Can't get rid of win32.downloader.gen

[DawnW]

Hello OCD,

System log
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16476

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.196000 GHz
Memory total: 3644538880, free: 2007658496

Downloaded database version: v2014.01.18.06
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
01/18/2014 15:35:33
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\ahcix64s.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\amdxhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\usbohci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\amdhub30.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_ahcix64s.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\drivers\usbccgp.sys
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\??\C:\Users\DAWNWO~1\AppData\Local\Temp\uwddqkog.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\shell32.dll
\Windows\System32\ole32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\user32.dll
\Windows\System32\urlmon.dll
\Windows\System32\msvcrt.dll
\Windows\System32\nsi.dll
\Windows\System32\normaliz.dll
\Windows\System32\wininet.dll
\Windows\System32\kernel32.dll
\Windows\System32\imm32.dll
\Windows\System32\gdi32.dll
\Windows\System32\psapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\comdlg32.dll
\Windows\System32\lpk.dll
\Windows\System32\setupapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\iertutil.dll
\Windows\System32\sechost.dll
\Windows\System32\difxapi.dll
\Windows\System32\usp10.dll
\Windows\System32\ws2_32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\msctf.dll
\Windows\System32\advapi32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR23
Upper Device Object: 0xfffffa80039d7430
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000117\
Lower Device Object: 0xfffffa8005f01060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR20
Upper Device Object: 0xfffffa8003742060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000f4\
Lower Device Object: 0xfffffa800369eb60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR19
Upper Device Object: 0xfffffa8003968060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000f3\
Lower Device Object: 0xfffffa800389da60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR18
Upper Device Object: 0xfffffa8003964060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000f2\
Lower Device Object: 0xfffffa8003743b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR17
Upper Device Object: 0xfffffa800386e060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000f1\
Lower Device Object: 0xfffffa8003698060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR16
Upper Device Object: 0xfffffa8003743060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000f0\
Lower Device Object: 0xfffffa8003803990
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004667790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000065\
Lower Device Object: 0xfffffa800455e9c0
Lower Device Driver Name: \Driver\ahcix64s\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004667790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80046672c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004667790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800455e9c0, DeviceName: \Device\00000065\, DriverName: \Driver\ahcix64s\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7B4D19A1

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 35651584

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 35653632 Numsec = 204800
Partition is not bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 35858432 Numsec = 940912640

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8003743060, DeviceName: \Device\Harddisk1\DR16\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003969400, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003743060, DeviceName: \Device\Harddisk1\DR16\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8003803990, DeviceName: \Device\000000f0\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800386e060, DeviceName: \Device\Harddisk2\DR17\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800383c400, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800386e060, DeviceName: \Device\Harddisk2\DR17\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8003698060, DeviceName: \Device\000000f1\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8003964060, DeviceName: \Device\Harddisk3\DR18\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800654e040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003964060, DeviceName: \Device\Harddisk3\DR18\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8003743b60, DeviceName: \Device\000000f2\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8003968060, DeviceName: \Device\Harddisk4\DR19\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003805400, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003968060, DeviceName: \Device\Harddisk4\DR19\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800389da60, DeviceName: \Device\000000f3\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa8003742060, DeviceName: \Device\Harddisk5\DR20\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003964b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003742060, DeviceName: \Device\Harddisk5\DR20\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800369eb60, DeviceName: \Device\000000f4\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa80039d7430, DeviceName: \Device\Harddisk6\DR23\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004251040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80039d7430, DeviceName: \Device\Harddisk6\DR23\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005f01060, DeviceName: \Device\00000117\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\Users\Dawn work\AppData\Local\Temp\winlogon.exe.mui --> [Trojan.Agent]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-11-20-4.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-14-7.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-11-21-5.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-11-22-6.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-11-23-7.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-11-28-5.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-11-29-6.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-11-30-7.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-01-1.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-03-3.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-04-4.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-05-5.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-06-6.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-11-4.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-12-5.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-13-6.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-15-1.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-22-1.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-23-2.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-24-3.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-25-4.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-26-5.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-27-6.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-29-1.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-30-2.dc --> [Stolen.Data]
Infected: C:\Users\Dawn work\AppData\Local\Temp\AppLunch\WinUpdate.exe --> [Trojan.Agent]
Infected: C:\Users\Dawn work\AppData\Local\Temp\explorer.exe.mui --> [Heuristics.Reserved.Word.Exploit]
Scan finished
Creating System Restore point...
Could not create restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_35653632_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16476

