Win32/sirefif infection

Status
Not open for further replies.
AswMBR log and MBR.data attached:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-11-27 08:52:20
-----------------------------
08:52:20.685 OS Version: Windows x64 6.1.7600
08:52:20.685 Number of processors: 4 586 0x2505
08:52:20.685 ComputerName: GATEWAY-PC UserName: Gateway
08:52:22.089 Initialize success
08:54:07.728 AVAST engine defs: 13112600
08:54:14.966 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:54:14.982 Disk 0 Vendor: TOSHIBA_ GS00 Size: 610480MB BusType: 3
08:54:15.076 Disk 0 MBR read successfully
08:54:15.076 Disk 0 MBR scan
08:54:15.091 Disk 0 Windows VISTA default MBR code
08:54:15.107 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 18553 MB offset 2048
08:54:15.138 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 356 MB offset 37998592
08:54:15.185 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 591569 MB offset 38727680
08:54:15.356 Disk 0 scanning C:\Windows\system32\drivers
08:54:50.612 Service scanning
08:55:32.140 Modules scanning
08:55:32.155 Disk 0 trace - called modules:
08:55:33.013 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
08:55:33.544 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bce060]
08:55:33.544 3 CLASSPNP.SYS[fffff88001b8243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800491d050]
08:55:36.133 AVAST engine scan C:\Windows
08:55:45.915 AVAST engine scan C:\Windows\system32
08:59:53.300 AVAST engine scan C:\Windows\system32\drivers
09:00:32.986 AVAST engine scan C:\Users\Gateway
09:02:24.402 AVAST engine scan C:\ProgramData
09:06:52.662 Scan finished successfully
09:08:47.759 Disk 0 MBR has been saved successfully to "C:\Users\Gateway\Desktop\MBR.dat"
09:08:47.759 The log file has been saved successfully to "C:\Users\Gateway\Desktop\aswMBR.txt"
 

Attachments

OTL text log: part 1

OTL logfile created on: 11/27/2013 9:18:53 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gateway\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 66.57% Memory free
7.35 Gb Paging File | 5.65 Gb Available in Paging File | 76.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 577.70 Gb Total Space | 535.68 Gb Free Space | 92.73% Space Free | Partition Type: NTFS

Computer Name: GATEWAY-PC | User Name: Gateway | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Gateway\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
PRC - C:\Program Files (x86)\AOL Desktop 9.6\shellmon.exe (AOL Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Common Files\AOL\1319763878\ee\aolsoftware.exe (AOL Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe (AOL LLC)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WRSVC) -- C:\Program Files\Webroot\WRSA.exe (Webroot)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (Updater Service) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer Group)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (ZAPrivacyService) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (ATWPKT2) -- C:\Windows\SysWow64\drivers\atwpkt2.sys (America Online)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (GREGService) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AOL ACS) -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe (AOL LLC)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (WRkrn) -- C:\Windows\SysNative\drivers\WRkrn.sys (Webroot)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (wanatw) -- C:\Windows\SysNative\drivers\wanatw64.sys (America Online, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {71B47759-455C-49A5-8470-DAECAECD8139}
IE - HKCU\..\SearchScopes\{71B47759-455C-49A5-8470-DAECAECD8139}: "URL" = http://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=en&q={searchTerms}&gu=1ca8d8d1f53640149a92790f0d006f62&tu=10G9y008k2B0CO0&sku=&tstsId=&ver=&&r=41
IE - HKCU\..\SearchScopes\{81DDB6EF-B436-4613-9E23-1B461321FF82}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/07/06 16:08:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/07/06 16:08:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/07/06 16:08:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

[2013/06/26 09:40:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2013/11/09 09:16:26 | 000,450,660 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15467 more lines...
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\bh\zonealarm.dll (Check Point Software Technologies LTD)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE (AOL Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54344F18-F937-4512-ABA3-F3D5F88B58B2}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/11/27 08:48:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gateway\Desktop\OTL.exe
[2013/11/27 08:37:04 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Gateway\Desktop\aswMBR.exe
[2013/11/26 13:48:28 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\NNcfgjdK.sys
[2013/11/20 15:47:05 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Gateway\Documents\spybotsd162 new.exe
[2013/11/20 15:36:10 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\GVRnYNiz.sys
[2013/11/20 03:06:35 | 002,462,696 | ---- | C] (Check Point Software Technologies LTD) -- C:\Users\Gateway\Documents\zafwSetupWeb_120_104_000.exe
[2013/11/20 02:30:12 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\ptHkzOmn.sys
[2013/11/19 09:49:25 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\PhCqpvSu.sys
[2013/11/19 09:41:22 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\EfIVngcY.sys
[2013/11/19 09:37:24 | 005,497,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/11/19 09:37:23 | 003,958,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/11/19 09:37:23 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/11/19 09:37:22 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/11/19 09:37:22 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/11/19 09:37:22 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/11/19 09:28:06 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\yzfzZiiz.sys
[2013/11/19 09:19:14 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\RHMmvERY.sys
[2013/11/19 09:11:52 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\nDKFYDSZ.sys
[2013/11/19 09:03:30 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\EWkhVxVk.sys
[2013/11/19 08:55:48 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\bLMkglRo.sys
[2013/11/19 08:47:12 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\Bhbkwwrt.sys
[2013/11/19 08:39:57 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\PfrIQbGi.sys
[2013/11/19 08:32:45 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\tcJsGJfQ.sys
[2013/11/19 08:30:33 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/11/19 08:30:33 | 000,022,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2013/11/19 08:24:38 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\ZFlZrLAC.sys
[2013/11/19 08:15:48 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\rrcSAHsi.sys
[2013/11/19 08:13:43 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/11/19 08:13:42 | 002,691,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/11/19 08:13:42 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/11/19 08:13:41 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/11/19 08:13:41 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/11/19 08:13:41 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/11/19 08:13:29 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/11/19 08:13:26 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/11/19 08:13:26 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/11/19 08:13:26 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/11/19 08:13:26 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/11/19 08:13:25 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/11/19 08:13:25 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/11/19 08:13:25 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/11/19 08:13:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/11/19 08:13:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/11/19 08:13:24 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/11/19 08:13:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/11/19 08:13:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/11/19 08:13:24 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/11/19 08:13:24 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/11/19 08:13:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/11/19 08:13:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/11/19 08:13:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/11/19 08:13:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/11/19 08:13:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/11/19 08:13:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/11/19 08:13:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/11/19 08:13:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/11/19 08:13:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/11/19 08:13:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/11/19 08:13:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/11/19 08:13:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/11/19 08:13:21 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/11/19 08:13:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/11/19 08:13:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/11/19 08:13:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/11/19 08:13:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/11/19 08:13:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/11/19 08:13:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/11/19 08:13:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/11/19 08:13:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/11/19 08:13:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/11/19 08:13:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/11/19 08:13:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/11/19 08:13:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/11/19 08:13:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/11/19 08:13:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/11/19 08:13:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/11/19 08:13:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/11/19 08:13:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/11/19 08:13:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/11/19 08:13:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/11/19 08:13:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/11/19 08:11:56 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/11/19 08:07:39 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\ANkYJdBb.sys
[2013/11/19 08:06:27 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/11/19 08:04:59 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2013/11/19 08:04:59 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2013/11/19 08:04:58 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/19 08:04:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/19 08:04:58 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/19 08:04:49 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/11/19 07:51:51 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\drKitRof.sys
[2013/11/19 07:49:36 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/11/19 07:49:35 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2013/11/19 07:49:35 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2013/11/19 07:49:35 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013/11/19 07:49:35 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013/11/19 07:49:35 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013/11/19 07:49:25 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2013/11/19 07:49:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2013/11/19 07:42:47 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\IbaqcxwF.sys
[2013/11/18 02:57:01 | 022,791,896 | ---- | C] (Microsoft Corporation) -- C:\Users\Gateway\Desktop\Windows-KB890830-x64-V5.6.exe
[2013/11/18 02:38:45 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\KxzRAfDT.sys
[2013/11/14 17:08:52 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\AObrlJiW.sys
[2013/11/12 19:32:08 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\lqPzNizH.sys
[2013/11/10 08:06:38 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\vbmVTJdr.sys
[2013/11/08 09:35:25 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\xyPGyqUk.sys
[2013/11/03 17:49:29 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\XrdphSqK.sys
[2013/11/01 14:08:35 | 000,000,000 | ---D | C] -- C:\Users\Gateway\Documents\CraftClassesNovember
[2013/10/30 19:37:04 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\IgBmIWge.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
OTL txt log part 2:
========== Files - Modified Within 30 Days ==========

