Certiified Toolbar search

debi239 · February 1, 2013

I have somehow downloaded this browser hijacker and now cannot find it to uninstall it, any help would be greatly appreciated. Thanks.:)

etavares · February 1, 2013

Hi debi239,

My name is etavares and I'll help you remove this. To begin, please follow these instructions in the link below:

Before posting for Malware Removal help.

Please copy/paste all requested logs directly into your reply this this thread.

Thanks!

-etavares

debi239 · February 2, 2013

I'm sorry but I have to send each scan separate.

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.02.01.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Deb :: DEB-PC [administrator]

2/1/2013 7:39:44 AM

mbam-log-2013-02-01 (07-39-44).txt

Scan type: Full scan (C:\|D:\|)

Scan options disabled: P2P

Objects scanned: 1143749

Time elapsed: 9 hour(s), 56 minute(s), 14 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 37

HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.

HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Quarantined and deleted successfully.

HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.

HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0696F815-A3A9-490A-BB14-9EC3350B1276} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.

Registry Values Detected: 2

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 5

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=41460&tid=3204&bs=true&q=) Good: (http://www.google.com) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=41460&tid=3204&bs=true&q=) Good: (http://www.google.com) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=41460&tid=3204&bs=true&q=) Good: (http://www.google.com/) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=41460&tid=3204&bs=true&q=) Good: (http://www.google.com) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=41460&tid=3204&bs=true&q=) Good: (http://www.google.com/) -> Quarantined and repaired successfully.

Folders Detected: 3

C:\Program Files (x86)\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\MyWebSearch\bar (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\MyWebSearch\bar\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Files Detected: 10

C:\Program Files (x86)\64res.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\64Uninstall TelevisionFanatic.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MEDINT.EXE (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files (x86)\WnSoft PicturesToExe\5.6\PicturesToExe.exe (Rogue.FakeMSE) -> Quarantined and deleted successfully.

C:\Users\Deb\AppData\LocalLow\DailyBibleGuideEI\Installr\Cache\004632E3.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Users\Deb\AppData\LocalLow\TelevisionFanaticEI\Installr\Cache\00216C3A.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

C:\Users\Deb\Downloads\Program\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.

C:\Windows\System32\t5rdv.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Program Files (x86)\MyWebSearch\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Quarantined and deleted successfully.

(end)

debi239 · February 2, 2013

This is what I get when I try to post the OTL scans. Is there any other way I can get them to you.

[h=3]The following errors occurred with your submission[/h]

The text that you have entered is too long (91261 characters). Please shorten it to 80000 characters long.

RandyL · February 2, 2013

Hi debi;

Make two posts. Put part of the text in each post please.

debi239 · February 2, 2013

OTL logfile created on: 2/1/2013 5:52:35 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Deb\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 35.95% Memory free

7.93 Gb Paging File | 5.56 Gb Available in Paging File | 70.17% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 116.44 Gb Total Space | 26.69 Gb Free Space | 22.92% Space Free | Partition Type: NTFS

Drive D: | 337.60 Gb Total Space | 87.33 Gb Free Space | 25.87% Space Free | Partition Type: NTFS

Computer Name: DEB-PC | User Name: Deb | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Deb\Desktop\OTL.scr (OldTimer Tools)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()

PRC - C:\Users\Deb\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

PRC - C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)

PRC - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)

PRC - C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe (ArcSoft Inc.)

PRC - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbarsvc.exe (DailyBibleGuide)

PRC - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbrmon.exe (DailyBibleGuide)

PRC - C:\Program Files (x86)\Pando Networks\Pando\Pando.exe (Pando Networks)

PRC - C:\Program Files (x86)\HiYo\Bin\HiYo.exe (IncrediMail, Ltd.)

PRC - C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)

PRC - C:\Windows\AsScrPro.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()

PRC - C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe (ASUSTeK Computer Inc.)

PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)

PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe ()

PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)

PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()

PRC - C:\Program Files (x86)\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)

PRC - C:\Program Files (x86)\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)

PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()

PRC - C:\Sierra\Planner\PLNRnote.exe (Sierra Online)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\HiYo\Bin\AppServerCommunication.dll ()

MOD - C:\Program Files (x86)\HiYo\Bin\IMHttpComm.dll ()

MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()

MOD - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()

MOD - C:\Program Files (x86)\ASUS\VirtualCamera\virtualCamera.ax ()

MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()

MOD - C:\Program Files (x86)\Webroot\Washer\Languages\English.dll ()

MOD - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll ()

MOD - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (FBDiskOptimizer) -- C:\Program Files (x86)\FixBee\FBDefragSrv64.exe (FixBee., (www.fixbee.com))

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()

SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll ()

SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)

SRV - (ADExchange) -- C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe (ArcSoft Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (DailyBibleGuideService) -- C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbarsvc.exe (DailyBibleGuide)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

SRV - (FastBootAgent) -- C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe (ASUSTeK Computer Inc.)

SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)

SRV - (wwEngineSvc) -- C:\Program Files (x86)\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)

SRV - (Crypkey License) -- C:\Windows\SysWow64\Crypserv.exe (Kenonic Controls Ltd.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)

DRV:64bit: - (PCWinSoft) -- C:\Windows\SysNative\drivers\scrcamnetdriver_x64.sys (Windows ® Server 2003 DDK provider)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (DigiartyVirtualCDBus) -- C:\Windows\SysNative\drivers\DigiartyVirtualCDBus.sys (Digiarty Software, Inc.)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (FARMNTIO) -- C:\Windows\SysNative\drivers\FarMntIo.sys ()

DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (ASUSTek Computer Inc)

DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)

DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)

DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)

DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)

DRV:64bit: - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows ® Win 7 DDK provider)

DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)

DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)

DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)

DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()

DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (NetworkX) -- C:\Windows\SysWOW64\Ckldrv.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=bf3&chnl=bf3&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EtA0DyEyDtC0FtAyCtBtAtN0D0Tzu0CtBtAtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=801427480

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2408}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=104&systemid=408&apn_dtid=BND408&apn_ptnrs=AGF&o=APN10654&apn_uid=7193510456114116&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=3204

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si=41460&tid=3204&bs=true&q=

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si=41460&tid=3204&bs=true&q=

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=3204

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si=41460&home=true&tid=3204

IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XMxdm0488Jus&ptnrS=XMxdm0488Jus&si=100767&ptb=858F2DF0-1B0D-40B3-8F33-AD80FF15F0F6&psa=&ind=2011050310&st=sb&n=77de3146&searchfor={searchTerms}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=bf3&chnl=bf3&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EtA0DyEyDtC0FtAyCtBtAtN0D0Tzu0CtBtAtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=801427480

IE - HKLM\..\SearchScopes\{7C19EC30-6FAD-B9F6-82AA-0C5189279B17}: "URL" = http://search.certified-toolbar.com?si=41460&bs=true&tid=3204&q={searchTerms}

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2408}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=104&systemid=408&apn_dtid=BND408&apn_ptnrs=AGF&o=APN10654&apn_uid=7193510456114116&q={searchTerms}

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.com/ig

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=3204

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://igoogle.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 0A A2 81 91 98 CB 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://mystart.hiyo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si=41460&tid=3204&bs=true&q=

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si=41460&tid=3204&bs=true&q=

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=3204

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si=41460&home=true&tid=3204

IE - HKCU\..\URLSearchHook: {f15ff29f-85a1-43cd-9674-e5ba40016c97} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vSrcAs.dll (DailyBibleGuide)

IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{0169E633-8781-F882-9BC7-7B014AE4DE4E}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z206&form=ZGAIDF&install_date=20111005&iesrc={referrer:source}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{30CFB165-2CF1-7712-E58F-3A8DBE9E3CFA}: "URL" = http://www.incredimail-start.com/s/?q={searchTerms}&iesrc=IE-SearchBox&site=Bing&cfg=2-428-0-2x4co

IE - HKCU\..\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XMxdm0488Jus&ptnrS=XMxdm0488Jus&si=100767&ptb=858F2DF0-1B0D-40B3-8F33-AD80FF15F0F6&psa=&ind=2011050310&st=sb&n=77de3146&searchfor={searchTerms}

IE - HKCU\..\SearchScopes\{4A7BC363-1B1A-469A-8A9F-B08D6190106D}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=685749&p={searchTerms}

IE - HKCU\..\SearchScopes\{63EA0726-C83D-C02E-CF27-0160BA4048EB}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS409

IE - HKCU\..\SearchScopes\{7B778A05-D20F-5F8F-66DF-EA2ADE1B9C35}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF

IE - HKCU\..\SearchScopes\{7C19EC30-6FAD-B9F6-82AA-0C5189279B17}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS409

IE - HKCU\..\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}: "URL" = http://mystart.incredimail.com/?search={searchTerms}&loc=search_box

IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2408}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=104&systemid=408&apn_dtid=BND408&apn_ptnrs=AGF&o=APN10654&apn_uid=7193510456114116&q={searchTerms}

IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS409

IE - HKCU\..\SearchScopes\{C7576B9D-B442-46bc-AF74-080A9E723E01}: "URL" = http://websearch.search-results.com/redirect?client=ie&tb=BBY2-SRS&o=41647948&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=7S&apn_dtid=YYYYYYYYUS&apn_uid=9031D046-42A2-4C65-84EC-C9DFB269878A&apn_sauid=7AB86833-9B02-4D34-9041-8E0487E93484

IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=1pcqIQ5iKit

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@DailyBibleGuide.com/Plugin: C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\NP2vStub.dll (DailyBibleGuide)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/28 07:33:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2vffxtbr@DailyBibleGuide.com: C:\Program Files (x86)\DailyBibleGuide\bar\1.bin [2011/10/14 06:41:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/18 08:19:49 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/28 07:33:53 | 000,000,000 | ---D | M]

[2013/02/01 05:54:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - plugin: Babylon Translator (Enabled) = dhkplhfnhceodhffomolpfigojocbpcb\1.4_0

CHR - plugin: Error reading preferences file

CHR - Extension: No name found = C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\

CHR - Extension: No name found = C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: No name found = C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\

CHR - Extension: No name found = C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: No name found = C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\

CHR - Extension: No name found = C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpcpcabjajdjmbkfinphfdflfipmalnj\1.0_0\

CHR - Extension: No name found = C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\

CHR - Extension: No name found = C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.6.0_0\

CHR - Extension: No name found = C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.6.0_0\facemoods\

CHR - Extension: No name found = C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)

O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (Search Assistant BHO) - {0631bff0-6846-48ca-982d-d62d7f376e97} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vSrcAs.dll (DailyBibleGuide)

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)

O2 - BHO: (Toolbar BHO) - {beea7fa9-d1f4-49a2-9b1f-6fb7a2d9bc2a} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbar.dll (DailyBibleGuide)

O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)

O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (DailyBibleGuide) - {2a942ab7-2073-49bc-a7e1-77e93835889a} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbar.dll (DailyBibleGuide)

O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)

O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.

O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {22E03916-85C5-44B0-8DC9-1830C11238D9} - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (DailyBibleGuide) - {2A942AB7-2073-49BC-A7E1-77E93835889A} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbar.dll (DailyBibleGuide)

O3 - HKCU\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)

O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)

O4:64bit: - HKLM..\Run: [EKAIO2StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKAiO2MUI.exe (Eastman Kodak Company)

O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)

O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found

O4 - HKLM..\Run: [DailyBibleGuide Browser Plugin Loader] C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbrmon.exe (DailyBibleGuide)

O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)

O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)

O4 - HKLM..\Run: [Hiyo] C:\Program Files (x86)\HiYo\bin\HiYo.exe (IncrediMail, Ltd.)

O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\lgfw.exe (Bitleader)

O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKCU..\Run: [] File not found

O4 - HKCU..\Run: [AdobeBridge] File not found

O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Deb\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

O4 - HKCU..\Run: [MimarSinan Rubber Ducky Update Setup for All Users] C:\ProgramData\{C357FF4B-BB69-4DC2-9869-55F052974DA8}\Rubber Ducky.exe (MimarSinan International )

O4 - HKCU..\Run: [Pando] C:\Program Files (x86)\Pando Networks\Pando\pando.exe (Pando Networks)

O4 - HKCU..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)

O4 - HKCU..\Run: [Window Washer] C:\Program Files (x86)\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found

O8:64bit: - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found

O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found

O8:64bit: - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found

O8:64bit: - Extra context menu item: Download with Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm ()

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found

O8 - Extra context menu item: Download with Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm ()

O9:64bit: - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files (x86)\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE_x64.dll ()

O9:64bit: - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files (x86)\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE_x64.dll ()

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin_0.5.1.cab (Imikimi_activex_plugin Control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFE16A46-948F-4F90-964E-E3E86D151408}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\System32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

debi239 · February 2, 2013

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Reminder.lnk - C:\Program Files (x86)\Broderbund\PrintMaster\pmremind.exe - (Broderbund Properties LLC)

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe - ()

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)

MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: facemoods - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)

MsConfig:64bit - StartUpReg: InstallIQUpdater - hkey= - key= - C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)

MsConfig:64bit - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

MsConfig:64bit - StartUpReg: PWRISOVM.EXE - hkey= - key= - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

MsConfig:64bit - StartUpReg: Startup Defender - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: TelevisionFanatic Browser Plugin Loader - hkey= - key= - File not found

MsConfig:64bit - State: "startup" - Reg Error: Key error.