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.196000 GHz
Memory total: 3644538880, free: 2409947136

=======================================

MBAR log

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.18.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Dawn work :: DAWNWORK-PC [administrator]

1/18/2014 3:35:41 PM
mbar-log-2014-01-18 (15-35-41).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 244768
Time elapsed: 18 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Dawn work\AppData\Roaming\dclogs (Stolen.Data) -> Delete on reboot.

Files Detected: 28
C:\Users\Dawn work\AppData\Local\Temp\winlogon.exe.mui (Trojan.Agent) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-11-20-4.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-14-7.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-11-21-5.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-11-22-6.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-11-23-7.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-11-28-5.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-11-29-6.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-11-30-7.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-01-1.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-03-3.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-04-4.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-05-5.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-06-6.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-11-4.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-12-5.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-13-6.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-15-1.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-22-1.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-23-2.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-24-3.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-25-4.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-26-5.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-27-6.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-29-1.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Roaming\dclogs\2013-12-30-2.dc (Stolen.Data) -> Delete on reboot.
C:\Users\Dawn work\AppData\Local\Temp\AppLunch\WinUpdate.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Dawn work\AppData\Local\Temp\explorer.exe.mui (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

[DawnW]

OTL

It didn't give me a log?

# AdwCleaner v3.017 - Report created 19/01/2014 at 16:34:52
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dawn work - DAWNWORK-PC
# Running from : C:\Users\Dawn work\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : BackupStack

