance when I went to download AdwCleaner, first it downloaded something else entirely by the name of "open it" and "regclean pro"
Hi DawnW,
well tons of little pop ups,Can you tell me what the pop-ups were from?
the search engines keep changing,What do you mean by search engine? Do you mean browser, or home page?
oh and for instance when I went to download AdwCleaner, first it downloaded something else entirely by the name of "open it" and "regclean pro"These were removed by AdwCleaner during the last run.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run OTL (it should be located on your desktop).
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Uncheck the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
=========================
In your next post please provide the following:
OTL.txt
[QUOTE=OCD;449228]Hi DawnW,
Can you tell me what the pop-ups were from?
There are a couple of start up of machine, I will reboot after this post and let you know. Also if I open IE just different ad pop-ups pretty constantly. Another thing, I wanted to remove IE from my system and reinstall it, however, it isn't listed anywhere in my uninstall control panel, which I find really odd so I can't figure out how to remove the program.
What do you mean by search engine? Do you mean browser, or home page?
The homepage. It's supposed to be google, I keep changing it back. For a bit it was ask.com, now it's something else.
Then there is just the issue that I can't get rid of win32downloader.gen. I run spybot as admin, it finds it but then tells me it cant remove it, and asks to run at next start-up. I ok it, it runs at start, finds the bug again and repeats the same thing.
OTL
OTL logfile created on: 1/22/2014 6:35:58 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dawn work\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.39 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 58.62% Memory free
6.79 Gb Paging File | 5.04 Gb Available in Paging File | 74.33% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.66 Gb Total Space | 326.37 Gb Free Space | 72.74% Space Free | Partition Type: NTFS
Computer Name: DAWNWORK-PC | User Name: Dawn work | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Dawn work\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Dawn work\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Users\Dawn work\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe ()
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe (CyberLink)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
PRC - C:\Windows\SysWOW64\WinMsgBalloonClient.exe ()
PRC - C:\Windows\SysWOW64\WinMsgBalloonServer.exe ()
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe ()
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Users\Dawn work\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Dawn work\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
MOD - C:\Users\Dawn work\AppData\Local\Google\Chrome\Application\32.0.1700.76\libglesv2.dll ()
MOD - C:\Users\Dawn work\AppData\Local\Google\Chrome\Application\32.0.1700.76\libegl.dll ()
MOD - C:\Users\Dawn work\AppData\Local\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll ()
MOD - C:\Program Files (x86)\Movies Toolbar\Datamngr\mgrldr.dll ()
MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe ()
MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (Live Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
SRV:64bit: - (PSI_SVC_2_x64) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (arvato digital services llc)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (AMD_RAIDXpert) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (Disc Soft Ltd)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (sscdserd) -- C:\Windows\SysNative\drivers\sscdserd.sys (MCCI Corporation)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCyEtDzz0CzzyD0D0A0AtBtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1178464931&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCyEtDzz0CzzyD0D0A0AtBtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1178464931&ir=
IE:64bit: - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCyEtDzz0CzzyD0D0A0AtBtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1178464931&ir=
IE - HKLM\..\SearchScopes,DefaultScope = {373E341F-C4AC-4DD6-81E3-AD9A28C25121}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCyEtDzz0CzzyD0D0A0AtBtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1178464931&ir=
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCyEtDzz0CzzyD0D0A0AtBtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1178464931&ir=
IE - HKCU\..\SearchScopes\{CC86CF55-F39D-4A16-B65D-5053C0E019C5}: "URL" = http://search.genieo.com/results.html?v=w3i18W_29&wtag=W3i_IA,206,0_01,DefaultSearch,20130626,19841,6,0,&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Mysearchdial"
FF - prefs.js..extensions.enabledAddons: %7Bad9a41d2-9a49-4fa6-a79e-71a0785364c8%7D:9.5.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dawn work\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dawn work\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dawn work\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2013/06/23 03:01:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawn work\AppData\Roaming\Mozilla\Extensions
[2014/01/21 22:30:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawn work\AppData\Roaming\Mozilla\Firefox\Profiles\e0jnnn4w.default\extensions
[2014/01/21 22:30:13 | 000,000,000 | ---D | M] ("MySearchDial NewTab") -- C:\Users\Dawn work\AppData\Roaming\Mozilla\Firefox\Profiles\e0jnnn4w.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
[2014/01/21 22:30:16 | 000,002,401 | ---- | M] () -- C:\Users\Dawn work\AppData\Roaming\Mozilla\Firefox\Profiles\e0jnnn4w.default\searchplugins\Mysearchdial.xml