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/02/01 17:44:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Deb\Desktop\OTL.scr

[2013/02/01 17:25:46 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\{42234831-8B08-43B1-96A6-6045FEE150A9}

[2013/02/01 07:38:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/02/01 07:37:59 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013/02/01 07:36:21 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Deb\Desktop\mbam-setup-1.70.0.1100.exe

[2013/02/01 05:25:08 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\{95CF7132-8491-4CD2-9E5E-97B82B87D47A}

[2013/01/31 10:01:41 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\{5047659E-C3FF-4879-99C3-07F8CA609FA6}

[2013/01/31 08:33:24 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\{0287C327-9C05-46BF-B7A1-9086769A2D0C}

[2013/01/30 08:59:26 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\{0731825A-EC4A-41FA-8E38-BAD4E1A1B061}

[2013/01/29 08:42:50 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\{553FB952-2015-4903-A09D-4F0E26A63C5E}

[2013/01/28 08:41:45 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\{A1A41F13-03AE-4BBA-A4E2-D4A593DF6E31}

[2013/01/27 09:26:47 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Roaming\Malwarebytes

[2013/01/27 09:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/01/27 09:26:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013/01/27 09:25:33 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\Programs

[2013/01/27 08:40:52 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\{E65F738D-9443-4971-9352-F66A692643C4}

[2013/01/24 19:47:50 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\{740A36B2-621C-4272-845E-DF12E99C78C1}

[2013/01/24 07:47:23 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\{6B52BFC3-84B8-4BC2-896D-8D8E04863DC9}

[2013/01/20 09:13:03 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\{E2E3FE0B-6FBE-4A1E-AF47-BD5041A3624B}

[2013/01/19 21:08:46 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\{B966D18E-7F69-47D5-8401-8BA6A11669E6}

[2013/01/19 19:33:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2013/01/19 09:51:27 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Roaming\Anvisoft

[2013/01/19 09:51:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\anvisoft

[2013/01/19 09:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft

[2013/01/19 05:54:49 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Roaming\FixBee

[2013/01/19 05:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\FixBee

[2013/01/18 21:07:46 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\{2E3324BA-5C42-4324-A5C6-7336F189E63C}

[2013/01/18 14:39:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FixBee Disk Optimizer

[2013/01/18 14:38:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FixBee

[2013/01/18 14:38:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SRToolbar

[2013/01/18 09:07:11 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\{8EC434FA-420B-47B7-9554-BD9441DB3FFE}

[2013/01/18 08:14:08 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2013/01/17 19:55:16 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Roaming\WinRAR

[2013/01/17 19:55:15 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\DownTango

[2013/01/17 19:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango

[2013/01/17 19:54:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Sky

[2013/01/17 19:53:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Protected Search

[2013/01/17 09:06:14 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\{2CA50C82-3F07-4F48-9707-A62F0F77B23D}

[2013/01/16 17:48:37 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\{4A67868C-A839-44EC-B25E-87C83532E0DF}

[2013/01/16 07:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard 5.6.5

[2013/01/16 05:48:02 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\{18C7CAE6-2D57-42B1-B823-8C0E23BBA00C}

[2013/01/15 09:13:53 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\{D8C64BCE-62CF-4985-90EC-1082D4CA5EF3}

[2013/01/14 15:29:14 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\{E3C4DD56-2019-4342-B117-6974C6D81EEC}

[2013/01/13 04:56:07 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\{1E9789FD-D1E5-4F0A-8197-3C96A6246FC6}

[2013/01/12 10:29:12 | 000,000,000 | ---D | C] -- C:\Users\Deb\Desktop\Good_morning!

[2013/01/12 08:22:48 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\{D5C04CAA-7B0D-46DC-A43D-5A8934F1A00A}

[2013/01/11 16:37:46 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\{86AE18EA-D2D7-4F78-A316-559CD87554C6}

[2013/01/11 04:37:23 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\{38263396-8971-473D-9686-D9E0B043A04E}

[2013/01/10 07:19:53 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\{66363DFD-6584-42C3-ABF6-26DF6393D0A3}

[2013/01/09 08:19:55 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll

[2013/01/09 08:19:55 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll

[2013/01/09 08:19:39 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2013/01/09 08:19:36 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll

[2013/01/09 08:19:27 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs

[2013/01/09 08:19:27 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs

[2013/01/09 08:19:27 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs

[2013/01/09 08:19:27 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs

[2013/01/09 08:19:27 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs

[2013/01/09 08:19:27 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs

[2013/01/09 08:19:27 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs

[2013/01/09 08:19:27 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs

[2013/01/09 08:19:27 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs

[2013/01/09 08:19:26 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll

[2013/01/09 08:19:26 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll

[2013/01/09 08:19:26 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll

[2013/01/09 08:19:26 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs

[2013/01/09 08:19:26 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs

[2013/01/09 08:19:26 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs

[2013/01/09 08:19:26 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs

[2013/01/09 08:19:26 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs

[2013/01/09 08:19:26 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs

[2013/01/09 08:19:26 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs

[2013/01/09 08:19:26 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs

[2013/01/09 08:19:26 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs

[2013/01/09 08:19:26 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs

[2013/01/09 08:19:26 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs

[2013/01/09 08:19:25 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll

[2013/01/09 08:19:25 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs

[2013/01/09 08:19:25 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs

[2013/01/09 08:19:25 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs

[2013/01/09 08:19:25 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs

[2013/01/09 08:19:25 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs

[2013/01/09 08:19:25 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs

[2013/01/09 08:19:25 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs

[2013/01/09 08:19:25 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs

[2013/01/09 08:18:51 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2013/01/09 08:18:49 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2013/01/09 08:18:49 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2013/01/09 08:18:48 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2013/01/09 08:18:48 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2013/01/09 08:18:48 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2013/01/09 08:18:48 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2013/01/09 08:18:48 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2013/01/09 08:18:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2013/01/09 08:18:48 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2013/01/09 08:18:48 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2013/01/09 08:18:48 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2013/01/09 08:18:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2013/01/09 08:18:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2013/01/09 08:18:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2013/01/09 08:18:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2013/01/09 08:18:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/01/09 08:18:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/01/09 08:18:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2013/01/09 08:18:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2013/01/09 08:18:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2013/01/09 08:18:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2013/01/09 08:18:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2013/01/09 08:18:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/01/09 08:18:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/01/09 08:18:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/01/09 08:18:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/01/09 08:18:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/01/09 08:18:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2013/01/09 08:18:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2013/01/09 08:18:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2013/01/09 08:18:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/01/09 08:18:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/01/09 08:18:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2013/01/09 08:18:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2013/01/09 08:18:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2013/01/09 08:18:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2013/01/09 08:18:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2013/01/09 08:18:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2013/01/09 08:18:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2013/01/09 08:18:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2013/01/09 08:18:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2013/01/09 08:18:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2013/01/09 08:18:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2013/01/09 08:18:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/01/09 08:18:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2013/01/09 08:18:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2013/01/09 08:18:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2013/01/09 08:18:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2013/01/09 08:18:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2013/01/09 08:18:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2013/01/09 08:18:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2013/01/09 08:18:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/01/09 08:18:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2013/01/09 08:18:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2013/01/09 08:18:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2013/01/09 08:18:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2013/01/09 08:18:46 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2013/01/09 08:18:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2013/01/09 08:18:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2013/01/09 08:18:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2013/01/09 08:18:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2013/01/09 08:18:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2013/01/09 08:18:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/01/09 08:18:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2013/01/09 08:18:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2013/01/09 08:18:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2013/01/09 08:18:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2013/01/09 08:18:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2013/01/09 08:18:29 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe

[2013/01/09 08:03:43 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\{21D7C0B8-0255-4EBE-95C2-63E2609F7963}

[2013/01/08 07:54:44 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\{08D71E41-6BCB-4D7E-8115-90912FEFFEDF}

[2013/01/07 06:58:03 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\{AC76A610-688C-47B5-9263-19DF34042B56}

[2013/01/06 06:04:06 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\{C3841884-8F5F-4B2D-BB68-75D301AD91B2}

[2013/01/05 07:11:51 | 000,000,000 | ---D | C] -- C:\Users\Deb\Documents\Medical Files

[2013/01/05 06:03:16 | 000,000,000 | ---D | C] -- C:\Users\Deb\AppData\Local\{3424CDF3-9FE0-42D6-B607-687B3EE116CC}

[2008/08/11 22:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/01 17:44:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Deb\Desktop\OTL.scr

[2013/02/01 17:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/02/01 17:35:00 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\PrintProjects Communicator.job

[2013/02/01 17:10:05 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/02/01 10:10:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/02/01 08:34:00 | 000,000,490 | ---- | M] () -- C:\Windows\tasks\03-31-2011_103440.job

[2013/02/01 07:38:01 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/02/01 07:36:25 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Deb\Desktop\mbam-setup-1.70.0.1100.exe

[2013/02/01 06:37:30 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/02/01 06:37:30 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/02/01 06:33:31 | 000,792,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/02/01 06:33:31 | 000,669,298 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/02/01 06:33:31 | 000,125,452 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/02/01 06:31:37 | 000,000,344 | ---- | M] () -- C:\Windows\lgfwup.ini

[2013/02/01 06:28:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/02/01 06:28:48 | 3193,765,888 | -HS- | M] () -- C:\hiberfil.sys