[2013/11/27 09:13:44 | 000,000,566 | ---- | M] () -- C:\Users\Gateway\Desktop\MBR.zip
[2013/11/27 09:08:47 | 000,000,512 | ---- | M] () -- C:\Users\Gateway\Desktop\MBR.dat
[2013/11/27 08:48:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gateway\Desktop\OTL.exe
[2013/11/27 08:37:07 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Gateway\Desktop\aswMBR.exe
[2013/11/27 08:34:06 | 000,891,200 | ---- | M] () -- C:\Users\Gateway\Desktop\SecurityCheck.exe
[2013/11/27 08:30:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/26 13:48:28 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\NNcfgjdK.sys
[2013/11/26 13:48:28 | 000,000,754 | ---- | M] () -- C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
[2013/11/23 07:28:24 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/23 07:28:24 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/20 15:47:08 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Gateway\Documents\spybotsd162 new.exe
[2013/11/20 15:36:10 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\GVRnYNiz.sys
[2013/11/20 03:06:39 | 002,462,696 | ---- | M] (Check Point Software Technologies LTD) -- C:\Users\Gateway\Documents\zafwSetupWeb_120_104_000.exe
[2013/11/20 02:30:12 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\ptHkzOmn.sys
[2013/11/19 09:53:36 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/19 09:53:36 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/19 09:53:36 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/19 09:49:25 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\PhCqpvSu.sys
[2013/11/19 09:49:01 | 2960,519,168 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/19 09:41:22 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\EfIVngcY.sys
[2013/11/19 09:41:13 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/19 09:28:06 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\yzfzZiiz.sys
[2013/11/19 09:19:14 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\RHMmvERY.sys
[2013/11/19 09:11:52 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\nDKFYDSZ.sys
[2013/11/19 09:03:30 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\EWkhVxVk.sys
[2013/11/19 08:55:48 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\bLMkglRo.sys
[2013/11/19 08:47:12 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\Bhbkwwrt.sys
[2013/11/19 08:39:57 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\PfrIQbGi.sys
[2013/11/19 08:32:45 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\tcJsGJfQ.sys
[2013/11/19 08:24:38 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\ZFlZrLAC.sys
[2013/11/19 08:15:48 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\rrcSAHsi.sys
[2013/11/19 08:07:39 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\ANkYJdBb.sys
[2013/11/19 07:51:51 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\drKitRof.sys
[2013/11/19 07:42:47 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\IbaqcxwF.sys
[2013/11/18 02:57:01 | 022,791,896 | ---- | M] (Microsoft Corporation) -- C:\Users\Gateway\Desktop\Windows-KB890830-x64-V5.6.exe
[2013/11/18 02:38:45 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\KxzRAfDT.sys
[2013/11/16 14:54:42 | 002,264,591 | ---- | M] () -- C:\Users\Gateway\Documents\Identity_Theft_Resource_Guide.pdf
[2013/11/14 17:08:52 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\AObrlJiW.sys
[2013/11/12 19:32:08 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\lqPzNizH.sys
[2013/11/10 08:06:38 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\vbmVTJdr.sys
[2013/11/10 07:32:49 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/11/10 07:32:48 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/11/09 09:16:26 | 000,450,660 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/11/08 09:35:25 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\xyPGyqUk.sys
[2013/11/03 17:49:29 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\XrdphSqK.sys
[2013/11/01 14:08:35 | 001,300,208 | ---- | M] () -- C:\Users\Gateway\Documents\CraftClassesNovember.zip
[2013/10/30 19:37:04 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\IgBmIWge.sys
[2013/10/30 18:33:47 | 001,438,796 | ---- | M] () -- C:\Users\Gateway\Documents\silverscript 2 2014.pdf
[2013/10/30 18:33:08 | 001,887,054 | ---- | M] () -- C:\Users\Gateway\Documents\silverscript 2014.pdf
[2013/10/30 18:24:22 | 000,229,859 | ---- | M] () -- C:\Users\Gateway\Documents\EnrollExtra29975 2014.pdf
[2013/10/30 18:19:26 | 000,918,070 | ---- | M] () -- C:\Users\Gateway\Documents\AEPart129802 2014.pdf
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/27 09:13:44 | 000,000,566 | ---- | C] () -- C:\Users\Gateway\Desktop\MBR.zip
[2013/11/27 09:08:47 | 000,000,512 | ---- | C] () -- C:\Users\Gateway\Desktop\MBR.dat
[2013/11/27 08:33:54 | 000,891,200 | ---- | C] () -- C:\Users\Gateway\Desktop\SecurityCheck.exe
[2013/11/16 14:54:37 | 002,264,591 | ---- | C] () -- C:\Users\Gateway\Documents\Identity_Theft_Resource_Guide.pdf
[2013/11/01 14:08:28 | 001,300,208 | ---- | C] () -- C:\Users\Gateway\Documents\CraftClassesNovember.zip
[2013/10/30 18:33:47 | 001,438,796 | ---- | C] () -- C:\Users\Gateway\Documents\silverscript 2 2014.pdf
[2013/10/30 18:33:07 | 001,887,054 | ---- | C] () -- C:\Users\Gateway\Documents\silverscript 2014.pdf
[2013/10/30 18:24:21 | 000,229,859 | ---- | C] () -- C:\Users\Gateway\Documents\EnrollExtra29975 2014.pdf
[2013/10/30 18:19:25 | 000,918,070 | ---- | C] () -- C:\Users\Gateway\Documents\AEPart129802 2014.pdf

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/07/06 14:37:49 | 000,000,000 | ---D | M] -- C:\Users\Gateway\AppData\Roaming\Barnes & Noble
[2012/06/04 07:33:59 | 000,000,000 | ---D | M] -- C:\Users\Gateway\AppData\Roaming\CheckPoint
[2011/10/27 15:32:01 | 000,000,000 | ---D | M] -- C:\Users\Gateway\AppData\Roaming\Packard Bell

========== Purity Check ==========



========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.ADML >
[2009/07/13 21:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml

< MD5 for: EXPLORER.ADMX >
[2009/06/10 15:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/11/19 23:24:03 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/19 23:17:01 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/19 23:24:03 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/11/19 23:17:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/19 23:24:03 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/11/19 23:17:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/11/19 23:24:03 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/11/19 23:17:01 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2009/07/13 21:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/13 21:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2009/07/13 21:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/13 21:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui

< MD5 for: IEXPLORE.EXE >
[2013/03/03 23:49:09 | 000,672,928 | ---- | M] (Microsoft Corporation) MD5=050A612C1CE0C7095CAD64EA32C570DB -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21484_none_1a42c5438bf82907\iexplore.exe
[2012/10/27 00:02:44 | 000,672,832 | ---- | M] (Microsoft Corporation) MD5=06A8334D76DCF0DFFA738A512BDCD5F7 -- C:\Windows\SoftwareDistribution\Download\d947653edcc5b14819f588a215a37fa0\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17153_none_19d8942672c321c5\iexplore.exe
[2010/09/07 23:36:39 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=14803EA3E5DD7CB37CB446C74CFDA38F -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_1a39121b8bff3c23\iexplore.exe
[2009/07/13 20:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2011/08/19 23:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=41FE5E37EFE0B587A688BA0E4FA41288 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_19d3ea0872c5a830\iexplore.exe
[2010/09/08 00:37:57 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=4879CB864E290BED38C5BDB641144B1B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_0fe467c9579e7a28\iexplore.exe
[2010/09/08 00:49:01 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=498035ABCCF1ED47AE6791D239187587 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_0f6c69ae3e743d20\iexplore.exe
[2012/10/27 00:56:51 | 000,696,384 | ---- | M] (Microsoft Corporation) MD5=4CDF8DE0C9F0A245B7348FDD2866F176 -- C:\Windows\SoftwareDistribution\Download\d947653edcc5b14819f588a215a37fa0\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21355_none_100f8919577e2f69\iexplore.exe
[2011/07/06 16:44:43 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=58CF468D3FF4CF830339FE5E45356355 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_1a0bc510729d1f54\iexplore.exe
[2013/03/02 00:06:58 | 000,672,912 | ---- | M] (Microsoft Corporation) MD5=58D926F3B2113BF849162C9C26FE21DC -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013/03/02 00:06:58 | 000,672,912 | ---- | M] (Microsoft Corporation) MD5=58D926F3B2113BF849162C9C26FE21DC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17267_none_19d1c74872c7a039\iexplore.exe
[2010/09/07 23:31:24 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=61EDBCE47ADF3E52AB0B9F49EE4AEBB8 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_19c1140072d4ff1b\iexplore.exe
[2011/07/06 16:44:43 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6B2258FF6D2332073FE9E90122FA4168 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_1a75f2618bd22c48\iexplore.exe
[2012/10/27 00:37:44 | 000,696,400 | ---- | M] (Microsoft Corporation) MD5=7BF529AEFBAD8946747A1D592BCD31AB -- C:\Windows\SoftwareDistribution\Download\d947653edcc5b14819f588a215a37fa0\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17153_none_0f83e9d43e625fca\iexplore.exe
[2011/08/20 00:46:07 | 000,696,576 | ---- | M] (Microsoft Corporation) MD5=AC1CC7CD5CBE60EFF105BB3C0DC199C5 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_0f7f3fb63e64e635\iexplore.exe
[2013/03/02 00:50:08 | 000,696,480 | ---- | M] (Microsoft Corporation) MD5=AFB0FE34A9B7F1B7A70276B9C1A78114 -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/03/02 00:50:08 | 000,696,480 | ---- | M] (Microsoft Corporation) MD5=AFB0FE34A9B7F1B7A70276B9C1A78114 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17267_none_0f7d1cf63e66de3e\iexplore.exe
[2013/03/04 00:42:51 | 000,696,464 | ---- | M] (Microsoft Corporation) MD5=B1B17B56E0F9AE84A1F75E757217154E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21484_none_0fee1af15797670c\iexplore.exe
[2011/08/20 00:42:38 | 000,696,576 | ---- | M] (Microsoft Corporation) MD5=C66C8BF791F9DB974022506265518EE0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_102322ab576fcd64\iexplore.exe
[2012/10/26 23:57:50 | 000,672,832 | ---- | M] (Microsoft Corporation) MD5=CAB945F6B0700D84DE40ED1FA6DB15F2 -- C:\Windows\SoftwareDistribution\Download\d947653edcc5b14819f588a215a37fa0\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21355_none_1a64336b8bdef164\iexplore.exe
[2011/07/06 16:44:43 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=D8E00EA671A1EFE95C69C7566C505AD4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_0fb71abe3e3c5d59\iexplore.exe
[2011/07/06 16:44:43 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=E220FB009F54AAF649C6A278A5156764 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_1021480f57716a4d\iexplore.exe
[2009/07/13 20:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
[2011/08/19 23:32:44 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=FA623BE79902A7B49FF4F21117B63C83 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_1a77ccfd8bd08f5f\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2009/07/13 21:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/07/13 21:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_09122aaf762607df\iexplore.exe.mui
[2009/07/13 21:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2009/07/13 21:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_1366d501aa86c9da\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-A033F7A0.PF >
[2013/11/26 13:48:15 | 000,247,748 | ---- | M] () MD5=84E76CA77E7393817C6A9BF5FD5F7532 -- C:\Windows\Prefetch\IEXPLORE.EXE-A033F7A0.pf

< MD5 for: SERVICES >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/09/23 19:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/09/05 09:04:00 | 000,559,090 | ---- | M] () MD5=8ADD48E413D05BF2E7AEC00173DDFABC -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.JS >
[2010/08/16 14:07:26 | 000,018,674 | ---- | M] () MD5=7209830374F12E59D7802B687A5F0542 -- C:\Program Files (x86)\Barnes & Noble\BNDesktopReader\HTML\js\services.js

< MD5 for: SERVICES.LNK >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.SBS >
[2013/07/16 12:21:30 | 000,034,818 | ---- | M] () MD5=E2ACBC77020C8D5CE97CA61D0D859A44 -- C:\Program Files (x86)\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: WINLOGON.ADML >
[2009/07/13 21:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml

< MD5 for: WINLOGON.ADMX >
[2009/06/10 16:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx

< MD5 for: WINLOGON.EXE >
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/11/19 23:24:03 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/11/19 23:24:03 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010/11/19 23:24:03 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2009/07/13 21:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2009/07/13 21:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui

< MD5 for: WINLOGON.MFL >
[2009/07/13 21:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/13 21:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl

< MD5 for: WINLOGON.MOF >
[2009/07/13 15:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 15:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof

< %SYSTEMDRIVE%\*.* >
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/07/27 15:40:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2013/11/19 09:49:01 | 2960,519,168 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/27 20:05:30 | 000,031,259 | ---- | M] () -- C:\install.log
[2013/11/19 09:49:05 | 3947,360,256 | -HS- | M] () -- C:\pagefile.sys
[2011/02/17 01:51:25 | 000,003,459 | RHS- | M] () -- C:\Patch.rev
[2011/07/06 14:35:55 | 000,000,185 | RHS- | M] () -- C:\Preload.rev
[2011/07/06 16:00:31 | 000,002,142 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/23 02:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is Gateway
Volume Serial Number is D481-28DF
Directory of C:\
07/14/2009 12:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 12:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 12:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 12:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 12:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 12:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 12:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 12:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Gateway
07/06/2011 02:35 PM <JUNCTION> Application Data [C:\Users\Gateway\AppData\Roaming]
07/06/2011 02:35 PM <JUNCTION> Local Settings [C:\Users\Gateway\AppData\Local]
07/06/2011 02:35 PM <JUNCTION> My Documents [C:\Users\Gateway\Documents]
07/06/2011 02:35 PM <JUNCTION> NetHood [C:\Users\Gateway\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/06/2011 02:35 PM <JUNCTION> PrintHood [C:\Users\Gateway\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/06/2011 02:35 PM <JUNCTION> Recent [C:\Users\Gateway\AppData\Roaming\Microsoft\Windows\Recent]
07/06/2011 02:35 PM <JUNCTION> SendTo [C:\Users\Gateway\AppData\Roaming\Microsoft\Windows\SendTo]
07/06/2011 02:35 PM <JUNCTION> Start Menu [C:\Users\Gateway\AppData\Roaming\Microsoft\Windows\Start Menu]
07/06/2011 02:35 PM <JUNCTION> Templates [C:\Users\Gateway\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Gateway\AppData\Local
07/06/2011 02:35 PM <JUNCTION> Application Data [C:\Users\Gateway\AppData\Local]
07/06/2011 02:35 PM <JUNCTION> History [C:\Users\Gateway\AppData\Local\Microsoft\Windows\History]
07/06/2011 02:35 PM <JUNCTION> Temporary Internet Files [C:\Users\Gateway\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Gateway\Documents
07/06/2011 02:35 PM <JUNCTION> My Music [C:\Users\Gateway\Music]
07/06/2011 02:35 PM <JUNCTION> My Pictures [C:\Users\Gateway\Pictures]
07/06/2011 02:35 PM <JUNCTION> My Videos [C:\Users\Gateway\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
49 Dir(s) 574,916,243,456 bytes free