***** [ Files / Folders ] *****

File Found : C:\Users\Dawn work\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Found : C:\Users\Dawn work\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage-journal
File Found : C:\Users\Dawn work\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
File Found : C:\Users\Dawn work\AppData\Local\mysearchdial-speeddial.crx
File Found : C:\Users\Dawn work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Found : C:\Users\Dawn work\AppData\Roaming\Mozilla\Firefox\Profiles\e0jnnn4w.default\searchplugins\Mysearchdial.xml
File Found : C:\Users\Dawn work\AppData\Roaming\Mozilla\Firefox\Profiles\e0jnnn4w.default\user.js
File Found : C:\Users\Dawn work\Desktop\Mobogenie.lnk
File Found : C:\Users\Dawn work\Desktop\MyPC Backup.lnk
File Found : C:\Users\Dawn work\Desktop\MySearchDial.url
File Found : C:\Users\Public\Desktop\Advanced System Protector.lnk
File Found : C:\Users\Public\Desktop\Open It!.lnk
File Found : C:\Users\Public\Desktop\RegClean Pro.lnk
File Found : C:\Windows\System32\roboot64.exe
File Found : C:\Windows\System32\Tasks\Advanced System Protector
File Found : C:\Windows\System32\Tasks\Advanced System Protector_startup
File Found : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
File Found : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore
File Found : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
File Found : C:\Windows\System32\Tasks\DealPlyUpdate
File Found : C:\Windows\System32\Tasks\MySearchDial
File Found : C:\Windows\System32\Tasks\RegClean Pro
File Found : C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
File Found : C:\Windows\System32\Tasks\RegClean Pro_UPDATES
File Found : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
File Found : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
File Found : C:\Windows\Tasks\MySearchDial.job
File Found : C:\Windows\Tasks\RegClean Pro_DEFAULT.job
File Found : C:\Windows\Tasks\RegClean Pro_UPDATES.job
Folder Found : C:\Users\Dawn work\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Folder Found C:\Program Files (x86)\Advanced System Protector
Folder Found C:\Program Files (x86)\BitLord 2
Folder Found C:\Program Files (x86)\Common Files\Umbrella
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\Mobogenie
Folder Found C:\Program Files (x86)\Movies Toolbar
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\Program Files (x86)\Mysearchdial
Folder Found C:\Program Files (x86)\openit
Folder Found C:\Program Files (x86)\RegClean Pro
Folder Found C:\Program Files (x86)\SoftwareUpdater
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\Ask
Folder Found C:\ProgramData\Browser Manager
Folder Found C:\ProgramData\Conduit
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Folder Found C:\ProgramData\Systweak
Folder Found C:\ProgramData\VisualBee
Folder Found C:\ProgramData\wincert
Folder Found C:\Searchprotect
Folder Found C:\Users\Dawn work\AppData\Local\Conduit
Folder Found C:\Users\Dawn work\AppData\Local\emaze
Folder Found C:\Users\Dawn work\AppData\Local\filetypeassistant
Folder Found C:\Users\Dawn work\AppData\Local\genienext
Folder Found C:\Users\Dawn work\AppData\Local\Mobogenie
Folder Found C:\Users\Dawn work\AppData\Local\NativeMessaging
Folder Found C:\Users\Dawn work\AppData\Local\torch
Folder Found C:\Users\Dawn work\AppData\Local\visualbeeexe
Folder Found C:\Users\Dawn work\AppData\LocalLow\Conduit
Folder Found C:\Users\Dawn work\AppData\LocalLow\PriceGong
Folder Found C:\Users\Dawn work\AppData\LocalLow\searchresultstb
Folder Found C:\Users\Dawn work\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Folder Found C:\Users\Dawn work\AppData\Roaming\BitLord
Folder Found C:\Users\Dawn work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord
Folder Found C:\Users\Dawn work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Found C:\Users\Dawn work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Found C:\Users\Dawn work\AppData\Roaming\Mysearchdial
Folder Found C:\Users\Dawn work\AppData\Roaming\newnext.me
Folder Found C:\Users\Dawn work\AppData\Roaming\OpenCandy
Folder Found C:\Users\Dawn work\AppData\Roaming\strongvault
Folder Found C:\Users\Dawn work\AppData\Roaming\Systweak
Folder Found C:\Users\Dawn work\AppData\Roaming\ValueApps
Folder Found C:\Users\Dawn work\Documents\BitLord
Folder Found C:\Users\Dawn work\Documents\Mobogenie
Folder Found C:\Users\DAWNWO~1\AppData\Local\Temp\Iminent
Folder Found C:\Users\DAWNWO~1\AppData\Local\Temp\NativeMessaging

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\MOVIES~1\Datamngr\mgrldr.dll
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\Wincert\WIN32C~1.DLL
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\Wincert\WIN64C~1.DLL
Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Iminent
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Found : HKCU\Software\mysearchdial
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\torch
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\dsiteproducts
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\Iminent
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKCU\Software\mysearchdial
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\torch
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Iminent
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : HKLM\Software\Iminent
Key Found : HKLM\Software\InstallCore
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F63AAEDC-3602-49EF-AA45-262380A98980}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Key Found : HKLM\Software\systweak
Key Found : HKLM\Software\torch
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F63AAEDC-3602-49EF-AA45-262380A98980}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x86]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCyEtDzz0CzzyD0D0A0AtBtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1178464931&ir=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCyEtDzz0CzzyD0D0A0AtBtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1178464931&ir=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.mysearchdial.com/?f=2&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCyEtDzz0CzzyD0D0A0AtBtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1178464931&ir=
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCyEtDzz0CzzyD0D0A0AtBtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1178464931&ir=

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Dawn work\AppData\Roaming\Mozilla\Firefox\Profiles\e0jnnn4w.default\prefs.js ]