[2013/01/20 06:30:57 | 000,010,841 | ---- | M] () -- C:\Users\Deb\Documents\paisley.pat

[2013/01/18 14:39:04 | 000,000,997 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\FixBee Disk Optimizer.lnk

[2013/01/18 14:39:03 | 000,002,057 | ---- | M] () -- C:\Users\Public\Desktop\FixBee Disk Optimizer.lnk

[2013/01/18 09:41:22 | 000,001,056 | ---- | M] () -- C:\prefs.js

[2013/01/17 19:55:01 | 000,000,000 | ---- | M] () -- C:\end

[2013/01/17 19:54:59 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite

[2013/01/17 19:53:11 | 000,002,236 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 10.lnk

[2013/01/17 19:53:11 | 000,001,897 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\TOSHIBA DVD PLAYER.lnk

[2013/01/17 19:53:11 | 000,001,448 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Wondershare DVD Slideshow Builder Standard.lnk

[2013/01/17 19:53:11 | 000,001,385 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Wondershare Photo Collage Studio.lnk

[2013/01/17 19:53:11 | 000,001,319 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Picture Collage Maker.lnk

[2013/01/17 19:53:11 | 000,001,303 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk

[2013/01/17 19:53:11 | 000,001,279 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Pixpedia Publisher.lnk

[2013/01/17 19:53:11 | 000,001,213 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\WinX DVD Copy Pro.lnk

[2013/01/17 19:53:11 | 000,001,085 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\XnView.lnk

[2013/01/17 19:53:11 | 000,000,955 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Terminator.lnk

[2013/01/17 19:53:11 | 000,000,859 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Xara3D6.lnk

[2013/01/17 19:53:11 | 000,000,859 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk

[2013/01/17 19:53:11 | 000,000,426 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2013/01/17 19:53:11 | 000,000,408 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2013/01/17 19:53:10 | 000,002,825 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Paint Shop Pro 9.lnk

[2013/01/17 19:53:10 | 000,002,813 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Paint Shop Pro 9 (1).lnk

[2013/01/17 19:53:10 | 000,002,381 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2013/01/17 19:53:10 | 000,002,300 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\mediAvatar Photo to Flash.lnk

[2013/01/17 19:53:10 | 000,002,143 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\IncrediMail 2.0.lnk

[2013/01/17 19:53:10 | 000,002,116 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Express.lnk

[2013/01/17 19:53:10 | 000,001,579 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2013/01/17 19:53:10 | 000,001,315 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Free GMT AVI to DVD.lnk

[2013/01/17 19:53:10 | 000,001,238 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Booster.lnk

[2013/01/17 19:53:10 | 000,001,145 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk

[2013/01/17 19:53:10 | 000,001,109 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\NeoPaint.lnk

[2013/01/17 19:53:10 | 000,001,006 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk

[2013/01/17 19:53:10 | 000,000,859 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk

[2013/01/17 19:53:10 | 000,000,859 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Log Analysis - Sax2.lnk

[2013/01/17 19:53:10 | 000,000,859 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Intrusion Detection System - Sax2.lnk

[2013/01/17 19:53:09 | 000,002,231 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Paint Shop Pro X.lnk

[2013/01/17 19:53:09 | 000,001,498 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Batch Photo Watermarker.lnk

[2013/01/17 19:53:09 | 000,001,362 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk

[2013/01/17 19:53:09 | 000,001,265 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\FoxTab AVI Converter.lnk

[2013/01/17 19:53:09 | 000,001,259 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Easy Burner.lnk

[2013/01/17 19:53:09 | 000,001,221 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Final*******.lnk

[2013/01/17 19:53:09 | 000,001,214 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\easyQuizzy.lnk

[2013/01/17 19:53:09 | 000,001,149 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\DVD Shrink 3.2.lnk

[2013/01/17 19:53:09 | 000,001,149 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\BatchInpaint.lnk

[2013/01/17 19:53:09 | 000,001,119 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\CollageIt.lnk

[2013/01/17 19:53:08 | 000,002,584 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Aiseesoft Total Media Converter.lnk

[2013/01/17 19:53:08 | 000,002,344 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk

[2013/01/17 19:53:08 | 000,002,325 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\4Media Photo Slideshow Maker.lnk

[2013/01/17 19:53:08 | 000,002,269 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\4Media Ringtone Maker.lnk

[2013/01/17 19:53:08 | 000,001,254 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\AnyPic Image Resizer Pro.lnk

[2013/01/17 19:53:08 | 000,000,859 | ---- | M] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Burning Studio 2010 Advanced.lnk

[2013/01/17 19:24:50 | 000,045,169 | ---- | M] () -- C:\Users\Deb\Desktop\PolkaDot_Baby_Blanket.pdf

