Win32.downloader.gen Removal Help Needed (MK)

mkacmarik · Jun 18, 2013

I recently found the Win32.downloader.gen virus and SpyBot can not remove it. I have read your post instructions and I'm now providing the following for review. Please let me know what action I should take. Thanks, Mark

DDS Log (Also refer to the attached Zip file)

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16490 BrowserJavaVersion: 10.7.2
Run by Road King at 21:36:43 on 2013-06-16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.1670 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\OEM02Mon.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\sttray.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\hkcmd.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uDefault_Page_URL = hxxp://www.msn.com
dURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Updater For Comcast Toolbar 3.5: {164d3751-cac6-4a6d-becd-ea67df61d232} - c:\program files\comcasttb\auxi\comcastAu.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Comcast Toolbar 3.5: {4E77EDAD-9566-4089-88D1-C81498CEE770} - c:\program files\comcasttb\comcasttb.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\20.3.1.22\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\20.3.1.22\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
BHO: Comcast Toolbar: {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - c:\program files\comcasttb\comcastdx.dll
BHO: Advertising Cookie Opt-out: {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - c:\program files\google\advertising cookie opt-out\opt_out.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\20.3.1.22\coieplg.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Comcast Toolbar: {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - c:\program files\comcasttb\comcastdx.dll
TB: Comcast Toolbar 3.5: {4E77EDAD-9566-4089-88D1-C81498CEE770} - c:\program files\comcasttb\comcasttb.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\20.3.1.22\coieplg.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [OtShot] c:\program files\otshot\otshot.exe -minimize
mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"
StartupFolder: c:\users\roadki~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{6B868A5B-0DF3-4112-9BBE-C9654C0D1DA6} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{A7B6EB6E-E9F9-456E-B3D9-AD0448FB6F5E} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.2.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1403010.016\symds.sys [2013-5-16 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1403010.016\symefa.sys [2013-5-16 934488]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-6-15 37664]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\bashdefs\20130531.001\BHDrvx86.sys [2013-5-31 1002072]
R1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\n360\1403010.016\ccsetx86.sys [2013-5-16 134304]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\ipsdefs\20130614.001\IDSvix86.sys [2013-6-14 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1403010.016\ironx86.sys [2013-5-16 175264]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1403010.016\symtdiv.sys [2013-5-16 350368]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-12 21504]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\20.3.1.22\ccsvchst.exe [2013-5-16 144520]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-5-14 3289208]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.2.0\ToolbarUpdater.exe [2013-6-15 1015984]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-9-12 179712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-9 106656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-24 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-7-7 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-06-16 03:00:23 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-16 02:25:02 -------- d-----w- C:\rei
2013-06-16 02:24:58 -------- d-----w- c:\users\road king\appdata\local\AVG SafeGuard toolbar
2013-06-16 02:24:56 -------- d-----w- c:\program files\Reimage
2013-06-16 02:24:50 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2013-06-16 02:24:38 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-06-16 02:24:36 -------- d-----w- c:\program files\common files\AVG Secure Search
2013-06-16 02:24:35 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2013-06-16 02:00:25 -------- d-----w- c:\users\road king\appdata\local\WinZip
2013-06-15 01:47:09 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5944ab57-599f-4503-9d91-0cc537085323}\mpengine.dll
2013-06-11 23:09:57 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-11 23:09:53 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-06-11 23:09:53 37376 ----a-w- c:\windows\system32\printcom.dll
2013-06-11 23:09:44 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-06-11 23:09:44 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-11 23:09:44 812544 ----a-w- c:\windows\system32\certutil.exe
2013-06-11 23:09:44 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-11 23:09:43 41984 ----a-w- c:\windows\system32\certenc.dll
2013-06-11 23:09:30 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-11 23:09:28 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-11 23:09:18 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-02 21:11:06 -------- d-----w- c:\users\road king\CD95F661A5C444F5A6AAECDD91C240D2.TMP
.
==================== Find3M ====================
.
2013-06-12 22:59:12 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 22:59:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-16 22:39:39 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-05-16 22:28:26 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-05-16 22:27:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-16 22:21:37 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-16 22:20:30 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-05-16 22:16:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-02 06:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-15 14:20:04 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56:44 37376 ----a-w- c:\windows\system32\cdd.dll
2013-04-11 14:22:56 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-04-09 01:36:18 2049024 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 21:38:15.36 ===============

aswMBR Log

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-16 21:44:00
-----------------------------
21:44:00.601 OS Version: Windows 6.0.6002 Service Pack 2
21:44:00.601 Number of processors: 2 586 0xF0D
21:44:00.602 ComputerName: ROADKING-LT UserName: Road King
21:44:01.867 Initialize success
21:45:04.663 AVAST engine defs: 13061300
21:45:25.418 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:45:25.420 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
21:45:25.556 Disk 0 MBR read successfully
21:45:25.559 Disk 0 MBR scan
21:45:25.572 Disk 0 Windows VISTA default MBR code
21:45:25.575 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 122887 MB offset 64
21:45:25.601 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 115584 MB offset 251674290
21:45:25.609 Disk 0 scanning sectors +488392065
21:45:25.982 Disk 0 scanning C:\Windows\system32\drivers
21:45:46.932 Service scanning
21:46:15.414 Modules scanning
21:46:32.365 Disk 0 trace - called modules:
21:46:32.402 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:46:32.410 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8671f930]
21:46:32.417 3 CLASSPNP.SYS[8bd9e8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85ca1030]
21:46:33.885 AVAST engine scan C:\Windows
21:46:37.790 AVAST engine scan C:\Windows\system32
21:50:08.199 AVAST engine scan C:\Windows\system32\drivers
21:50:29.540 AVAST engine scan C:\Users\Road King
21:55:26.167 AVAST engine scan C:\ProgramData
21:59:21.280 Scan finished successfully
21:59:36.233 Disk 0 MBR has been saved successfully to "C:\Users\Road King\Desktop\MBR.dat"
21:59:36.238 The log file has been saved successfully to "C:\Users\Road King\Desktop\aswMBR.txt"

OCD · Jun 25, 2013

Hello mkacmarik,

I apologize for the delay in replying to your inquiry. If you still need help please continue.

=========================

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

1. Security Check

Download Security Check by screen317 from here or here.

Save it to your Desktop.
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

2. Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

AVG SafeGuard toolbar
AVG Secure Search
Ask
Ask Toolbar

=========================

3. OTL

Download OTL to your desktop.

Make sure all other windows are closed and to let it run uninterrupted.
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in

%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
services.*
/md5stop
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
BASESERVICES
DRIVES
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
- You may need two posts to fit them both in.