Line Found : user_pref("CT3309350.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("browser.search.defaultenginename", "Mysearchdial");
Line Found : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Found : user_pref("extensions.iminent.admin", false);
Line Found : user_pref("extensions.iminent.aflt", "orgnl");
Line Found : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
Line Found : user_pref("extensions.iminent.autoRvrt", "false");
Line Found : user_pref("extensions.iminent.dfltLng", "");
Line Found : user_pref("extensions.iminent.excTlbr", false);
Line Found : user_pref("extensions.iminent.ffxUnstlRst", false);
Line Found : user_pref("extensions.iminent.id", "1ce4daa2000000000000f80f41408c85");
Line Found : user_pref("extensions.iminent.instlDay", "16084");
Line Found : user_pref("extensions.iminent.instlRef", "");
Line Found : user_pref("extensions.iminent.newTab", false);
Line Found : user_pref("extensions.iminent.prdct", "iminent");
Line Found : user_pref("extensions.iminent.prtnrId", "iminent");
Line Found : user_pref("extensions.iminent.rvrt", "false");
Line Found : user_pref("extensions.iminent.smplGrp", "none");
Line Found : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
Line Found : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
Line Found : user_pref("extensions.iminent.vrsn", "1.8.28.3");
Line Found : user_pref("extensions.iminent.vrsnTs", "1.8.28.311:36:29");
Line Found : user_pref("extensions.iminent.vrsni", "1.8.28.3");
Line Found : user_pref("iminent.enabledAds", "false");
Line Found : user_pref("CT3306058.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCyEtDzz0CzzyD0D0A0AtBtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtC[...]

-\\ Google Chrome v

[ File : C:\Users\Dawn work\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage

*************************

AdwCleaner[R0].txt - [18459 octets] - [19/01/2014 16:34:52]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [18520 octets] ##########


well tons of little pop ups, the search engines keep changing, oh and for instance when I went to download AdwCleaner, first it downloaded something else entirely by the name of "open it" and "regclean pro"

[OCD]

Hi DawnW,

well tons of little pop ups,

Can you tell me what the pop-ups were from?

the search engines keep changing,

What do you mean by search engine? Do you mean browser, or home page?

oh and for instance when I went to download AdwCleaner, first it downloaded something else entirely by the name of "open it" and "regclean pro"

These were removed by AdwCleaner during the last run.

=========================

Re-run OTL (it should be located on your desktop).

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Uncheck the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
  Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
• Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.

=========================

In your next post please provide the following:

• OTL.txt

[DawnW]

[QUOTE=OCD;449228]Hi DawnW,

Can you tell me what the pop-ups were from?

There are a couple of start up of machine, I will reboot after this post and let you know. Also if I open IE just different ad pop-ups pretty constantly. Another thing, I wanted to remove IE from my system and reinstall it, however, it isn't listed anywhere in my uninstall control panel, which I find really odd so I can't figure out how to remove the program.

What do you mean by search engine? Do you mean browser, or home page?

The homepage. It's supposed to be google, I keep changing it back. For a bit it was ask.com, now it's something else.

Then there is just the issue that I can't get rid of win32downloader.gen. I run spybot as admin, it finds it but then tells me it cant remove it, and asks to run at next start-up. I ok it, it runs at start, finds the bug again and repeats the same thing.

OTL

OTL logfile created on: 1/22/2014 6:35:58 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dawn work\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.39 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 58.62% Memory free
6.79 Gb Paging File | 5.04 Gb Available in Paging File | 74.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.66 Gb Total Space | 326.37 Gb Free Space | 72.74% Space Free | Partition Type: NTFS