[2013/01/11 04:33:21 | 005,620,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/01/10 07:42:38 | 000,786,766 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/01/09 10:35:18 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/01/09 10:35:18 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/01/03 07:18:52 | 000,015,360 | ---- | M] () -- C:\Windows\Launcher.exe

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/01 07:38:01 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/01/20 06:30:57 | 000,010,841 | ---- | C] () -- C:\Users\Deb\Documents\paisley.pat

[2013/01/18 14:39:04 | 000,000,997 | ---- | C] () -- C:\Users\Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\FixBee Disk Optimizer.lnk

[2013/01/18 14:39:03 | 000,002,057 | ---- | C] () -- C:\Users\Public\Desktop\FixBee Disk Optimizer.lnk

[2013/01/17 19:54:59 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite

[2013/01/17 19:54:50 | 000,000,000 | ---- | C] () -- C:\end

[2013/01/17 19:53:13 | 000,015,360 | ---- | C] () -- C:\Windows\Launcher.exe

[2013/01/17 19:24:49 | 000,045,169 | ---- | C] () -- C:\Users\Deb\Desktop\PolkaDot_Baby_Blanket.pdf

[2012/08/20 09:46:35 | 000,384,844 | ---- | C] () -- C:\Users\Deb\AppData\Local\funmoods-speeddial.crx

[2012/08/12 08:45:52 | 000,004,470 | ---- | C] () -- C:\Users\Deb\pspbrwse.jbf

[2012/04/06 14:07:58 | 000,000,344 | ---- | C] () -- C:\Windows\lgfwup.ini

[2011/11/27 07:09:54 | 000,161,694 | ---- | C] () -- C:\Windows\Animated Wallpaper Maker Uninstaller.exe

[2011/11/13 13:30:25 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI

[2011/11/13 13:30:24 | 000,001,644 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2011/10/05 08:31:08 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2011/10/05 08:31:07 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011/10/05 08:31:07 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011/09/28 04:49:43 | 000,087,040 | ---- | C] () -- C:\Windows\UnGins.exe

[2011/08/15 12:34:07 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\gif89.dll

[2011/08/15 12:33:54 | 000,000,285 | ---- | C] () -- C:\Windows\SIERRA.INI

[2011/08/15 04:20:07 | 000,007,597 | ---- | C] () -- C:\Users\Deb\AppData\Local\Resmon.ResmonCfg

[2011/08/06 03:20:57 | 000,161,807 | ---- | C] () -- C:\Windows\Animated Screensaver Maker Uninstaller.exe

[2011/07/11 13:27:17 | 000,026,000 | ---- | C] () -- C:\Windows\SysWow64\PteVideo.dll

[2011/07/01 06:16:12 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2011/05/21 03:16:40 | 000,162,598 | ---- | C] () -- C:\Windows\DP Animation Maker Uninstaller.exe

[2011/04/23 06:19:51 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe

[2011/04/23 06:19:51 | 000,024,608 | ---- | C] () -- C:\Windows\SysWow64\Ckldrv.sys

[2011/04/23 06:19:51 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll

[2011/04/23 06:19:51 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe

[2011/04/20 09:44:49 | 000,000,368 | ---- | C] () -- C:\Users\Deb\AppData\Roaming\wklnhst.dat

[2011/03/23 16:54:15 | 000,786,766 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/03/18 16:13:04 | 000,000,042 | ---- | C] () -- C:\Windows\PCSPATS.DAT

[2011/02/19 19:42:30 | 000,000,091 | ---- | C] () -- C:\Windows\Crypkey.ini

[2010/12/21 10:06:03 | 000,000,069 | ---- | C] () -- C:\Users\Deb\AppData\Roaming\IncrediMail Collection ManagerIcm.ini

[2010/12/19 11:55:26 | 000,001,057 | ---- | C] () -- C:\Users\Deb\AppData\Roaming\vso_ts_preview.xml

[2010/12/15 12:16:53 | 000,035,840 | ---- | C] () -- C:\Users\Deb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/12/15 11:14:41 | 000,000,080 | -HS- | C] () -- C:\ProgramData\.zreglib

[2010/12/11 13:35:07 | 019,985,265 | ---- | C] () -- C:\ProgramData\vlc-1.1.5-win32.exe

[2009/04/08 11:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll

[2009/03/27 10:14:04 | 000,033,940 | ---- | C] () -- C:\Users\Deb\qotw.jpg

[2009/03/22 13:46:48 | 000,016,769 | ---- | C] () -- C:\Users\Deb\flowers.PLC

[2009/03/03 11:32:32 | 000,705,558 | ---- | C] () -- C:\Users\Deb\QBD_-_LaceBorderNFramesScripts.zip