=========================

In your next post please provide the following:

checkup.txt

OTL.txt

Extras.txt

OCD · Jun 29, 2013

Hi mkacmarik,

Just checking in to see if you still need help?

mkacmarik · Jul 1, 2013

Win32.downloader.gen Removal Help Needed (MK) -----Reply 1

OCD,

Here is the information your requested. I will be sending this in two replies. This is part 1.

Please let me know what next steps I should take. Thank you.

******************************************************************************

Checkup.txt

Results of screen317's Security Check version 0.99.68
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton Security Suite
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 13
Java(TM) SE Runtime Environment 6
Java version out of Date!
Adobe Flash Player 11.7.700.224
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader 10.1.7 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

*****************************************************************

OTL.txt

OTL logfile created on: 6/30/2013 6:39:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Road King\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 49.79% Memory free
7.16 Gb Paging File | 5.55 Gb Available in Paging File | 77.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 120.01 Gb Total Space | 42.21 Gb Free Space | 35.17% Space Free | Partition Type: NTFS
Drive D: | 112.88 Gb Total Space | 29.31 Gb Free Space | 25.97% Space Free | Partition Type: NTFS

Computer Name: ROADKING-LT | User Name: Road King | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Road King\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Norton Security Suite\Engine\20.3.1.22\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe ()
PRC - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Windows\sttray.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Program Files\Norton Security Suite\Engine\20.3.1.22\wincfi39.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe ()
MOD - C:\Program Files\CyberLink\PCM4Everio\Kernel\common\CLEverioDetector.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()
MOD - C:\Windows\System32\bcmwlrmt.dll ()
MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Windows\System32\btwhidcs.dll ()

========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (N360) -- C:\Program Files\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe (Symantec Corporation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (AntiSpywareService) -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe ()
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (cpuz134) -- C:\Users\ROADKI~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130620.001\BHDrvx86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130630.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130630.003\NAVENG.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\N360\1403010.016\symefa.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\N360\1403010.016\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\N360\1403010.016\srtspx.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\N360\1403010.016\symds.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130628.001\IDSvix86.sys (Symantec Corporation)
DRV - (ccSet_N360) -- C:\Windows\System32\drivers\N360\1403010.016\ccsetx86.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\N360\1403010.016\ironx86.sys (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\drivers\N360\1403010.016\symtdiv.sys (Symantec Corporation)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (SMSIVZAM5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys (Smith Micro Inc.)
DRV - (NWUSBCDFIL) -- C:\Windows\System32\drivers\NwUsbCdFil.sys (Novatel Wireless Inc.)
DRV - (NWADI) -- C:\Windows\System32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (NWUSBPort2) -- C:\Windows\System32\drivers\nwusbser2.sys (Novatel Wireless Inc.)
DRV - (NWUSBPort) -- C:\Windows\System32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\Windows\System32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {A342A960-080E-4056-A64A-114E7CAB6AF1}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9230cb90-79de-4945-88a4-762244a25bc8}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm069YYus&ptb=F67A1B46-4C3D-403E-B34E-7C54F36833DB&ind=2012021812&ptnrS=YKxdm069YYus&si=bing_soup-exact&n=77ed0434&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKman000&ptnrS=YKman000&ptb=E6493945-370C-4924-82CF-51413EF310CA&psa=&ind=2012050918&st=sb&n=77ed75e6&searchfor={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Road King\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\..\SearchScopes,DefaultScope = {56FB5B01-5992-4DB0-AFF6-B49D177C0A1F}
IE - HKCU\..\SearchScopes\{56FB5B01-5992-4DB0-AFF6-B49D177C0A1F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MS8TDF&pc=MS8TDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@ei.TotalRecipeSearch_14.com/Plugin: C:\Program Files\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISB.dll (TotalRecipeSearch)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Road King\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Road King\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/18 22:30:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/06/30 17:01:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2012/11/22 15:34:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/19 11:47:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/19 11:47:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/18 22:30:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Road King\AppData\Roaming\Move Networks [2010/08/21 22:28:37 | 000,000,000 | ---D | M]