Computer Name: DAWNWORK-PC | User Name: Dawn work | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dawn work\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Dawn work\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Users\Dawn work\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe ()
PRC - C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe (CyberLink)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
PRC - C:\Windows\SysWOW64\WinMsgBalloonClient.exe ()
PRC - C:\Windows\SysWOW64\WinMsgBalloonServer.exe ()
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe ()
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Users\Dawn work\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Dawn work\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
MOD - C:\Users\Dawn work\AppData\Local\Google\Chrome\Application\32.0.1700.76\libglesv2.dll ()
MOD - C:\Users\Dawn work\AppData\Local\Google\Chrome\Application\32.0.1700.76\libegl.dll ()
MOD - C:\Users\Dawn work\AppData\Local\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll ()
MOD - C:\Program Files (x86)\Movies Toolbar\Datamngr\mgrldr.dll ()
MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe ()
MOD - C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (Live Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
SRV:64bit: - (PSI_SVC_2_x64) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (arvato digital services llc)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (AMD_RAIDXpert) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (Disc Soft Ltd)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (sscdserd) -- C:\Windows\SysNative\drivers\sscdserd.sys (MCCI Corporation)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a...1178464931&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCyEtDzz0CzzyD0D0A0AtBtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1178464931&ir=
IE:64bit: - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a...1178464931&ir=
IE - HKLM\..\SearchScopes,DefaultScope = {373E341F-C4AC-4DD6-81E3-AD9A28C25121}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a...1178464931&ir=
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCyEtDzz0CzzyD0D0A0AtBtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1178464931&ir=
IE - HKCU\..\SearchScopes\{CC86CF55-F39D-4A16-B65D-5053C0E019C5}: "URL" = http://search.genieo.com/results.html?v=w3i18W_29&wtag=W3i_IA,206,0_01,DefaultSearch,20130626,19841,6,0,&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Mysearchdial"
FF - prefs.js..extensions.enabledAddons: %7Bad9a41d2-9a49-4fa6-a79e-71a0785364c8%7D:9.5.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dawn work\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dawn work\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dawn work\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/06/23 03:01:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawn work\AppData\Roaming\Mozilla\Extensions
[2014/01/21 22:30:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawn work\AppData\Roaming\Mozilla\Firefox\Profiles\e0jnnn4w.default\extensions
[2014/01/21 22:30:13 | 000,000,000 | ---D | M] ("MySearchDial NewTab") -- C:\Users\Dawn work\AppData\Roaming\Mozilla\Firefox\Profiles\e0jnnn4w.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
[2014/01/21 22:30:16 | 000,002,401 | ---- | M] () -- C:\Users\Dawn work\AppData\Roaming\Mozilla\Firefox\Profiles\e0jnnn4w.default\searchplugins\Mysearchdial.xml
[2013/10/20 18:32:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/20 18:32:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.search.ask.com/?o=APN1064...hp&d=-&v=-&t=4
CHR - Extension: Google Wallet = C:\Users\Dawn work\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