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/10/27 12:53:08 | 000,000,221 | -HS- | M] () -- C:\Users\Gateway\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2013/11/27 08:37:07 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Gateway\Desktop\aswMBR.exe
[2013/11/27 08:48:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gateway\Desktop\OTL.exe
[2013/11/27 08:34:06 | 000,891,200 | ---- | M] () -- C:\Users\Gateway\Desktop\SecurityCheck.exe
[2013/11/18 02:57:01 | 022,791,896 | ---- | M] (Microsoft Corporation) -- C:\Users\Gateway\Desktop\Windows-KB890830-x64-V5.6.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Base Services ==========
SRV:64bit: - [2009/07/13 20:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2009/07/13 20:40:01 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2009/07/13 20:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2009/07/13 20:40:10 | 000,703,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 02:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 17:01:38 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2009/07/13 20:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2009/07/13 20:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2009/07/13 20:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 01:17:10 | 000,182,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 20:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 20:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 20:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009/07/13 20:41:10 | 000,500,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/13 20:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 20:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 20:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 20:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2009/07/13 20:41:52 | 000,302,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 06:21:59 | 000,404,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2010/08/21 01:29:47 | 000,558,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 02:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 20:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2009/07/13 20:41:53 | 000,343,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2009/07/13 20:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2009/07/13 20:41:53 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 02:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2010/12/21 01:16:27 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/08/27 01:14:02 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2009/07/13 20:41:54 | 000,369,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/07/13 20:16:14 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2011/07/06 16:44:08 | 001,114,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2009/07/13 20:41:55 | 000,316,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/13 20:16:15 | 000,241,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 20:41:53 | 000,208,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2009/07/13 20:39:50 | 001,598,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2009/07/13 20:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2009/07/13 20:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2009/07/13 20:41:53 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:41:56 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2009/07/13 20:41:27 | 000,824,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,578,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2009/07/13 20:39:21 | 000,127,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2009/07/13 20:14:25 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 17:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2009/07/13 20:40:32 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: TOSHIBA MK6476GSX
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 18.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 356.00MB
Starting Offset: 19455279104
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 578.00GB
Starting Offset: 19828572160
Hidden sectors: 0


< >
[2009/07/14 00:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 00:08:49 | 000,032,570 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

< End of report >
 
OTL extras:
OTL Extras logfile created on: 11/27/2013 9:18:53 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gateway\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 66.57% Memory free
7.35 Gb Paging File | 5.65 Gb Available in Paging File | 76.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 577.70 Gb Total Space | 535.68 Gb Free Space | 92.73% Space Free | Partition Type: NTFS