[2013/10/20 18:32:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/20 18:32:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.search.ask.com/?o=APN10645A&gct=hp&d=-&v=-&t=4
CHR - Extension: Google Wallet = C:\Users\Dawn work\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
O1 HOSTS File: ([2013/12/14 16:05:39 | 000,450,660 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15467 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Dawn work\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [NextLive] C:\Users\Dawn work\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Dawn work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB (WNICheck2 Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F17FA2D-C019-4DFA-97B2-018BD0AE3A22}: DhcpNameServer = 172.16.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - C:\ProgramData\Wincert\win64cert.dll ()
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll) - C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\mgrldr.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~2\MOVIES~1\Datamngr\mgrldr.dll) - C:\Program Files (x86)\Movies Toolbar\Datamngr\mgrldr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8c5787a1-398d-11e1-853b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8c5787a1-398d-11e1-853b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\{d4792b56-7a8b-11e3-977e-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{d4792b56-7a8b-11e3-977e-005056c00008}\Shell\AutoRun\command - "" = J:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: x64 - (C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll) - C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll ()
O36 - AppCertDlls: x86 - (C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll) - C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll ()
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/21 22:45:41 | 000,000,000 | ---D | C] -- C:\CIS146-75MichaelKeasler
[2014/01/21 16:20:07 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Roaming\YoudaGames
[2014/01/19 16:49:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/01/19 16:34:32 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/19 16:28:46 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2014/01/19 16:28:45 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\.android
[2014/01/19 16:28:43 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Roaming\newnext.me
[2014/01/19 16:28:43 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\Documents\Mobogenie
[2014/01/19 16:28:43 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Local\Mobogenie
[2014/01/19 16:28:43 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Local\genienext
[2014/01/19 16:28:43 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Local\cache
[2014/01/19 16:27:57 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
[2014/01/19 16:27:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2014/01/19 16:27:38 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2014/01/19 16:27:34 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Roaming\systweak
[2014/01/19 16:27:18 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Local\Programs
[2014/01/19 16:27:11 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Roaming\DigitalSites
[2014/01/18 19:00:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/18 15:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/18 15:35:33 | 000,117,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/01/18 15:33:49 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/18 15:33:10 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\Desktop\mbar
[2014/01/18 15:31:54 | 012,582,688 | ---- | C] (Malwarebytes Corp.) -- C:\Users\Dawn work\Desktop\mbar-1.07.0.1008.exe
[2014/01/17 17:58:36 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Local\{E7976A8B-FA28-47ED-9033-AD905F9D24DA}
[2014/01/17 17:28:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dawn work\Desktop\OTL.exe
[2014/01/15 08:46:22 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/01/15 08:46:22 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/01/15 08:46:20 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/01/14 12:08:15 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Local\FalloutNV
[2014/01/14 11:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2014/01/14 11:40:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2014/01/14 11:36:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Umbrella
[2014/01/14 11:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2014/01/14 11:35:02 | 000,283,064 | ---- | C] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2014/01/14 11:35:00 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Roaming\DAEMON Tools Lite
[2014/01/14 11:34:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2014/01/14 11:32:43 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2014/01/14 11:32:33 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Roaming\OpenCandy
[2014/01/14 11:32:18 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Roaming\rmi
[2014/01/14 11:26:56 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Roaming\Nero
[2014/01/05 11:05:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2014/01/05 11:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/01/05 11:04:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2 C:\Users\Dawn work\AppData\Local\*.tmp files -> C:\Users\Dawn work\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/01/22 06:09:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1649779396-1205929758-1027307738-1001UA.job
[2014/01/22 06:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/22 06:01:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\DealPlyLiveUpdateTaskMachineUA.job