O1 HOSTS File: ([2013/12/14 16:05:39 | 000,450,660 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15467 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Dawn work\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [NextLive] C:\Users\Dawn work\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Dawn work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB (WNICheck2 Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F17FA2D-C019-4DFA-97B2-018BD0AE3A22}: DhcpNameServer = 172.16.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - C:\ProgramData\Wincert\win64cert.dll ()
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll) - C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\mgrldr.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~2\MOVIES~1\Datamngr\mgrldr.dll) - C:\Program Files (x86)\Movies Toolbar\Datamngr\mgrldr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8c5787a1-398d-11e1-853b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8c5787a1-398d-11e1-853b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\{d4792b56-7a8b-11e3-977e-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{d4792b56-7a8b-11e3-977e-005056c00008}\Shell\AutoRun\command - "" = J:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: x64 - (C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll) - C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll ()
O36 - AppCertDlls: x86 - (C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll) - C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll ()
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/21 22:45:41 | 000,000,000 | ---D | C] -- C:\CIS146-75MichaelKeasler
[2014/01/21 16:20:07 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Roaming\YoudaGames
[2014/01/19 16:49:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/01/19 16:34:32 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/19 16:28:46 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2014/01/19 16:28:45 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\.android
[2014/01/19 16:28:43 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Roaming\newnext.me
[2014/01/19 16:28:43 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\Documents\Mobogenie
[2014/01/19 16:28:43 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Local\Mobogenie
[2014/01/19 16:28:43 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Local\genienext
[2014/01/19 16:28:43 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Local\cache
[2014/01/19 16:27:57 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
[2014/01/19 16:27:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2014/01/19 16:27:38 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2014/01/19 16:27:34 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Roaming\systweak
[2014/01/19 16:27:18 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Local\Programs
[2014/01/19 16:27:11 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Roaming\DigitalSites
[2014/01/18 19:00:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/18 15:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/18 15:35:33 | 000,117,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/01/18 15:33:49 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/18 15:33:10 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\Desktop\mbar
[2014/01/18 15:31:54 | 012,582,688 | ---- | C] (Malwarebytes Corp.) -- C:\Users\Dawn work\Desktop\mbar-1.07.0.1008.exe
[2014/01/17 17:58:36 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Local\{E7976A8B-FA28-47ED-9033-AD905F9D24DA}
[2014/01/17 17:28:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dawn work\Desktop\OTL.exe
[2014/01/15 08:46:22 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/01/15 08:46:22 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/01/15 08:46:20 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/01/14 12:08:15 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Local\FalloutNV
[2014/01/14 11:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2014/01/14 11:40:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2014/01/14 11:36:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Umbrella
[2014/01/14 11:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2014/01/14 11:35:02 | 000,283,064 | ---- | C] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2014/01/14 11:35:00 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Roaming\DAEMON Tools Lite
[2014/01/14 11:34:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2014/01/14 11:32:43 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2014/01/14 11:32:33 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Roaming\OpenCandy
[2014/01/14 11:32:18 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Roaming\rmi
[2014/01/14 11:26:56 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Roaming\Nero
[2014/01/05 11:05:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2014/01/05 11:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/01/05 11:04:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2 C:\Users\Dawn work\AppData\Local\*.tmp files -> C:\Users\Dawn work\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/22 06:09:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1649779396-1205929758-1027307738-1001UA.job