Computer Name: GATEWAY-PC | User Name: Gateway | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08033125-0C3B-43DF-8092-1C7036EDC339}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{124505C6-A5B5-407B-BF59-B559228B9804}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1C431710-999D-438D-ABD1-1B7D528FD64F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{37309DAA-1DCF-4C5F-A43D-DDC80F4AC52E}" = lport=137 | protocol=17 | dir=in | app=system |
"{3E2ECCBA-4F28-4CCB-BA36-023E1C8D7359}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4133C6EB-982B-481E-8FB8-F7EDCA92B755}" = rport=137 | protocol=17 | dir=out | app=system |
"{413F0B32-D3D2-4850-81D3-A52AF13A514E}" = lport=445 | protocol=6 | dir=in | app=system |
"{4A949369-7DCE-447C-93C9-23370F7FA0DB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4E61A469-AAFF-45EB-91BE-DC57E33F353A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{610B71E3-C7AF-4736-9D99-F6C47D4FBC0F}" = rport=139 | protocol=6 | dir=out | app=system |
"{64058B6B-3793-4BFF-BC75-CDC1D17ED2EA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7ECEF3BE-BEB6-4A14-86B6-847C86C825D5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8FC37971-ABA4-492A-A4A7-D22F25D40F7C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9043E263-FBFD-48CA-A3A7-ADC2DD191942}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9D80E1FC-49B2-493E-91B5-46F1C8CF07CA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A413C081-D666-4E12-B17C-5E01EE4CDA6C}" = rport=138 | protocol=17 | dir=out | app=system |
"{AC89F89C-AE31-4A30-A9EC-5FDCE9AB997E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C07B2188-DC56-4B59-BB07-BEEB99766417}" = lport=139 | protocol=6 | dir=in | app=system |
"{C8955D59-4034-4D15-8169-CFEA14CC76E5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CB887B12-E39A-4297-8898-8FBB16D7F11A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D19B22BD-EA06-4FA2-9AF4-349B08B28D70}" = lport=138 | protocol=17 | dir=in | app=system |
"{D26C2539-43E7-43C3-9C0C-E3A1CF49CAD7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D28390A8-7965-4754-AD0B-3A5B831568DF}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049364A8-AC3B-4C2C-A313-6C7C56ECC790}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{0DC622B9-593C-4223-ACCE-9D87BA47A5FF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{100ED4B5-2054-4383-A7D3-42A7E275E738}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{1035D2F0-4612-4F2B-B6E0-F692A23CFE99}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe |
"{1047E8F8-F8EC-41A7-A09C-6CC57FB7C9E3}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe |
"{1EDB6A1D-1762-4EF7-AE7D-FCAB997B2A4A}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.6\waol.exe |
"{22F28366-2D3D-4F96-B88B-D8EB98792E5C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{24D661B2-5F6A-4D5A-9137-71AE2E7539A5}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{281F0925-BEEA-417B-80A3-2F1FF0D83D9F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2E7017DF-4182-4BDD-905D-4DDDAD130014}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{35A6A6C5-47B5-47D5-BFD5-DC01235A6443}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3C0D68DA-A8DF-421C-AE9E-5B28A6651F88}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3C319C9B-62F5-44BF-ABF9-7AA7ED205013}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.6\waol.exe |
"{4336DA2D-5B63-4B35-915F-328548F3394D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{47078487-E363-4235-B4C4-E863302ADF95}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{49486E27-265D-46D6-B0E6-2ABDBEC60515}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.6\aolbrowser\aolbrowser.exe |
"{5C4A0A61-C899-4117-B84A-57FF9BF3061C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5C720EC0-69E1-4EE5-8A20-B7F62C17C733}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe |
"{743070D2-39A3-4B60-AD8A-68F50B0A48A9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{74769B6D-73AA-40A8-886E-2CF85394932E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7501FF9C-1E02-48E1-BD3B-6662855EFD4B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe |
"{8003F660-730F-46CA-BEFB-A328CEC663C7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8027DD00-668B-408C-AD03-077D73034101}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{8657DE10-E9D9-4E5E-887E-94C3A70C6224}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8B4EC0C9-AC07-4FBB-AC41-050D88D3D94E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{930B4270-9FD5-41DE-8D3D-6FBA2761A61E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9B18214D-C5B8-476A-90F6-35E975099FD2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9FEDBCAB-F42A-4C14-9CE5-8EA18C4EE392}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{A56A25CE-3A83-44AB-802A-B70C3B06C68B}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1319763878\ee\aolsoftware.exe |
"{A6460087-1733-420C-B8B3-62A011F859D6}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe |
"{A75D866C-B005-4E98-B180-E98A2DBEE76A}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1319763878\ee\aolsoftware.exe |
"{B51F5D5A-D0CC-4CFA-B715-DDC4D075BE82}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{B628DA4B-7045-4DCF-8A2F-74AC7C96F7FD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C11894C1-FF1A-4533-9572-A1A93970B07D}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.6\aolbrowser\aolbrowser.exe |
"{C4E75D5D-3E14-4F8E-8439-63DEFA0D4037}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D08E47D2-8F44-4168-B82A-42BB0B777046}" = protocol=6 | dir=out | app=system |
"{D1885F3D-7AA8-4C56-BA64-E3EDBAE394F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DF94007C-1588-42A0-8846-1622C7CBEF19}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe |
"{E1106904-1597-4E4D-B5A7-1A5F017F28DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EBE55A4C-3684-42BC-AEC9-5E31EEC6BABD}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{ED00AC6E-18F5-4404-92FA-292365669592}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028dfa5d-88fa-4049-b9b2-e66394fc0d9a}" = Nero 9 Essentials
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E3A2325-7712-454A-AC84-7816C3F69C3D}" = ZoneAlarm Firewall
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{462D4436-6C19-4449-B6B9-A7D8B155FCD7}" = ScanTool
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Gateway Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83299633-1261-47A3-84F3-6F02B4B8CDB1}" = Video Web Camera
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E63014A6-9E7B-46A5-B9FE-6E4B76072D1F}" = ZoneAlarm Security
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"BN_DesktopReader" = NOOK for PC
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"Gateway Game Console" = Gateway Game Console
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Identity Card" = Identity Card
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Gateway Social Networks
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Gateway MyBackup
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
"LManager" = Launch Manager
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite" = Windows Live Essentials
"WRUNINST" = Webroot SecureAnywhere
"WT088049" = Agatha Christie - Death on the Nile
"WT088062" = Bejeweled 2 Deluxe
"WT088067" = Build-a-lot 2
"WT088074" = Chuzzle Deluxe
"WT088080" = Diner Dash 2 Restaurant Rescue
"WT088115" = Jewel Quest Solitaire 2
"WT088135" = Plants vs. Zombies
"WT088375" = Blackhawk Striker 2
"WT088395" = Dora's Carnival Adventure
"WT088415" = FATE
"WT088447" = John Deere Drive Green
"WT088451" = Penguins!
"WT088455" = Polar Bowler
"WT088459" = Polar Golfer
"WT088507" = Virtual Villagers 4 - The Tree of Life
"WT088546" = Zuma's Revenge
"WT088651" = 18 Wheels of Steel - American Long Haul
"WT088655" = Jewel Quest - Heritage
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/9/2013 10:47:15 AM | Computer Name = Gateway-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 11/10/2013 8:26:16 AM | Computer Name = Gateway-PC | Source = Application Error | ID = 1000
Description = Faulting application name: install_flashplayer11x32ax_gtbd_chrd_dn_aaa_aih[1].exe,
version: 3.3.9.0, time stamp: 0x51c7f3cd Faulting module name: igdumd32.dll, version:
8.15.10.2119, time stamp: 0x4bcf3f7b Exception code: 0xc0000409 Fault offset: 0x000165f6
Faulting
process id: 0x3070 Faulting application start time: 0x01cede100ba2d7da Faulting application
path: C:\Users\Gateway\AppData\Local\Temp\install_flashplayer11x32ax_gtbd_chrd_dn_aaa_aih[1].exe
Faulting
module path: C:\Windows\system32\igdumd32.dll Report Id: 4af84e5b-4a03-11e3-95cb-00038a000015

Error - 11/13/2013 6:40:29 PM | Computer Name = Gateway-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 11/13/2013 6:41:00 PM | Computer Name = Gateway-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 11/16/2013 4:41:24 PM | Computer Name = Gateway-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 11/16/2013 4:41:59 PM | Computer Name = Gateway-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 11/17/2013 12:45:37 PM | Computer Name = Gateway-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 11/17/2013 12:46:08 PM | Computer Name = Gateway-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 11/18/2013 12:31:11 PM | Computer Name = Gateway-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 11/18/2013 12:31:43 PM | Computer Name = Gateway-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 11/21/2013 11:58:13 AM | Computer Name = Gateway-PC | Source = BROWSER | ID = 8032
Description =

Error - 11/22/2013 8:36:08 AM | Computer Name = Gateway-PC | Source = BROWSER | ID = 8032
Description =

Error - 11/23/2013 8:39:16 AM | Computer Name = Gateway-PC | Source = BROWSER | ID = 8032
Description =

Error - 11/24/2013 9:01:14 AM | Computer Name = Gateway-PC | Source = BROWSER | ID = 8032
Description =

Error - 11/24/2013 4:27:13 PM | Computer Name = Gateway-PC | Source = BROWSER | ID = 8032
Description =

Error - 11/24/2013 7:08:14 PM | Computer Name = Gateway-PC | Source = BROWSER | ID = 8032
Description =

Error - 11/25/2013 8:57:24 AM | Computer Name = Gateway-PC | Source = BROWSER | ID = 8032
Description =

Error - 11/26/2013 5:23:12 AM | Computer Name = Gateway-PC | Source = BROWSER | ID = 8032
Description =

Error - 11/26/2013 9:59:35 AM | Computer Name = Gateway-PC | Source = BROWSER | ID = 8032
Description =

Error - 11/27/2013 9:30:13 AM | Computer Name = Gateway-PC | Source = BROWSER | ID = 8032
Description =


< End of report >
 
Hi NutherStamper,

I am using IE 10 at the moment. I downloaded that yesterday but I'm still not seeing the Installation of desktop items in the Internet list of things. If you could point me to where it should be located I'll take another look.
Click to expand...
I don't really use IE, but have it installed just the same so it took me a few minutes to find the correct step.

Access security settings in Internet Explorer by clicking Tools ("View" in earlier versions of IE) > Internet Options > Security (tab) > click the "Custom Level" button.

Scroll down to Downloads:

File Download - set to Enable
Font Download - set to Prompt

Click OK to exit the Security tab, and Exit the Tools menu.

=========================
=========================

Onto the logs .....

=========================
=========================

You are missing SP1 for your Operating System.

Windows Update
  • Open Windows Update by clicking the Start button . In the search box, type Update, and then, in the list of results, click Windows Update.
  • In the left pane, click Check for updates, and then wait while Windows looks for the latest updates for your computer.
  • If you see a message telling you that important updates are available, or telling you to review important updates, click the message to view and select the important updates to install.
  • In the list, click the important updates for more information. Select the check boxes for any updates that you want to install, and then click OK.
  • Click Install updates.
  • Read and accept the license terms, and then click Finish if the update requires it. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
=========================

Run OTL.exe

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :OTL
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

:Files
ipconfig /flushdns /c

:Commands
[purity]
[createrestorepoint]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
=========================

Re- run AdwCleaner

It should be on your desktop
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================

Junkware Removal Tool

Download Junkware Removal Tool to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
=========================

Re-run OTL (it should be located on your desktop).
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
    Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
=========================

In your next post please provide the following:
  • OTL fix log
  • AdwCleaner[S0].txt
  • JRT.txt
  • Fresh OTL.txt
  • Any symptoms?
 