[2008/08/03 15:34:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Road King\AppData\Roaming\Mozilla\Extensions
[2008/08/03 15:34:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Road King\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Road King\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Road King\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Road King\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: No name found = C:\Users\Road King\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: No name found = C:\Users\Road King\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: No name found = C:\Users\Road King\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\
CHR - Extension: No name found = C:\Users\Road King\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/01/02 22:56:58 | 000,290,820 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10017 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Updater For Comcast Toolbar 3.5) - {164d3751-cac6-4a6d-becd-ea67df61d232} - C:\Program Files\comcasttb\auxi\comcastAu.dll (Visicom Media)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Comcast Toolbar 3.5) - {4E77EDAD-9566-4089-88D1-C81498CEE770} - C:\Program Files\comcasttb\comcasttb.dll (Visicom Media Inc)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll File not found
O2 - BHO: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O2 - BHO: (Advertising Cookie Opt-out) - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Comcast Toolbar 3.5) - {4E77EDAD-9566-4089-88D1-C81498CEE770} - C:\Program Files\comcasttb\comcasttb.dll (Visicom Media Inc)
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EverioService] C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [OtShot] C:\Program Files\OtShot\otshot.exe -minimize File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [ComcastAntispyClient] C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O4 - HKCU..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Road King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: mitsubishidealerlink.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: mitsubishiemployeelink.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: mmsa.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: mmsa.com ([mel] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mmsa.com ([notes] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B868A5B-0DF3-4112-9BBE-C9654C0D1DA6}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7B6EB6E-E9F9-456E-B3D9-AD0448FB6F5E}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Road King\Louanne's Pictures\image014[1].jpg
O24 - Desktop BackupWallPaper: C:\Users\Road King\Louanne's Pictures\image014[1].jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{330e082c-3d64-11dd-99b4-001c26dfceb0}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\{6bc5bbf6-ffbf-11dd-b986-001c26dfceb0}\Shell - "" = AutoRun
O33 - MountPoints2\{6bc5bbf6-ffbf-11dd-b986-001c26dfceb0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{7924c0d1-6189-11dd-a3e0-001c26dfceb0}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O33 - MountPoints2\{7f882695-b00c-11e0-a580-001c23f8811a}\Shell - "" = AutoRun
O33 - MountPoints2\{7f882695-b00c-11e0-a580-001c23f8811a}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{a0858a41-d269-11e0-b554-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a0858a41-d269-11e0-b554-806e6f6e6963}\Shell\AutoRun\command - "" = G:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\F\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\VZAccess_Manager.exe /z detect
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\System32\SL_ANET.ACM (Sipro Lab Telecom Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/06/30 18:37:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Road King\Desktop\OTL.exe
[2013/06/16 21:42:00 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Road King\Desktop\aswMBR.exe
[2013/06/16 21:35:08 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Road King\Desktop\dds.scr
[2013/06/16 21:34:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/06/16 21:33:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/06/16 21:33:22 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/06/16 21:32:42 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Road King\Desktop\erunt-setup.exe
[2013/06/15 23:00:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/15 23:00:23 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/06/15 22:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2013/06/15 22:25:02 | 000,000,000 | ---D | C] -- C:\rei
[2013/06/15 22:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2013/06/15 22:22:24 | 000,726,288 | ---- | C] (Reimage®) -- C:\Users\Road King\Desktop\ReimageRepair.exe
[2013/06/15 22:00:25 | 000,000,000 | ---D | C] -- C:\Users\Road King\AppData\Local\WinZip
[2013/06/15 21:59:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013/06/15 21:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013/06/12 18:02:20 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/06/12 18:02:19 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/06/12 18:02:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/06/12 18:02:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/06/12 18:02:19 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/06/12 18:02:18 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/06/12 18:02:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/06/12 18:02:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/06/11 19:09:53 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2013/06/11 19:09:44 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013/06/11 19:09:43 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013/06/11 19:09:30 | 003,603,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/06/11 19:09:28 | 003,551,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/06/11 19:09:18 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013/06/02 16:56:20 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Road King\Desktop\Win32 Download Removal.exe
[12 C:\Users\Road King\Documents\*.tmp files -> C:\Users\Road King\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Road King\*.tmp files -> C:\Users\Road King\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/30 18:37:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Road King\Desktop\OTL.exe
[2013/06/30 18:37:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/30 18:11:16 | 000,890,988 | ---- | M] () -- C:\Users\Road King\Desktop\SecurityCheck.exe
[2013/06/30 17:59:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/30 17:05:14 | 000,644,800 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/30 17:05:14 | 000,120,822 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/30 16:58:20 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/30 16:58:20 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Road King.job
[2013/06/30 16:58:03 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/30 16:58:03 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/30 16:57:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/30 09:31:29 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/06/29 20:32:01 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Road King.job
[2013/06/22 21:24:00 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Road King.job
[2013/06/17 20:52:54 | 000,002,473 | ---- | M] () -- C:\Users\Road King\Desktop\attach.zip
[2013/06/16 21:59:36 | 000,000,512 | ---- | M] () -- C:\Users\Road King\Desktop\MBR.dat
[2013/06/16 21:43:29 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Road King\Desktop\aswMBR.exe
[2013/06/16 21:35:08 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Road King\Desktop\dds.scr
[2013/06/16 21:33:32 | 000,000,913 | ---- | M] () -- C:\Users\Road King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/06/16 21:33:23 | 000,000,714 | ---- | M] () -- C:\Users\Road King\Desktop\ERUNT.lnk
[2013/06/16 21:32:49 | 000,006,324 | ---- | M] () -- C:\Users\Road King\AppData\Local\d3d9caps.dat
[2013/06/16 21:32:47 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Road King\Desktop\erunt-setup.exe
[2013/06/15 23:00:25 | 000,000,649 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/15 22:31:35 | 000,000,162 | ---- | M] () -- C:\Windows\Reimage.ini
[2013/06/15 22:25:04 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2013/06/15 22:22:24 | 000,726,288 | ---- | M] (Reimage®) -- C:\Users\Road King\Desktop\ReimageRepair.exe
[2013/06/15 22:21:52 | 000,000,212 | ---- | M] () -- C:\Users\Road King\Desktop\AdwCleaner Download.url
[2013/06/15 21:59:51 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/06/15 21:59:51 | 000,001,800 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2013/06/12 18:59:12 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/06/12 18:59:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/06/02 16:59:47 | 001,440,846 | ---- | M] () -- C:\Users\Road King\Desktop\mbam-chameleon-1.62.1.1000.zip
[2013/06/02 16:56:21 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Road King\Desktop\Win32 Download Removal.exe
[12 C:\Users\Road King\Documents\*.tmp files -> C:\Users\Road King\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Road King\*.tmp files -> C:\Users\Road King\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/30 18:11:16 | 000,890,988 | ---- | C] () -- C:\Users\Road King\Desktop\SecurityCheck.exe
[2013/06/17 20:52:54 | 000,002,473 | ---- | C] () -- C:\Users\Road King\Desktop\attach.zip
[2013/06/16 21:59:36 | 000,000,512 | ---- | C] () -- C:\Users\Road King\Desktop\MBR.dat
[2013/06/16 21:33:31 | 000,000,913 | ---- | C] () -- C:\Users\Road King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/06/16 21:33:23 | 000,000,714 | ---- | C] () -- C:\Users\Road King\Desktop\ERUNT.lnk
[2013/06/15 23:00:25 | 000,000,649 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/15 22:25:04 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2013/06/15 22:23:09 | 000,000,162 | ---- | C] () -- C:\Windows\Reimage.ini
[2013/06/15 22:21:52 | 000,000,212 | ---- | C] () -- C:\Users\Road King\Desktop\AdwCleaner Download.url
[2013/06/15 21:59:51 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/06/15 21:59:35 | 000,001,800 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2013/06/14 21:21:22 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Road King.job
[2013/06/14 21:21:21 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Road King.job
[2013/06/14 21:21:16 | 000,000,382 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Road King.job
[2013/06/02 16:59:47 | 001,440,846 | ---- | C] () -- C:\Users\Road King\Desktop\mbam-chameleon-1.62.1.1000.zip
[2013/02/08 18:21:24 | 000,053,128 | ---- | C] () -- C:\Users\Road King\image014[1].jpg
[2012/01/08 18:13:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011/08/07 12:35:26 | 000,000,288 | ---- | C] () -- C:\Users\Road King\AppData\Roaming\.backup.dm
[2011/05/18 17:58:57 | 000,001,940 | ---- | C] () -- C:\Users\Road King\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/24 19:13:10 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/06/18 18:13:56 | 000,008,192 | ---- | C] () -- C:\Users\Road King\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/16 20:52:56 | 000,006,324 | ---- | C] () -- C:\Users\Road King\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/03/30 20:28:04 | 000,000,000 | ---D | M] -- C:\Users\Road King\AppData\Roaming\CallingID
[2008/10/18 23:43:35 | 000,000,000 | ---D | M] -- C:\Users\Road King\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/09 23:43:07 | 000,000,000 | ---D | M] -- C:\Users\Road King\AppData\Roaming\GARMIN
[2011/07/16 20:49:27 | 000,000,000 | ---D | M] -- C:\Users\Road King\AppData\Roaming\Smith Micro
[2012/08/06 17:51:32 | 000,000,000 | ---D | M] -- C:\Users\Road King\AppData\Roaming\Tific
[2008/08/03 15:34:50 | 000,000,000 | ---D | M] -- C:\Users\Road King\AppData\Roaming\TomTom
[2008/06/18 19:04:42 | 000,000,000 | ---D | M] -- C:\Users\Road King\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/06/16 22:36:18 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/06/16 22:36:17 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

mkacmarik · Jul 1, 2013

Win32.downloader.gen Removal Help Needed (MK) -----Reply 2

< MD5 for: EXPLORER.EXE.MUI >
[2006/11/02 08:41:18 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\en-US\explorer.exe.mui
[2006/11/02 08:41:18 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_03bbc52176b6ba20\explorer.exe.mui