[2014/01/22 06:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/22 06:01:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\DealPlyLiveUpdateTaskMachineUA.job
[2014/01/22 02:09:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1649779396-1205929758-1027307738-1001Core.job
[2014/01/21 22:58:11 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/21 22:58:11 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/21 16:01:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\DealPlyLiveUpdateTaskMachineCore.job
[2014/01/20 12:28:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/20 12:28:04 | 2733,404,160 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/19 17:05:03 | 000,450,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/19 16:49:08 | 000,624,614 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/19 16:49:08 | 000,106,732 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/19 16:48:10 | 029,707,776 | ---- | M] () -- C:\Users\Dawn work\Desktop\inFlow_Backup_20140119.ifi
[2014/01/19 16:34:14 | 001,236,282 | ---- | M] () -- C:\Users\Dawn work\Desktop\AdwCleaner.exe
[2014/01/19 16:29:09 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\Digital Sites.job
[2014/01/19 16:27:14 | 000,000,102 | ---- | M] () -- C:\Users\Dawn work\AppData\Roaming\WB.CFG
[2014/01/19 16:27:12 | 000,366,611 | ---- | M] () -- C:\Users\Dawn work\AppData\Local\mysearchdial-speeddial.crx
[2014/01/18 15:35:33 | 000,117,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/01/18 15:33:49 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/18 15:32:09 | 012,582,688 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Dawn work\Desktop\mbar-1.07.0.1008.exe
[2014/01/17 17:28:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dawn work\Desktop\OTL.exe
[2014/01/17 15:45:46 | 000,987,425 | ---- | M] () -- C:\Users\Dawn work\Desktop\SecurityCheck.exe
[2014/01/16 21:19:43 | 000,794,348 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/16 16:34:00 | 000,028,121 | ---- | M] () -- C:\Users\Dawn work\Documents\Invertebrates to Cnidarians (1).odt
[2014/01/14 21:13:10 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/01/14 21:13:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/01/14 16:49:20 | 000,000,033 | ---- | M] () -- C:\Windows\popcinfo.dat
[2014/01/14 11:56:43 | 000,001,443 | ---- | M] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
[2014/01/14 11:35:40 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2014/01/14 11:35:02 | 000,283,064 | ---- | M] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2014/01/05 11:04:47 | 000,001,112 | ---- | M] () -- C:\Users\Dawn work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/12/27 18:10:50 | 000,020,312 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2 C:\Users\Dawn work\AppData\Local\*.tmp files -> C:\Users\Dawn work\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/19 16:48:07 | 029,707,776 | ---- | C] () -- C:\Users\Dawn work\Desktop\inFlow_Backup_20140119.ifi
[2014/01/19 16:34:06 | 001,236,282 | ---- | C] () -- C:\Users\Dawn work\Desktop\AdwCleaner.exe
[2014/01/19 16:27:25 | 000,366,611 | ---- | C] () -- C:\Users\Dawn work\AppData\Local\mysearchdial-speeddial.crx
[2014/01/19 16:27:14 | 000,000,102 | ---- | C] () -- C:\Users\Dawn work\AppData\Roaming\WB.CFG
[2014/01/19 16:27:12 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\Digital Sites.job
[2014/01/17 15:45:41 | 000,987,425 | ---- | C] () -- C:\Users\Dawn work\Desktop\SecurityCheck.exe
[2014/01/16 16:33:57 | 000,028,121 | ---- | C] () -- C:\Users\Dawn work\Documents\Invertebrates to Cnidarians (1).odt
[2014/01/14 11:56:43 | 000,001,443 | ---- | C] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
[2014/01/14 11:35:40 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2014/01/05 11:04:47 | 000,001,112 | ---- | C] () -- C:\Users\Dawn work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/12/22 08:51:02 | 000,001,479 | ---- | C] () -- C:\Users\Dawn work\AppData\Local\recently-used.xbel
[2013/07/17 20:54:43 | 000,000,033 | ---- | C] () -- C:\Windows\popcinfo.dat
[2013/07/05 14:08:54 | 000,558,080 | ---- | C] () -- C:\Users\Dawn work\AppData\Roaming\SharedSettings.ccs
[2013/06/27 17:54:51 | 000,000,022 | ---- | C] () -- C:\Users\Dawn work\.gtk-bookmarks
[2013/05/28 21:49:27 | 000,000,049 | ---- | C] () -- C:\Users\Dawn work\jagex_cl_runescape_LIVE1.dat
[2013/01/28 19:15:33 | 000,000,048 | ---- | C] () -- C:\Users\Dawn work\jagex_cl_runescape_LIVE.dat
[2013/01/28 19:15:33 | 000,000,024 | ---- | C] () -- C:\Users\Dawn work\random.dat
[2012/07/28 16:05:16 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\set.ini
[2012/07/13 07:36:48 | 000,017,492 | ---- | C] () -- C:\Windows\wininit.ini
[2012/07/13 06:31:15 | 000,748,576 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/21 10:14:54 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\HTSound.dll