I think I messed something up pretty bad. So here's what I did.

Did all the important updates for my laptop(except BingBar which I don't use and really would like to not have on my laptop).

Ran OTL with the Fix. Everything ran ok.

Ran AdwClean, Scan first, then Clean. Started to reboot and I forgot I had Webroot SecureAnywhere activated at the time (it loads every time I reboot and I usually deactivate it most of the time because it interfers with everything but I use it to clear temp files). So it popped up something and asked if I wanted it to allow and I said yes (I think it was the file for ADWCleaner). Then it popped up with asking to allow System32/netsh.exe I just closed the window with the red x in the corner and the computer rebooted.

It's taking a very loooonnngggg time to reboot and when it does it says Failed to connect to Windows Service and I have no broadband connection.


I tried to detect a setting and it says Windows could not auto detect network proxy settings.

I've done a hard boot on it and it's still the same.

What did I do? and can we go back before Adwcleaner? I didn't want to attempt a restore on my own so as not to mess up what we've done already or make it even worse.
that's as far as I've gotten. I hope you can help.
 
Hi NutherStamper,

Try these commands in sequence, but test system between commands:

You must run the command prompt as an administrator or in an "elevated mode".
  • Start menu, in the search bar type "cmd"
  • Right-click the cmd icon, select "run as administrator"
    • If you have user account control (UAC) set up it may prompt you to accept that action.
  • Then type in "netsh int ip reset reset.log" then hit Enter
=========================

Reboot

=========================

If that doesn't correct the issue continue with these commands:

Reboot after each command and test
  1. netsh winsock reset catalog
  2. netsh int ipv4 reset reset.log
  3. netsh int ipv6 reset reset.log
=========================

If these steps do not correct the problem then go ahead and Restore back to a previous date, then continue with scans requested.
 
Thanks so much!
The winsock reset catalog one worked so I'm back online but I seem to be missing a shortcut on my desktop (not sure which one yet). I can't believe I messed that whole thing up.
I'm running junkware now. I will post the logs for the first three as soon as junkware is done and then rerun OTL. I hope nothing got messed up.
 
OTL fix log:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Gateway\Desktop\cmd.bat deleted successfully.
C:\Users\Gateway\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gateway
->Temp folder emptied: 120702590 bytes
->Temporary Internet Files folder emptied: 11686728 bytes
->Flash cache emptied: 553 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 109499347 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 231.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11272013_162747

Files\Folders moved on Reboot...
C:\Users\Gateway\AppData\Local\Temp\CMLS--2013-11-27--16-27-49.log moved successfully.
C:\Users\Gateway\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Gateway\AppData\Local\Temp\~DF4A00D6814C9CDE48.TMP moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File\Folder C:\Windows\temp\ZLT014fd.TMP not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
adwcleaner log:
# AdwCleaner v3.013 - Report created 27/11/2013 at 16:33:48
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Home Premium (64 bits)
# Username : Gateway - GATEWAY-PC
# Running from : C:\Users\Gateway\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\Users\Gateway\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Gateway\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2645238
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.17267


*************************

AdwCleaner[R0].txt - [4039 octets] - [27/11/2013 16:32:38]
AdwCleaner[S0].txt - [4066 octets] - [27/11/2013 16:33:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4126 octets] ##########
 
JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Gateway on Wed 11/27/2013 at 19:21:44.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\viewpointmediaplayer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{81DDB6EF-B436-4613-9E23-1B461321FF82}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\viewpoint"
Successfully deleted: [Folder] "C:\Program Files (x86)\viewpoint"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/27/2013 at 19:28:51.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
fresh otl log
OTL logfile created on: 11/27/2013 7:58:01 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gateway\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 66.09% Memory free
7.35 Gb Paging File | 6.03 Gb Available in Paging File | 82.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 577.70 Gb Total Space | 535.11 Gb Free Space | 92.63% Space Free | Partition Type: NTFS

Computer Name: GATEWAY-PC | User Name: Gateway | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Gateway\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
PRC - C:\Program Files (x86)\AOL Desktop 9.6\waol.exe (AOL Inc.)
PRC - C:\Program Files (x86)\AOL Desktop 9.6\shellmon.exe (AOL Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Common Files\AOL\1319763878\ee\aolsoftware.exe (AOL Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe (AOL LLC)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\AOL Desktop 9.6\zlib.dll ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WRSVC) -- C:\Program Files\Webroot\WRSA.exe (Webroot)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (Updater Service) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer Group)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (ZAPrivacyService) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (GREGService) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AOL ACS) -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe (AOL LLC)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (WRkrn) -- C:\Windows\SysNative\drivers\WRkrn.sys (Webroot)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (wanatw) -- C:\Windows\SysNative\drivers\wanatw64.sys (America Online, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {71B47759-455C-49A5-8470-DAECAECD8139}
IE - HKCU\..\SearchScopes\{71B47759-455C-49A5-8470-DAECAECD8139}: "URL" = http://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=en&q={searchTerms}&gu=1ca8d8d1f53640149a92790f0d006f62&tu=10G9y008k2B0CO0&sku=&tstsId=&ver=&&r=41
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/07/06 16:08:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/07/06 16:08:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/07/06 16:08:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