[2014/01/22 02:09:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1649779396-1205929758-1027307738-1001Core.job
[2014/01/21 22:58:11 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/21 22:58:11 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/21 16:01:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\DealPlyLiveUpdateTaskMachineCore.job
[2014/01/20 12:28:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/20 12:28:04 | 2733,404,160 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/19 17:05:03 | 000,450,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/19 16:49:08 | 000,624,614 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/19 16:49:08 | 000,106,732 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/19 16:48:10 | 029,707,776 | ---- | M] () -- C:\Users\Dawn work\Desktop\inFlow_Backup_20140119.ifi
[2014/01/19 16:34:14 | 001,236,282 | ---- | M] () -- C:\Users\Dawn work\Desktop\AdwCleaner.exe
[2014/01/19 16:29:09 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\Digital Sites.job
[2014/01/19 16:27:14 | 000,000,102 | ---- | M] () -- C:\Users\Dawn work\AppData\Roaming\WB.CFG
[2014/01/19 16:27:12 | 000,366,611 | ---- | M] () -- C:\Users\Dawn work\AppData\Local\mysearchdial-speeddial.crx
[2014/01/18 15:35:33 | 000,117,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/01/18 15:33:49 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/18 15:32:09 | 012,582,688 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Dawn work\Desktop\mbar-1.07.0.1008.exe
[2014/01/17 17:28:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dawn work\Desktop\OTL.exe
[2014/01/17 15:45:46 | 000,987,425 | ---- | M] () -- C:\Users\Dawn work\Desktop\SecurityCheck.exe
[2014/01/16 21:19:43 | 000,794,348 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/16 16:34:00 | 000,028,121 | ---- | M] () -- C:\Users\Dawn work\Documents\Invertebrates to Cnidarians (1).odt
[2014/01/14 21:13:10 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/01/14 21:13:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/01/14 16:49:20 | 000,000,033 | ---- | M] () -- C:\Windows\popcinfo.dat
[2014/01/14 11:56:43 | 000,001,443 | ---- | M] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
[2014/01/14 11:35:40 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2014/01/14 11:35:02 | 000,283,064 | ---- | M] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2014/01/05 11:04:47 | 000,001,112 | ---- | M] () -- C:\Users\Dawn work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/12/27 18:10:50 | 000,020,312 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2 C:\Users\Dawn work\AppData\Local\*.tmp files -> C:\Users\Dawn work\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/01/19 16:48:07 | 029,707,776 | ---- | C] () -- C:\Users\Dawn work\Desktop\inFlow_Backup_20140119.ifi
[2014/01/19 16:34:06 | 001,236,282 | ---- | C] () -- C:\Users\Dawn work\Desktop\AdwCleaner.exe
[2014/01/19 16:27:25 | 000,366,611 | ---- | C] () -- C:\Users\Dawn work\AppData\Local\mysearchdial-speeddial.crx
[2014/01/19 16:27:14 | 000,000,102 | ---- | C] () -- C:\Users\Dawn work\AppData\Roaming\WB.CFG
[2014/01/19 16:27:12 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\Digital Sites.job
[2014/01/17 15:45:41 | 000,987,425 | ---- | C] () -- C:\Users\Dawn work\Desktop\SecurityCheck.exe
[2014/01/16 16:33:57 | 000,028,121 | ---- | C] () -- C:\Users\Dawn work\Documents\Invertebrates to Cnidarians (1).odt
[2014/01/14 11:56:43 | 000,001,443 | ---- | C] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
[2014/01/14 11:35:40 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2014/01/05 11:04:47 | 000,001,112 | ---- | C] () -- C:\Users\Dawn work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/12/22 08:51:02 | 000,001,479 | ---- | C] () -- C:\Users\Dawn work\AppData\Local\recently-used.xbel
[2013/07/17 20:54:43 | 000,000,033 | ---- | C] () -- C:\Windows\popcinfo.dat
[2013/07/05 14:08:54 | 000,558,080 | ---- | C] () -- C:\Users\Dawn work\AppData\Roaming\SharedSettings.ccs
[2013/06/27 17:54:51 | 000,000,022 | ---- | C] () -- C:\Users\Dawn work\.gtk-bookmarks
[2013/05/28 21:49:27 | 000,000,049 | ---- | C] () -- C:\Users\Dawn work\jagex_cl_runescape_LIVE1.dat
[2013/01/28 19:15:33 | 000,000,048 | ---- | C] () -- C:\Users\Dawn work\jagex_cl_runescape_LIVE.dat
[2013/01/28 19:15:33 | 000,000,024 | ---- | C] () -- C:\Users\Dawn work\random.dat
[2012/07/28 16:05:16 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\set.ini
[2012/07/13 07:36:48 | 000,017,492 | ---- | C] () -- C:\Windows\wininit.ini
[2012/07/13 06:31:15 | 000,748,576 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/21 10:14:54 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\HTSound.dll
========== ZeroAccess Check ==========
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Alternate Data Streams ==========
@Alternate Data Stream - 249 bytes -> C:\ProgramData\Temp:E1D06077
@Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:8967C154
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:8C12CFCD
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:928DF32E
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:E153075C
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:0E61938B
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:2CB9631F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:EFECABA9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:08DB8D99
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:60E0AB2A
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:E6D148BC
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:A2B3764A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:2F5A06FD
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:F591490A
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:FACB65E7
< End of report >
At boot up of computer here's what I get.