< MD5 for: IEXPLORE.EXE >
[2012/05/17 19:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=0129BB16161C2FD9A6B19111AB047198 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16446_none_5898f8e3ebb5c47b\iexplore.exe
[2011/07/23 07:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=04D1DC458C723B291179F8449ACC281D -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19120_none_12355fcb2fdc2111\iexplore.exe
[2008/06/16 22:19:56 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=07ED775D6DB4BFA96D7CFB09EB228418 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\iexplore.exe
[2009/01/15 00:14:36 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=0844F5B9CB3BB85A917D347EF1565B6C -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\iexplore.exe
[2012/11/13 22:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=0D286C0FE561D1A7EB30E83A0FF305B2 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16457_none_588f2941ebbcf9c3\iexplore.exe
[2011/09/30 19:49:11 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=0E1695AD4C30E72D68170F01B4818A80 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23250_none_129e8cd2491214ae\iexplore.exe
[2008/06/26 23:54:09 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=157F8DE991396C536820D7FA5C8DCF7D -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\iexplore.exe
[2008/10/01 23:50:01 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=19403B64906C9EAC627E3C10847B0FDA -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_2d4cb5b31cfa2a15\iexplore.exe
[2009/11/21 02:42:38 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=1B6362BB14FCEB9E76BCF9A953B04788 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18865_none_120f459f2ff7e1f8\iexplore.exe
[2009/07/18 08:16:49 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1D5A01AA2DE47C052AF46D7EBCB003A3 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\iexplore.exe
[2009/07/18 17:39:09 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1D8163DBFECAEDB9C48C5F55084BC491 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_2f04b5b11a43dbec\iexplore.exe
[2009/03/03 00:18:52 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=1DD66A2851DACDEC32EAE8F9A8865ABD -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_2df29b2236034119\iexplore.exe
[2009/04/24 12:25:27 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1F44940EF1D07D0BDAF80E55853DFBD0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\iexplore.exe
[2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16450_none_5888273bebc34862\iexplore.exe
[2010/02/23 11:06:13 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=25DB705A7DC85C208B3CF2D20F118AA7 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_127872a6492dd595\iexplore.exe
[2012/05/17 18:59:46 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=268982F1FD671A077C6A2AF41E351436 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20551_none_5912c45104e00183\iexplore.exe
[2012/10/08 04:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16455_none_588d28adebbec715\iexplore.exe
[2011/11/03 03:33:09 | 000,638,240 | ---- | M] (Microsoft Corporation) MD5=2A268DF89913A0E927091077878EDB3E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23266_none_1299bea24914c8a9\iexplore.exe
[2009/04/11 02:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation) MD5=2C5168C856455CC43C4B4E1CC1920001 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
[2009/08/27 01:23:17 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=2E48756F12C21F46895036AC089AAD97 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18828_none_123d862d2fd4be39\iexplore.exe
[2013/02/22 00:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16476_none_5878891febce184e\iexplore.exe
[2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=34B01BBD8F00B6B9C9248DC4F1E3CD01 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16447_none_5899f92debb4ddd2\iexplore.exe
[2010/01/02 10:58:26 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=3D8DA00B028DEA9517066F1CECBFC4A2 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22973_none_128c11ea491f6b05\iexplore.exe
[2013/04/04 18:47:49 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=3F00BE80B9CEA20B7FE7363D15EDDB94 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16483_none_586ab855ebd8e83a\iexplore.exe
[2013/02/22 00:10:31 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=4145E2B5663F6FACC08EFDB17B658BB2 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20586_none_58f755ff04f3d409\iexplore.exe
[2010/05/04 02:32:18 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=48A6109E8DF0365195298CC527B7426A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23019_none_12d2cb5048e98eab\iexplore.exe
[2010/09/08 02:26:34 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=4A719476A6393B1DCACFEB4F3AC6599C -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23067_none_129abb204913e7b2\iexplore.exe
[2008/10/16 00:27:53 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=4CBA2F58668F2D5F3259CBE73E227F25 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_2debf43c36078f24\iexplore.exe
[2011/07/23 07:42:34 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=4D08A4234D645EFCB30605CC0BFA87F4 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23216_none_12cfce3e48ec3cf4\iexplore.exe
[2008/06/26 21:41:30 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=4DBD95312B1C96C5285D38F1D748CD4D -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_2dcc82dc361eff27\iexplore.exe
[2011/12/15 03:36:29 | 000,638,240 | ---- | M] (Microsoft Corporation) MD5=54EF418BD99720658CCE24210799BD1A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23286_none_12841eca4925008b\iexplore.exe
[2010/11/02 02:03:13 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=5AB037B17F8A87D052F5A88E0D29A3C8 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18999_none_11f2d8e9300c984e\iexplore.exe
[2008/01/19 03:33:12 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=5B92133D3E7FB2644677686305E29E81 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
[2010/05/04 02:00:35 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=5C9B1062EA7A44E8F6BFDE994B68C7AA -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18928_none_123d88132fd4bb60\iexplore.exe
[2012/08/24 03:49:25 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=62188720CE27B982B4285C03163C9FB3 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20557_none_5918c60d04da998d\iexplore.exe
[2008/10/01 23:32:01 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=6655B851D9EEF7C83395EE52D551B448 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_2df6c42835ff7333\iexplore.exe
[2013/05/16 19:34:33 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=67EE46FD4D3B56531C5DD1BDC149275A -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/05/16 19:34:33 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=67EE46FD4D3B56531C5DD1BDC149275A -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16490_none_585ce78bebe3b826\iexplore.exe
[2013/01/08 18:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16464_none_58815877ebc7c9af\iexplore.exe
[2010/06/26 02:06:48 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7420BE0E7D3D1320054F7ACA0594953D -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_1222e6c92fe9748f\iexplore.exe
[2010/12/18 03:19:44 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7852371DA9EFBC17B645558E23780EAC -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23111_none_12cacae648f0c11a\iexplore.exe
[2011/09/30 19:07:49 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=7ACBBC85FCE4989B533220FC3B291633 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19154_none_1218f12f2ff0da40\iexplore.exe