[2013/06/26 09:40:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2013/11/09 09:16:26 | 000,450,660 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15467 more lines...
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\bh\zonealarm.dll (Check Point Software Technologies LTD)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE (AOL Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54344F18-F937-4512-ABA3-F3D5F88B58B2}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/27 19:36:28 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\ZPthFARi.sys
[2013/11/27 19:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2013/11/27 19:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Viewpoint
[2013/11/27 19:21:41 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/27 19:14:28 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\zHXiWUlq.sys
[2013/11/27 19:08:11 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\qlLcfemZ.sys
[2013/11/27 16:48:36 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\nFxkDuxA.sys
[2013/11/27 16:44:05 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\rRoRclXb.sys
[2013/11/27 16:37:19 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\GYSqTvDM.sys
[2013/11/27 16:32:34 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/27 16:30:26 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\ZAGugwrS.sys
[2013/11/27 16:27:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/27 16:25:39 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Gateway\Desktop\JRT.exe
[2013/11/27 16:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/11/27 16:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/11/27 16:14:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/11/27 16:05:09 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\YkcgezEK.sys
[2013/11/27 15:50:32 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2013/11/27 15:50:32 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2013/11/27 15:36:13 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2013/11/27 15:36:12 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2013/11/27 15:36:12 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2013/11/27 15:36:12 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2013/11/27 15:32:00 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2013/11/27 15:17:55 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\flNdTVxr.sys
[2013/11/27 15:12:16 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/11/27 15:12:16 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/11/27 08:48:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gateway\Desktop\OTL.exe
[2013/11/27 08:37:04 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Gateway\Desktop\aswMBR.exe
[2013/11/26 13:48:28 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\NNcfgjdK.sys
[2013/11/20 15:47:05 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Gateway\Documents\spybotsd162 new.exe
[2013/11/20 15:36:10 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\GVRnYNiz.sys
[2013/11/20 03:06:35 | 002,462,696 | ---- | C] (Check Point Software Technologies LTD) -- C:\Users\Gateway\Documents\zafwSetupWeb_120_104_000.exe
[2013/11/20 02:30:12 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\ptHkzOmn.sys
[2013/11/19 09:49:25 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\PhCqpvSu.sys
[2013/11/19 09:41:22 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\EfIVngcY.sys
[2013/11/19 09:37:24 | 005,497,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/11/19 09:37:23 | 003,958,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/11/19 09:37:23 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/11/19 09:37:22 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/11/19 09:37:22 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/11/19 09:37:22 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/11/19 09:28:06 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\yzfzZiiz.sys
[2013/11/19 09:19:14 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\RHMmvERY.sys
[2013/11/19 09:11:52 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\nDKFYDSZ.sys
[2013/11/19 09:03:30 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\EWkhVxVk.sys
[2013/11/19 08:55:48 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\bLMkglRo.sys
[2013/11/19 08:47:12 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\Bhbkwwrt.sys
[2013/11/19 08:39:57 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\PfrIQbGi.sys
[2013/11/19 08:32:45 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\tcJsGJfQ.sys
[2013/11/19 08:30:33 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/11/19 08:30:33 | 000,022,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2013/11/19 08:24:38 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\ZFlZrLAC.sys
[2013/11/19 08:15:48 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\rrcSAHsi.sys
[2013/11/19 08:13:43 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/11/19 08:13:42 | 002,691,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/11/19 08:13:42 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/11/19 08:13:41 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/11/19 08:13:41 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/11/19 08:13:41 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/11/19 08:13:29 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/11/19 08:13:26 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/11/19 08:13:26 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/11/19 08:13:26 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/11/19 08:13:26 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/11/19 08:13:25 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/11/19 08:13:25 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/11/19 08:13:25 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/11/19 08:13:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/11/19 08:13:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/11/19 08:13:24 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/11/19 08:13:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/11/19 08:13:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/11/19 08:13:24 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/11/19 08:13:24 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/11/19 08:13:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/11/19 08:13:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/11/19 08:13:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/11/19 08:13:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/11/19 08:13:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/11/19 08:13:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/11/19 08:13:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/11/19 08:13:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/11/19 08:13:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/11/19 08:13:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/11/19 08:13:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/11/19 08:13:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/11/19 08:13:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/11/19 08:13:21 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/11/19 08:13:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/11/19 08:13:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/11/19 08:13:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/11/19 08:13:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/11/19 08:13:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/11/19 08:13:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/11/19 08:13:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/11/19 08:13:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/11/19 08:13:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/11/19 08:13:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/11/19 08:13:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/11/19 08:13:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/11/19 08:13:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/11/19 08:13:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/11/19 08:13:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/11/19 08:13:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/11/19 08:13:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/11/19 08:13:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/11/19 08:13:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/11/19 08:13:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/11/19 08:11:56 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/11/19 08:11:48 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/11/19 08:11:48 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/11/19 08:11:48 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/11/19 08:11:47 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/11/19 08:11:47 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/11/19 08:11:47 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/11/19 08:11:47 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/11/19 08:11:47 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/11/19 08:11:47 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/11/19 08:11:47 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/11/19 08:11:47 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/11/19 08:11:47 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/11/19 08:11:47 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/11/19 08:11:47 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/11/19 08:11:47 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/11/19 08:11:46 | 002,745,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/11/19 08:11:46 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/11/19 08:11:46 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/11/19 08:11:46 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/11/19 08:11:46 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/11/19 08:11:46 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/11/19 08:11:46 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/11/19 08:11:45 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/11/19 08:11:44 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/11/19 08:11:42 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/11/19 08:11:42 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/11/19 08:11:42 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/11/19 08:11:42 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/11/19 08:11:42 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/11/19 08:11:42 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/11/19 08:11:41 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/11/19 08:11:41 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/11/19 08:07:39 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\ANkYJdBb.sys
[2013/11/19 08:06:27 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/11/19 08:04:59 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2013/11/19 08:04:59 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2013/11/19 08:04:58 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/19 08:04:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/19 08:04:58 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/19 08:04:49 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/11/19 07:51:51 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\drKitRof.sys
[2013/11/19 07:49:36 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/11/19 07:49:35 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2013/11/19 07:49:35 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2013/11/19 07:49:35 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013/11/19 07:49:35 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013/11/19 07:49:35 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013/11/19 07:49:25 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2013/11/19 07:49:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2013/11/19 07:42:47 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\IbaqcxwF.sys
[2013/11/18 02:57:01 | 022,791,896 | ---- | C] (Microsoft Corporation) -- C:\Users\Gateway\Desktop\Windows-KB890830-x64-V5.6.exe
[2013/11/18 02:38:45 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\KxzRAfDT.sys
[2013/11/14 17:08:52 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\AObrlJiW.sys
[2013/11/12 19:32:08 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\lqPzNizH.sys
[2013/11/10 08:06:38 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\vbmVTJdr.sys
[2013/11/08 09:35:25 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\xyPGyqUk.sys
[2013/11/03 17:49:29 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\XrdphSqK.sys
[2013/11/01 14:08:35 | 000,000,000 | ---D | C] -- C:\Users\Gateway\Documents\CraftClassesNovember
[2013/10/30 19:37:04 | 000,111,080 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\IgBmIWge.sys
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/27 19:43:40 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/27 19:43:40 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/27 19:40:40 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/27 19:40:40 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/27 19:40:40 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/27 19:36:28 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\ZPthFARi.sys
[2013/11/27 19:36:23 | 000,000,754 | ---- | M] () -- C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
[2013/11/27 19:36:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/27 19:36:02 | 2960,519,168 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/27 19:14:28 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\zHXiWUlq.sys
[2013/11/27 19:08:11 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\qlLcfemZ.sys
[2013/11/27 16:48:36 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\nFxkDuxA.sys
[2013/11/27 16:44:06 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\rRoRclXb.sys
[2013/11/27 16:37:19 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\GYSqTvDM.sys
[2013/11/27 16:30:26 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\ZAGugwrS.sys
[2013/11/27 16:25:53 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Gateway\Desktop\JRT.exe
[2013/11/27 16:21:36 | 001,091,882 | ---- | M] () -- C:\Users\Gateway\Desktop\AdwCleaner.exe
[2013/11/27 16:13:11 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/27 16:05:10 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\YkcgezEK.sys
[2013/11/27 15:17:55 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\flNdTVxr.sys
[2013/11/27 15:17:46 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/27 09:13:44 | 000,000,566 | ---- | M] () -- C:\Users\Gateway\Desktop\MBR.zip
[2013/11/27 09:08:47 | 000,000,512 | ---- | M] () -- C:\Users\Gateway\Desktop\MBR.dat
[2013/11/27 08:48:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gateway\Desktop\OTL.exe
[2013/11/27 08:37:07 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Gateway\Desktop\aswMBR.exe
[2013/11/27 08:34:06 | 000,891,200 | ---- | M] () -- C:\Users\Gateway\Desktop\SecurityCheck.exe
[2013/11/26 13:48:28 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\NNcfgjdK.sys
[2013/11/20 15:47:08 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Gateway\Documents\spybotsd162 new.exe
[2013/11/20 15:36:10 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\GVRnYNiz.sys
[2013/11/20 03:06:39 | 002,462,696 | ---- | M] (Check Point Software Technologies LTD) -- C:\Users\Gateway\Documents\zafwSetupWeb_120_104_000.exe
[2013/11/20 02:30:12 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\ptHkzOmn.sys
[2013/11/19 09:49:25 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\PhCqpvSu.sys
[2013/11/19 09:41:22 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\EfIVngcY.sys
[2013/11/19 09:28:06 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\yzfzZiiz.sys
[2013/11/19 09:19:14 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\RHMmvERY.sys
[2013/11/19 09:11:52 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\nDKFYDSZ.sys
[2013/11/19 09:03:30 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\EWkhVxVk.sys
[2013/11/19 08:55:48 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\bLMkglRo.sys
[2013/11/19 08:47:12 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\Bhbkwwrt.sys
[2013/11/19 08:39:57 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\PfrIQbGi.sys
[2013/11/19 08:32:45 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\tcJsGJfQ.sys
[2013/11/19 08:24:38 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\ZFlZrLAC.sys
[2013/11/19 08:15:48 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\rrcSAHsi.sys
[2013/11/19 08:07:39 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\ANkYJdBb.sys
[2013/11/19 07:51:51 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\drKitRof.sys
[2013/11/19 07:42:47 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\IbaqcxwF.sys
[2013/11/18 02:57:01 | 022,791,896 | ---- | M] (Microsoft Corporation) -- C:\Users\Gateway\Desktop\Windows-KB890830-x64-V5.6.exe
[2013/11/18 02:38:45 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\KxzRAfDT.sys
[2013/11/16 14:54:42 | 002,264,591 | ---- | M] () -- C:\Users\Gateway\Documents\Identity_Theft_Resource_Guide.pdf
[2013/11/14 17:08:52 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\AObrlJiW.sys
[2013/11/12 19:32:08 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\lqPzNizH.sys
[2013/11/10 08:06:38 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\vbmVTJdr.sys
[2013/11/10 07:32:49 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/11/10 07:32:48 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/11/09 09:16:26 | 000,450,660 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/11/08 09:35:25 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\xyPGyqUk.sys
[2013/11/03 17:49:29 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\XrdphSqK.sys
[2013/11/01 14:08:35 | 001,300,208 | ---- | M] () -- C:\Users\Gateway\Documents\CraftClassesNovember.zip
[2013/10/30 19:37:04 | 000,111,080 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\IgBmIWge.sys
[2013/10/30 18:33:47 | 001,438,796 | ---- | M] () -- C:\Users\Gateway\Documents\silverscript 2 2014.pdf
[2013/10/30 18:33:08 | 001,887,054 | ---- | M] () -- C:\Users\Gateway\Documents\silverscript 2014.pdf
[2013/10/30 18:24:22 | 000,229,859 | ---- | M] () -- C:\Users\Gateway\Documents\EnrollExtra29975 2014.pdf
[2013/10/30 18:19:26 | 000,918,070 | ---- | M] () -- C:\Users\Gateway\Documents\AEPart129802 2014.pdf
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/27 16:21:27 | 001,091,882 | ---- | C] () -- C:\Users\Gateway\Desktop\AdwCleaner.exe
[2013/11/27 15:50:35 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/11/27 15:36:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/11/27 09:13:44 | 000,000,566 | ---- | C] () -- C:\Users\Gateway\Desktop\MBR.zip
[2013/11/27 09:08:47 | 000,000,512 | ---- | C] () -- C:\Users\Gateway\Desktop\MBR.dat
[2013/11/27 08:33:54 | 000,891,200 | ---- | C] () -- C:\Users\Gateway\Desktop\SecurityCheck.exe
[2013/11/16 14:54:37 | 002,264,591 | ---- | C] () -- C:\Users\Gateway\Documents\Identity_Theft_Resource_Guide.pdf
[2013/11/01 14:08:28 | 001,300,208 | ---- | C] () -- C:\Users\Gateway\Documents\CraftClassesNovember.zip
[2013/10/30 18:33:47 | 001,438,796 | ---- | C] () -- C:\Users\Gateway\Documents\silverscript 2 2014.pdf
[2013/10/30 18:33:07 | 001,887,054 | ---- | C] () -- C:\Users\Gateway\Documents\silverscript 2014.pdf
[2013/10/30 18:24:21 | 000,229,859 | ---- | C] () -- C:\Users\Gateway\Documents\EnrollExtra29975 2014.pdf
[2013/10/30 18:19:25 | 000,918,070 | ---- | C] () -- C:\Users\Gateway\Documents\AEPart129802 2014.pdf