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 249 bytes -> C:\ProgramData\Temp:E1D06077
@Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:8967C154
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:8C12CFCD
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:928DF32E
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:E153075C
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:0E61938B
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:2CB9631F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:EFECABA9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:08DB8D99
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:60E0AB2A
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:E6D148BC
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:A2B3764A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:2F5A06FD
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:F591490A
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:FACB65E7

< End of report >

[DawnW]

At boot up of computer here's what I get.

Warning!
Error saving file
C:\windows\ERDNT\AutoBackup\1-22-2014\system !
Continue with next file?
[RegCreateKeyEx:5-Access is denied]


and also,

RunDLL
There was a problem starting c:\Users\Dawnwork\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll

The specific module could not be found.

[OCD]

Hi DawnW,

Also if I open IE just different ad pop-ups pretty constantly. Another thing, I wanted to remove IE from my system and reinstall it, however, it isn't listed anywhere in my uninstall control panel, which I find really odd so I can't figure out how to remove the program.

You can not remove Internet Explorer, Windows does not allow it, but it should be kept up to date for security reasons.

The homepage. It's supposed to be google, I keep changing it back. For a bit it was ask.com, now it's something else.

Which browser/s do you want to set the homepage to Google in? (IE, Firefox, Chrome)

Then there is just the issue that I can't get rid of win32downloader.gen.

Do you continue to get these notifications?

=========================

I don't know which version you have, but let's disable Spybot's TeaTimer. Choose whichever set of instructions work for the version you have.

Spybot - Search & Destroy's Tea Timer (newer version). Please follow the instruction below.

• Locate your copy of Spybot - Search & Destroy's and open it.
• In the menu bar at the top select "Mode", then select "Advanced".
• In the left hand menu expand the "Tools" menu.
• Select "Resident", then remove the check mark for "Resident Tea Timer"
• Then exit the program by clicking "File" then select "Exit"

=========================

SpyBot's TeaTimer (older version)

• Go to your desktop and double click on the "Spybot-S&D Start Center".
• Now activate the "Experienced User Mode" at top by ticking the checkbox.
• In the area "Settings & More Tools" please click on "Services".
• Now start the "On-Access Monitor" by ticking the "Start" button.
• Close the "Spybot - Search & Destroy Services" window.

=========================

Run OTL.exe

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  
  Code:

  :OTL
  IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a...1178464931&ir=
  IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCyEtDzz0CzzyD0D0A0AtBtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1178464931&ir=
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a...1178464931&ir=
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a...1178464931&ir=
  IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCyEtDzz0CzzyD0D0A0AtBtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1178464931&ir=
  IE - HKCU\..\SearchScopes\{CC86CF55-F39D-4A16-B65D-5053C0E019C5}: "URL" = http://search.genieo.com/results.html?v=w3i18W_29&wtag=W3i_IA,206,0_01,DefaultSearch,20130626,19841,6,0,&q={searchTerms}
  FF - prefs.js..browser.search.defaultenginename: "Mysearchdial"
  [2014/01/21 22:30:13 | 000,000,000 | ---D | M] ("MySearchDial NewTab") -- C:\Users\Dawn work\AppData\Roaming\Mozilla\Firefox\Profiles\e0jnnn4w.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
  [2014/01/21 22:30:16 | 000,002,401 | ---- | M] () -- C:\Users\Dawn work\AppData\Roaming\Mozilla\Firefox\Profiles\e0jnnn4w.default\searchplugins\Mysearchdial.xml
  CHR - homepage: http://www.search.ask.com/?o=APN1064...hp&d=-&v=-&t=4
  O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
  O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
  [2014/01/19 16:28:43 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\Documents\Mobogenie
  [2014/01/19 16:28:43 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Local\Mobogenie
  [2014/01/19 16:27:57 | 000,000,000 | ---D | C] -- C:\Users\Dawn work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
  
  :Files
  c:\Users\Dawnwork\AppData\Local\Conduit
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [createrestorepoint]
  [emptytemp]
  [emptyjava]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done

=========================

Re- run AdwCleaner

It should be on your desktop

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Click on the Scan button.
• AdwCleaner will begin to scan your computer like it did before.
• After the scan has finished...
• This time, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
• Copy and paste the contents of that log file in your next reply.
• A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

Re-run OTL (it should be located on your desktop).

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Uncheck the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
  Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
• Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.

=========================

In your next post please provide the following:

• OTL fix log
• AdwCleaner[S1].txt
• New OTL.txt
• Answers to my questions.

[OCD]

Hi DawnW,

Just checking in to see if you still need help?

[OCD]

This thread has been closed due to inactivity. If it has been three days or more since your last post it will not be re-opened.

If you still require help, please start a new topic and include fresh DDS and aswMBR logs, along with a link to your previous thread.

Please do not add any logs that might have been requested previously, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start your own topic.