[2009/08/27 09:31:08 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=7DD482E4A2E3CBB0A72F718C342F5B75 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22918_none_12d1f2e448ea4212\iexplore.exe
[2011/05/28 03:09:20 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7EE10C5413AD7ED1AF9E8FAE1B58FC3E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23181_none_127f1b72492984b1\iexplore.exe
[2009/07/18 08:16:45 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=7FCF4E704A48D95202F3E7A1E1A21412 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_2db7bd56362e80c9\iexplore.exe
[2006/11/02 05:45:14 | 000,623,616 | ---- | M] (Microsoft Corporation) MD5=8308F01F27DF839E0010B0F72F855E35 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16386_none_2d2b3e0d1d136ff5\iexplore.exe
[2010/01/02 02:40:20 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=88BD42DAE7CFFEB256CA7145A15E4843 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18882_none_11f6a4e9300acdd5\iexplore.exe
[2009/03/03 00:32:44 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=8BA2B7A05F88BE0D45237A0994AD8366 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_2f9e23da3354de78\iexplore.exe
[2012/03/18 18:13:24 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16421_none_58a99749ebaa0de6\iexplore.exe
[2010/11/02 03:13:47 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=92A17B0A89D14815AACC62CD190B6CE3 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23091_none_127449a04931a37b\iexplore.exe
[2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16448_none_589af977ebb3f729\iexplore.exe
[2011/02/22 03:18:28 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=9CE5543464432CA73134F170FA2BF823 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23143_none_12ac5bb64907479b\iexplore.exe
[2009/08/27 10:04:53 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=9E45866CD349219784CD5A7620DBEB8A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16916_none_2d76f8e51cda9b48\iexplore.exe
[2009/03/03 00:40:22 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=9E6C1527D9A2C64BFD780AA23075380F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_2f5265b91a094b03\iexplore.exe
[2008/06/16 22:19:55 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=9F1427F203CA078005C9943800929640 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_2df2c11a360310b0\iexplore.exe
[2010/02/23 02:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=9F52FBE99C749E3F32C75124F09F1B03 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_124f26c32fc81e22\iexplore.exe
[2013/02/02 00:19:03 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=A285E1965C115031DA02B777EE9D7689 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20580_none_58f1544304f93bff\iexplore.exe
[2009/08/27 09:43:41 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=A76AFC309AA55CD607A28AC41C7D7603 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21116_none_2e006dd235f86e54\iexplore.exe
[2013/05/16 18:27:11 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=A8732CEDB2C0EE7AFC08F867A47BB3EC -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20600_none_5947d58904b8599e\iexplore.exe
[2011/12/15 02:22:33 | 000,638,240 | ---- | M] (Microsoft Corporation) MD5=AB18B8902C06954F8DFBAC5C6DC7E1E8 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19190_none_11e9b0573014e4a8\iexplore.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2009/03/08 17:09:24 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
[2010/12/18 02:28:35 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=B988D7F127B94BD5BF8356FE81B985C4 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19019_none_1249306b2fcbec08\iexplore.exe
[2009/08/27 09:38:13 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=BBF84F317553520BB78AEF7B047325C1 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18319_none_2f60386919fe783e\iexplore.exe
[2012/06/02 04:51:58 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=BE967C74B89577B78FB57C061E12B04C -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20553_none_5914c4e504de3431\iexplore.exe
[2013/04/04 17:55:02 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=C036AB1ED8BAC04FE4A349BA263077BB -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20593_none_58e9853504fea3f5\iexplore.exe
[2011/02/22 02:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=C1D36A2CBE0CEC4DF593DB1288CF586E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19048_none_1227c05d2fe52684\iexplore.exe
[2011/11/03 02:23:19 | 000,638,240 | ---- | M] (Microsoft Corporation) MD5=CCDB0B2D1F2E016966B1DB1097E24842 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19170_none_11ff502f3004acc6\iexplore.exe
[2012/10/08 04:22:05 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=CECB15F834FC2B4B150449717ADE18DD -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20562_none_5908f4af04e736cb\iexplore.exe
[2009/04/24 12:03:18 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=D5271AC4A06AD9D1E2EA0151B79B2657 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_2ddffc283610c500\iexplore.exe
[2010/09/08 02:02:42 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=D5A730DFDEAE005373E62BC2A866E3BB -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18975_none_120477992ffffb10\iexplore.exe
[2009/04/24 12:01:36 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=D6157423C117F24D24695866A1D0A93F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_2fe8d4ea331cfeb1\iexplore.exe
[2008/10/16 00:42:58 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=D762642A109433EEDCD332B0A9511137 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01\iexplore.exe
[2013/02/02 00:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=DDE5A0DFAF7C6370FB36402D7A746ED3 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16470_none_58728763ebd38044\iexplore.exe
[2009/11/21 11:05:17 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=E7F8DF50E483D165BB01F367D3519AA7 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22956_none_12a4b2a0490c7f28\iexplore.exe
[2009/03/03 00:22:10 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=EA4BE33726155F89D89A3FE7142878E0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\iexplore.exe
[2012/06/28 19:35:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=EB4105348272018D096FEB655CD1608C -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20554_none_5915c52f04dd4d88\iexplore.exe
[2009/07/18 07:55:42 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=EBEE9E4421F35CD861107DDA0266FBB1 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_2fa4f48433505a52\iexplore.exe
[2011/05/28 02:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=ED65737D70FDEAC29F738E77D2496EE5 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19088_none_11fc80ad30059648\iexplore.exe
[2013/01/08 17:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20573_none_58ff250d04ee6c13\iexplore.exe
[2010/06/26 02:52:42 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=F05B3A2C6CB319DD1377AD566CF5ECE5 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_12a958f24909fe6f\iexplore.exe
[2009/01/15 00:18:47 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=F0B1CA517977BA2FF6DA33F1B966C488 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\iexplore.exe
[2009/04/24 12:08:04 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=F294D8EEB05C835EC44A12CE0A1DFE7A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_2f3ec6751a17b593\iexplore.exe
[2012/11/13 22:19:28 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F691418EE9A6344AEB5C1B0518FBF8AE -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20565_none_590bf58d04e482d0\iexplore.exe
[2009/08/27 09:19:25 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=FE2DFF83B7753AC47C553EF7D5289BEE -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22508_none_2ff3a6bc3314dfe7\iexplore.exe