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
 
Ok I think I have sent you all you asked. Had to reload Viewpoint as it runs the AOL software.

I never had any symptoms of anything and any scans prior to you starting to look at the laptop came up clean.

So how do we look and what's next? And I forgot to ask if there's anything else we need to do with the other computer or is that one good to go.

Thanks for all the help especially with getting me back online. Still slapping myself in the head for that whopper of an error.
 
Hi NutherStamper,

Had to reload Viewpoint as it runs the AOL software.
Click to expand...
:bigthumb:

So how do we look and what's next? And I forgot to ask if there's anything else we need to do with the other computer or is that one good to go.
Click to expand...
Things look good, but we generally run a few more scans to verify. The other computer is good to go.

TFC

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
    • Vista, Windows 7 & 8 Right click and select "Run as Administrator"
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
=========================

Malwarebytes' Anti-Malware

Locate Malwarebytes' Anti-Malware (it should be on your desktop).
If not, download it here
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================


ESET Online Scanner

*Note:
  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.
** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.
=========================

In your next post please provide the following:

  • MBAM log
  • ESET's log.txt
  • How's the computer running?
 
Ran TFC

Ran Malwarebytes' and log to follow

Cannot get into Eset Online scanner. The page from the link is very slow to load and doesn't fully load. Tried it 3 times. Any ideas why? Let me know what to do about that and in the meantime here's the log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.28.06

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Gateway :: GATEWAY-PC [administrator]

11/28/2013 8:34:10 AM
mbam-log-2013-11-28 (08-34-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201181
Time elapsed: 4 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Gateway\Documents\install_flashplayer11x32ax_gtbd_chrd_dn_aaa_aih.exe (Trojan.Repacked) -> Quarantined and deleted successfully.

(end)
 
Finally got Eset page to load and run. Computer seems a little slow. Log below:

C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\zonealarmApp.dll a variant of Win32/Toolbar.Montiera.A application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\zonealarmEng.dll probably a variant of Win32/Toolbar.Montiera.A application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\zonealarmsrv.exe a variant of Win32/Toolbar.Montiera.A application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\zonealarmTlbr.dll a variant of Win32/Toolbar.Montiera.F application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\bh\zonealarm.dll a variant of Win32/Toolbar.Escort.A application
C:\Program Files (x86)\CheckPoint\Install\zatb.exe multiple threats
 
Hi NutherStamper,

Offline yesterday due to Thanksgiving, I appreciate your patience.

Computer will run a bit slower after running TFC until after it has rebooted a few times, it's normal.

Do you have a Toolbar associated with your Check Point Software Technologies LTD (Zone Alarm)?
 
There is a toolbar in my addon's from Zone Alarm but I have it disabled. Don't use it. If I can remove it that would be fine. There's also a BHO from zone alarm listed in my add on's that I have disabled as well.
 
Hi NutherStamper,

There is a toolbar in my addon's from Zone Alarm but I have it disabled. Don't use it. If I can remove it that would be fine. There's also a BHO from zone alarm listed in my add on's that I have disabled as well.
Click to expand...
Unfortunately it is a common practice for other third party software to be included with downloads unbeknownst to the user. That is what I think probably happened here. Asa general rule when downloading software look for the "custom" installation option. This will most likely give you the option of only installing the software you intend.

The easiest way to remove this would be to do a complete uninstall of Zone Alarm via the Control Panel, reboot then re-install but this time choose the custom installation and don't install the "extra" software offered.

Or if you choose, we can remove the items individually. Let me know how you would like to proceed.
 
Please let's remove them individually if we can. the latest version of Zone alarm won't download without installing it as the home page allowing ads so I'd rather not attempt trying to reload at this time. I will eventually go with a different firewall as soon as I check out the ones you recommended.
Thanks!
 
Status
Not open for further replies.
Back
Top