Warning!
Error saving file
C:\windows\ERDNT\AutoBackup\1-22-2014\system !
Continue with next file?
[RegCreateKeyEx:5-Access is denied]
and also,
RunDLL
There was a problem starting c:\Users\Dawnwork\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
The specific module could not be found.
Hi DawnW,
Also if I open IE just different ad pop-ups pretty constantly. Another thing, I wanted to remove IE from my system and reinstall it, however, it isn't listed anywhere in my uninstall control panel, which I find really odd so I can't figure out how to remove the program.
You can not remove Internet Explorer, Windows does not allow it, but it should be kept up to date for security reasons.
The homepage. It's supposed to be google, I keep changing it back. For a bit it was ask.com, now it's something else.
Which browser/s do you want to set the homepage to Google in? (IE, Firefox, Chrome)
Then there is just the issue that I can't get rid of win32downloader.gen.
Do you continue to get these notifications?
=========================
I don't know which version you have, but let's disable Spybot's TeaTimer. Choose whichever set of instructions work for the version you have.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Spybot - Search & Destroy's Tea Timer (newer version). Please follow the instruction below.
Locate your copy of Spybot - Search & Destroy's and open it.
In the menu bar at the top select "Mode", then select "Advanced".
In the left hand menu expand the "Tools" menu.
Select "Resident", then remove the check mark for "Resident Tea Timer"
Then exit the program by clicking "File" then select "Exit"
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) SpyBot's TeaTimer (older version)
Go to your desktop and double click on the "Spybot-S&D Start Center".
Now activate the "Experienced User Mode" at top by ticking the checkbox.
In the area "Settings & More Tools" please click on "Services".
Now start the "On-Access Monitor" by ticking the "Start" button.
Close the "Spybot - Search & Destroy Services" window.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Run OTL.exe
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a...1178464931&ir=
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCyEtDzz0CzzyD0D0A0AtBtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1178464931&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a...1178464931&ir=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a...1178464931&ir=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCyEtDzz0CzzyD0D0A0AtBtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1178464931&ir=
IE - HKCU\..\SearchScopes\{CC86CF55-F39D-4A16-B65D-5053C0E019C5}: "URL" = http://search.genieo.com/results.html?v=w3i18W_29&wtag=W3i_IA,206,0_01,DefaultSearch,20130626,19841,6,0,&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Mysearchdial"
[2014/01/21 22:30:13 | 000,000,000 | ---D | M] ("MySearchDial NewTab") -- C:\Users\Dawn work\AppData\Roaming\Mozilla\Firefox\Profiles\e0jnnn4w.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
[2014/01/21 22:30:16 | 000,002,401 | ---- | M] () -- C:\Users\Dawn work\AppData\Roaming\Mozilla\Firefox\Profiles\e0jnnn4w.default\searchplugins\Mysearchdial.xml
CHR - homepage: http://www.search.ask.com/?o=APN1064...hp&d=-&v=-&t=4
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
[2014/01/19 16:28:43 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\Documents\Mobogenie
[2014/01/19 16:28:43 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Local\Mobogenie
[2014/01/19 16:27:57 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
:Files
c:\Users\Dawnwork\AppData\Local\Conduit
ipconfig /flushdns /c
:Commands
[purity]
[createrestorepoint]
[emptytemp]
[emptyjava]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re- run AdwCleaner
It should be on your desktop
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run OTL (it should be located on your desktop).
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Uncheck the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
=========================
In your next post please provide the following:
OTL fix log
AdwCleaner[S1].txt
New OTL.txt
Answers to my questions.
Hi DawnW,
Just checking in to see if you still need help?
This thread has been closed due to inactivity. If it has been three days or more since your last post it will not be re-opened.
If you still require help, please start a new topic and include fresh DDS and aswMBR logs, along with a link to your previous thread.
Please do not add any logs that might have been requested previously, you would be starting fresh.
Applies only to the original poster, anyone else with similar problems please start your own topic.