< MD5 for: IEXPLORE.EXE.6092.DMP >
[2013/01/06 20:02:53 | 001,985,826 | ---- | M] () MD5=4F20C14EAECA9A0664DACE3F70254E2F -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\LocalDumps\iexplore.exe.6092.dmp
[2013/01/06 20:02:53 | 001,985,826 | ---- | M] () MD5=4F20C14EAECA9A0664DACE3F70254E2F -- C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\LocalDumps\iexplore.exe.6092.dmp

< MD5 for: IEXPLORE.EXE.MUI >
[2006/11/02 08:41:15 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=3CCDDDBC49DEACA370F39A9F0E146A1B -- C:\Windows\winsxs\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_3b55b11a57da5590\iexplore.exe.mui
[2012/03/18 18:13:27 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2012/03/18 18:13:27 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.1.8112.16421_en-us_52562cc123574ecd\iexplore.exe.mui
[2009/03/08 17:27:11 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Windows\winsxs\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_8.0.6001.18702_en-us_207795706a90d6c1\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-1B894AFB.PF >
[2013/06/30 16:59:03 | 000,175,686 | ---- | M] () MD5=34F04A77B794EF56643BFE3B0F2859DF -- C:\Windows\Prefetch\IEXPLORE.EXE-1B894AFB.pf

< MD5 for: IEXPLORE.LNK >
[2012/07/28 20:27:54 | 000,000,867 | ---- | M] () MD5=E2E24229F6307092F428D8AC83C8049B -- C:\Users\Road King\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iexplore.lnk
[2012/07/28 20:27:17 | 000,000,867 | ---- | M] () MD5=E2E24229F6307092F428D8AC83C8049B -- C:\Users\Road King\Desktop\iexplore.lnk

< MD5 for: SERVICES >
[2006/09/18 17:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 17:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.CFG >
[2013/05/10 03:57:30 | 000,558,879 | ---- | M] () MD5=3679F8D3253DC110D1D8F2AE115EE00C -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.CNF >
[2008/06/26 14:38:49 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\Road King\Documents\My Webs\_vti_pvt\services.cnf

< MD5 for: SERVICES.EXE >
[2008/01/19 03:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 05:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 08:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 08:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/09/12 13:15:40 | 000,001,688 | ---- | M] () MD5=1BDCFDA5DC7F93FFB4794B663D0D9A6D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/09/12 13:15:40 | 000,001,688 | ---- | M] () MD5=1BDCFDA5DC7F93FFB4794B663D0D9A6D -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 08:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 08:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SERVICES.SBS >
[2011/03/01 09:58:44 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2008/01/19 03:40:57 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\System32\en-US\winlogon.exe.mui
[2008/01/19 03:40:57 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_en-us_caf8918b0416723a\winlogon.exe.mui
[2006/11/02 08:40:50 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=A1D2856F3EC3C86EBBF1442B0245A8B3 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c8c1cf8f072b6166\winlogon.exe.mui

< MD5 for: WINLOGON.MOF >
[2006/09/18 17:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\System32\wbem\winlogon.mof
[2006/09/18 17:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.0.6000.16386_none_7e0207d478fccc94\winlogon.mof

< %SYSTEMDRIVE%\*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013/05/06 20:40:05 | 000,000,009 | ---- | M] () -- C:\END
[2012/06/15 21:56:53 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2008/06/27 23:42:03 | 000,000,903 | ---- | M] () -- C:\net_save.dna
[2012/09/16 16:51:03 | 000,034,111 | ---- | M] () -- C:\P1005.log
[2013/06/30 16:57:51 | 4061,413,376 | -HS- | M] () -- C:\pagefile.sys
[2013/06/02 16:57:49 | 000,133,208 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_02.06.2013_16.57.05_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/10/30 22:57:22 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/03/15 15:32:10 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2008/07/01 13:00:16 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp5jy.dll
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/09/12 13:16:18 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 90D4-BE88
Directory of C:\
11/02/2006 09:02 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
11/02/2006 09:02 AM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 09:02 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 09:02 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 09:02 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 09:02 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 09:02 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
11/02/2006 09:02 AM <SYMLINKD> All Users [C:\ProgramData]
11/02/2006 09:02 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
11/02/2006 09:02 AM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 09:02 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 09:02 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 09:02 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 09:02 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 09:02 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
11/02/2006 09:02 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
11/02/2006 09:02 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
11/02/2006 09:02 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
11/02/2006 09:02 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
11/02/2006 09:02 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/02/2006 09:02 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/02/2006 09:02 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
11/02/2006 09:02 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
11/02/2006 09:02 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
11/02/2006 09:02 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
11/02/2006 09:02 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
11/02/2006 09:02 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
11/02/2006 09:02 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
11/02/2006 09:02 AM <JUNCTION> My Music [C:\Users\Default\Music]
11/02/2006 09:02 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
11/02/2006 09:02 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
11/02/2006 09:02 AM <JUNCTION> My Music [C:\Users\Public\Music]
11/02/2006 09:02 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
11/02/2006 09:02 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Road King
06/16/2008 08:52 PM <JUNCTION> Application Data [C:\Users\Road King\AppData\Roaming]
06/16/2008 08:52 PM <JUNCTION> Cookies [C:\Users\Road King\AppData\Roaming\Microsoft\Windows\Cookies]
06/16/2008 08:52 PM <JUNCTION> Local Settings [C:\Users\Road King\AppData\Local]
06/16/2008 08:52 PM <JUNCTION> My Documents [C:\Users\Road King\Documents]
06/16/2008 08:52 PM <JUNCTION> NetHood [C:\Users\Road King\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/16/2008 08:52 PM <JUNCTION> PrintHood [C:\Users\Road King\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/16/2008 08:52 PM <JUNCTION> Recent [C:\Users\Road King\AppData\Roaming\Microsoft\Windows\Recent]
06/16/2008 08:52 PM <JUNCTION> SendTo [C:\Users\Road King\AppData\Roaming\Microsoft\Windows\SendTo]
06/16/2008 08:52 PM <JUNCTION> Start Menu [C:\Users\Road King\AppData\Roaming\Microsoft\Windows\Start Menu]
06/16/2008 08:52 PM <JUNCTION> Templates [C:\Users\Road King\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Road King\AppData\Local
06/16/2008 08:52 PM <JUNCTION> Application Data [C:\Users\Road King\AppData\Local]
06/16/2008 08:52 PM <JUNCTION> History [C:\Users\Road King\AppData\Local\Microsoft\Windows\History]
06/16/2008 08:52 PM <JUNCTION> Temporary Internet Files [C:\Users\Road King\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Road King\AppData\LocalLow
08/09/2012 05:55 PM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\Road King\Documents
06/16/2008 08:52 PM <JUNCTION> My Music [C:\Users\Road King\Music]
06/16/2008 08:52 PM <JUNCTION> My Pictures [C:\Users\Road King\Pictures]
06/16/2008 08:52 PM <JUNCTION> My Videos [C:\Users\Road King\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
51 Dir(s) 46,126,612,480 bytes free

< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013/01/20 11:43:47 | 000,000,350 | -HS- | M] () -- C:\Users\Road King\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2012/03/30 22:08:00 | 000,000,171 | ---- | M] () -- C:\Users\Road King\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iCloud.url

< %USERPROFILE%\Desktop\*.exe >
[2013/06/16 21:43:29 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Road King\Desktop\aswMBR.exe
[2013/06/16 21:32:47 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Road King\Desktop\erunt-setup.exe
[2013/04/08 18:51:08 | 002,986,440 | ---- | M] (Symantec Corporation) -- C:\Users\Road King\Desktop\NPE.exe
[2013/06/30 18:37:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Road King\Desktop\OTL.exe
[2013/06/15 22:22:24 | 000,726,288 | ---- | M] (Reimage®) -- C:\Users\Road King\Desktop\ReimageRepair.exe
[2013/06/30 18:11:16 | 000,890,988 | ---- | M] () -- C:\Users\Road King\Desktop\SecurityCheck.exe
[2013/06/02 16:56:21 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Road King\Desktop\Win32 Download Removal.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2010/10/20 23:23:26 | 000,000,698 | ---- | M] () -- C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-06-29 20:58:47

========== Base Services ==========
SRV - [2006/11/02 05:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/19 03:33:43 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/19 03:33:01 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 02:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 02:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 02:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/19 03:33:49 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/04/24 00:00:30 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 02:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 11:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/19 03:34:08 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 02:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/19 03:34:34 | 000,288,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 02:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/04/11 02:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/19 03:34:49 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/19 03:35:36 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/19 03:35:36 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/19 03:35:38 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/19 03:35:57 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 02:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 10:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 02:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/19 03:36:15 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 02:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/19 03:36:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 02:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 12:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 07:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 02:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 14:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 02:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 07:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 02:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 02:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 02:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 02:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/19 03:36:20 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 02:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 02:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 02:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 02:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 02:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 18:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 02:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 15:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 07:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD2500BEVS-75UST0
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 120.00GB
Starting Offset: 32768
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 113.00GB
Starting Offset: 128857236480
Hidden sectors: 0

< >
[2006/11/02 09:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 09:01:49 | 000,032,542 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/24 23:32:06 | 000,000,888 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010/10/24 23:32:07 | 000,000,892 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/03/31 20:56:00 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/06/14 21:21:16 | 000,000,382 | ---- | C] () -- C:\Windows\Tasks\ReclaimerUpdateXML_Road King.job
[2013/06/14 21:21:21 | 000,000,386 | ---- | C] () -- C:\Windows\Tasks\ReclaimerUpdateFiles_Road King.job
[2013/06/14 21:21:22 | 000,000,392 | ---- | C] () -- C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Road King.job

< End of report >

mkacmarik · Jul 1, 2013

Win32.downloader.gen Removal Help Needed (MK) -----Reply 3

Extras.txt

OTL Extras logfile created on: 6/30/2013 6:39:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Road King\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 49.79% Memory free
7.16 Gb Paging File | 5.55 Gb Available in Paging File | 77.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 120.01 Gb Total Space | 42.21 Gb Free Space | 35.17% Space Free | Partition Type: NTFS
Drive D: | 112.88 Gb Total Space | 29.31 Gb Free Space | 25.97% Space Free | Partition Type: NTFS

Computer Name: ROADKING-LT | User Name: Road King | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2892C0DA-E5FC-4D62-A9EA-352C3AF04499}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2B969B49-E291-405E-99C7-B50F70EEDE61}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2D034B26-B9C2-4287-A4D5-D5643C2C34DC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3D642DCF-86F5-4947-A29E-E1755922186D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3FCA7F9B-4660-40A8-B095-FB79890FB94C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6558552B-458C-48E9-BB4E-18C842845D73}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{66767111-A482-4894-8DE3-BBF6B3F8F714}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6BB1D0B9-86CC-459D-97A6-A5BFD53EDA95}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6C0E68B9-B230-4E52-8790-DAB62F6D401A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{70815F13-E7E1-4759-A21A-D8D057D799E8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9AC1E2CE-CF33-488D-BA85-35566EC53590}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9F63E0FA-19E0-4008-BBA0-C6BB6D7E41C5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D0C8B36A-CF66-412D-A320-5B74358E9323}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FB7778FD-3627-4005-AEE1-AC19258829BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04AAB95A-3B68-4D72-BC46-066C41761D7D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{092FC743-9885-4B02-A759-3ED041787C1B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{09AC8A0E-F184-4FBE-9149-9EB1076F26EF}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{27F33695-F299-45E5-B3EF-AEFB47ABE096}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{2F15B77D-406F-47AC-A05A-06F13DC634CA}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{30A94FF0-1782-4F03-B3C0-08FE1FC6D021}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{35D49C64-6F6D-4210-90B1-4D890F472207}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{3823206B-F282-4FEA-BD3C-4DD4DCFCC42B}" = dir=in | app=c:\program files\cyberlink\powerdirector express\pdx.exe |
"{5CD3A88B-D03A-4C38-87CE-0BA71F739C45}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7FD459E4-AABD-47F0-8595-DC4D4C4770B0}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{8801A999-98FE-46B5-82E2-A48B7E36F660}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{8B5F0371-BDB1-43EB-885B-218C074675A1}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{8F718F9E-FE9E-4526-AC61-A73726D588CD}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{A29D537B-004B-406B-817A-AE628C908EDB}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{AE66CBE3-C784-442D-A06D-9C63E8BBB4BB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CEC08190-D50D-4FB9-BBFE-B1C1831668AF}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{CF01159E-17CC-4ECE-A8EB-AEB714BDD015}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D2652074-9030-4305-8856-C49CB15F51EA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D8F7BF97-6D40-4A1C-BC81-91749F62467B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FDB2138B-5051-4930-92BD-D1A1D6DA13A7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{81A09843-F712-4A6E-8D6D-41A00ACB1F2D}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{A23B848C-926A-47D3-A0B8-5FBDF1B5806E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{60008928-A1AA-46D1-9909-91B0B807398A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{FACF6687-E486-4BE2-8BC0-A845D1046019}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Help
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{291820D0-A626-40F9-BDFF-8D5CEAB04243}" = Google Advertising Cookie Opt-out
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{600AB648-F79B-41EC-B426-A49A7DB121EA}" = HP Officejet 6500 E710n-z Basic Device Software
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7641FD7D-E94E-424E-A95C-0593C84DC0C0}" = VZAccess Manager
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B2ADCB5-3F3D-478A-90A9-A8C04EF82BF6}" = Mobile Broadband Generic Drivers
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84AA71B3-AD78-4171-BB50-6C6E8275CB79}" = PC5750 Firmware Updates
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240DA}" = WinZip 17.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{DB6F07FF-A436-453a-B685-F6C1F4F09D22}" = PANTECH PC Card Software
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FAABDC10-41B3-4A4C-A76E-C02CB9BE2A5E}" = HP Officejet 6500 E710n-z Product Improvement Study
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"comcasttb" = Comcast Toolbar 3.5
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"CutePDF Writer Installation" = CutePDF Writer 2.8
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"N360" = Norton Security Suite
"RealPlayer 16.0" = RealPlayer
"Reimage Repair" = Reimage Repair
"TomTom HOME" = TomTom HOME
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/1/2012 8:14:16 PM | Computer Name = RoadKing-LT | Source = EventSystem | ID = 4622
Description =

Error - 4/9/2012 2:16:12 PM | Computer Name = RoadKing-LT | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: d9c Start Time: 01cd167ca932ffe0 Termination Time: 14

Error - 4/9/2012 3:04:41 PM | Computer Name = RoadKing-LT | Source = EventSystem | ID = 4621
Description =

Error - 4/10/2012 6:26:20 PM | Computer Name = RoadKing-LT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0047f62f, process id 0x163c, application start time
0x01cd1768f2fa25d0.

Error - 4/10/2012 6:27:12 PM | Computer Name = RoadKing-LT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0047f62f, process id 0xb40, application start time
0x01cd176912b10b50.

Error - 4/10/2012 6:27:36 PM | Computer Name = RoadKing-LT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0047f62f, process id 0x13b4, application start time
0x01cd17691fd8b850.

Error - 4/10/2012 6:28:00 PM | Computer Name = RoadKing-LT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0047f62f, process id 0x14d0, application start time
0x01cd17692f246e30.

Error - 4/10/2012 6:31:33 PM | Computer Name = RoadKing-LT | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0047f62f, process id 0x1340, application start time
0x01cd1769addfe1a0.

Error - 4/10/2012 6:31:48 PM | Computer Name = RoadKing-LT | Source = EventSystem | ID = 4622
Description =

Error - 4/11/2012 7:52:08 PM | Computer Name = RoadKing-LT | Source = EventSystem | ID = 4621
Description =

[ Broadcom Wireless LAN Events ]
Error - 12/24/2012 11:14:48 AM | Computer Name = RoadKing-LT | Source = WLAN-Tray | ID = 0
Description = 10:14:45, Mon, Dec 24, 12 Error - Unable to gain access to user store

Error - 1/18/2013 8:59:49 PM | Computer Name = RoadKing-LT | Source = WLAN-Tray | ID = 0
Description = 19:59:48, Fri, Jan 18, 13 Error - Unable to gain access to user store

Error - 2/8/2013 6:20:03 PM | Computer Name = RoadKing-LT | Source = WLAN-Tray | ID = 0
Description = 17:20:00, Fri, Feb 08, 13 Error - Unable to gain access to user store

Error - 3/23/2013 12:16:20 PM | Computer Name = RoadKing-LT | Source = WLAN-Tray | ID = 0
Description = 12:16:20, Sat, Mar 23, 13 Error - Unable to gain access to user store

Error - 4/26/2013 5:16:12 PM | Computer Name = ROADKING-LT | Source = WLAN-Tray | ID = 0
Description = 17:16:12, Fri, Apr 26, 13 Error - Unable to gain access to user store

Error - 5/11/2013 8:20:25 PM | Computer Name = RoadKing-LT | Source = WLAN-Tray | ID = 0
Description = 20:20:23, Sat, May 11, 13 Error - Unable to gain access to user store

Error encountered while reading event logs.

< End of report >

OCD · Jul 1, 2013

Hi mkacmarik,

I see you have Reimage Repair installed on your computer. Registry cleaners tend to do more harm than good. I would strongly suggest uninstalling this software. Here is some information for review:
http://botcrawl.com/how-to-remove-the-reimage-virus-and-uninstall-reimage-pc-repair/

Update me in your next reply of your decision on this software.

=========================

1. Run OTL.exe

Windows Vista and Windows 7 users Right Click and select "Run as Administrator"

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {A342A960-080E-4056-A64A-114E7CAB6AF1}
IE - HKLM\..\SearchScopes\{9230cb90-79de-4945-88a4-762244a25bc8}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm069YYus&ptb=F67A1B46-4C3D-403E-B34E-7C54F36833DB&ind=2012021812&ptnrS=YKxdm069YYus&si=bing_soup-exact&n=77ed0434&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKman000&ptnrS=YKman000&ptb=E6493945-370C-4924-82CF-51413EF310CA&psa=&ind=2012050918&st=sb&n=77ed75e6&searchfor={searchTerms}
FF - HKLM\Software\MozillaPlugins\@ei.TotalRecipeSearch_14.com/Plugin: C:\Program Files\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISB.dll (TotalRecipeSearch)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O15 - HKCU\..Trusted Domains: mitsubishidealerlink.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: mitsubishiemployeelink.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: mmsa.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: mmsa.com ([mel] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mmsa.com ([notes] https in Trusted sites)

:Files
ipconfig /flushdns /c

:Commands
[purity]
[createrestorepoint]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

=========================

2. AdwCleaner

Download AdwCleaner to your desktop.

Right click and select "Run as Administrator".

Run AdwCleaner and select Delete
Once done it will ask to reboot, allow the reboot
On reboot a log will be produced, please attach the content of the log to your next reply

=========================

3. Locate Log File
You appear to have run TDSSKiller previously. Locate this log and post in your next reply - C:\TDSSKiller.2.8.16.0_02.06.2013_16.57.05_log.txt

=========================

In your next post please provide the following:

Reimage update

OTL.txt

AdwCleaner[S1].txt

TDSSKiller.2.8.16.0_02.06.2013_16.57.05_log.txt

What symptoms are you experiencing?

OCD · Jul 4, 2013

Hi mkacmarik,

Just checking in to see if you still need help?

OCD · Jul 7, 2013

This thread has been closed due to inactivity. If it has been three days or more since your last post it will not be re-opened.

If you still require help, please start a new topic and include fresh DDS and aswMBR logs, along with a link to your previous thread.

Please do not add any logs that might have been requested previously, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start your own topic.

Win32.downloader.gen Removal Help Needed (MK)

mkacmarik

New member

Attachments

OCD

Malware Team-Emeritus

OCD

Malware Team-Emeritus

mkacmarik

New member

mkacmarik

New member

mkacmarik

New member

OCD

Malware Team-Emeritus

OCD

Malware Team-Emeritus

OCD

Malware Team-Emeritus