[2009/02/16 19:30:54 | 000,658,608 | ---- | C] () -- C:\Program Files (x86)\MagicDVDRipper.exe

[2009/02/09 11:56:30 | 000,313,344 | ---- | C] () -- C:\Program Files (x86)\hjsplit.exe

[2009/01/18 08:46:29 | 000,001,024 | ---- | C] () -- C:\Users\Deb\.rnd

[2008/05/22 09:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg

[2006/11/02 06:50:50 | 000,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop (1).ini

========== ZeroAccess Check ==========

[2011/07/03 14:29:46 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-4070860634-2794675311-1628887733-1000\$ROXZ5D7\L

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/04/27 17:18:59 | 000,000,000 | -HSD | M] -- C:\Users\Deb\AppData\Roaming\.#

[2012/03/30 12:58:05 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\4Media

[2013/01/19 19:38:06 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Anvisoft

[2011/07/03 04:19:51 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\AnyPic Image Converter

[2011/05/08 10:59:39 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\AnyPic Image Resizer Pro

[2012/01/09 07:02:50 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Ashampoo

[2011/11/14 13:03:49 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\BlitzCards

[2011/06/21 08:31:19 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Byngo

[2011/06/27 14:30:19 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\calibre

[2011/11/19 09:21:55 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/10/28 05:57:48 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Digiarty

[2010/12/17 12:55:31 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\DVDVideoSoft

[2011/03/28 05:24:17 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Engelmann Media

[2011/02/02 14:12:43 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Final*******

[2013/01/19 19:48:35 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\FixBee

[2012/03/30 12:58:05 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\FreeBurner

[2011/02/01 19:03:46 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\gmt_free_avi_to_dvd

[2010/12/10 13:18:51 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\HiYo

[2010/12/11 20:29:08 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\ImageBadger

[2010/12/21 10:06:03 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\IncrediMail Collection Manager

[2011/04/23 05:54:59 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\IObit

[2010/12/15 10:02:00 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Jasc

[2011/04/10 04:32:43 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Leawo

[2011/12/25 05:54:56 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\LifeSniffer

[2011/04/03 05:29:09 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\mediAvatar

[2011/12/14 16:38:12 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Mipony

[2011/02/18 17:55:10 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Mobipocket

[2011/04/10 04:32:43 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Moyea

[2011/12/03 06:19:44 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Nik Software

[2012/10/12 05:02:38 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Nuclear Coffee

[2012/04/08 06:07:10 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\PearlMountain

[2011/04/27 18:09:56 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\PearlMountainSoft

[2011/01/18 15:25:42 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Pixpedia Publisher

[2012/10/12 14:11:08 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\PlayFirst

[2011/04/10 04:32:43 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\PPT2DVD

[2011/10/05 08:54:49 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\QuizResultsAnalyzer.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1

[2012/08/20 09:46:30 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\SendSpace

[2011/06/14 07:04:49 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Softplicity

[2011/11/12 22:18:28 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Solveig Multimedia

[2012/05/30 10:37:07 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Temp

[2010/12/28 12:10:38 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Template

[2011/10/15 13:45:53 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Thinstall

[2011/08/01 17:33:44 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Tibo Software

[2011/04/06 14:52:04 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Titanium Gears

[2012/06/06 06:39:18 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Visan

[2011/04/20 06:00:25 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\visualsearchpony.com

[2010/12/19 11:56:10 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Vso

[2010/12/10 13:55:37 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\WeatherBug

[2010/12/10 13:26:42 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\Windows Live Writer

[2012/01/30 08:02:39 | 000,000,000 | ---D | M] -- C:\Users\Deb\AppData\Roaming\XnView

========== Purity Check ==========

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives

---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media

Interface type: IDE

Media Type: Fixed hard disk media

Model: ST9500325AS

Partitions: 3

Status: OK

Status Info: 0

Partitions

---------------

DeviceID: Disk #0, Partition #0

PartitionType: Unknown

Bootable: False

BootPartition: False

PrimaryPartition: True

Size: 12.00GB

Starting Offset: 1048576

Hidden sectors: 0

DeviceID: Disk #0, Partition #1

PartitionType: Installable File System

Bootable: True

BootPartition: True

PrimaryPartition: True

Size: 116.00GB

Starting Offset: 12583960576

Hidden sectors: 0

DeviceID: Disk #0, Partition #2

PartitionType: Extended w/Extended Int 13

Bootable: False

BootPartition: False

PrimaryPartition: False

Size: 338.00GB

Starting Offset: 137610919936

Hidden sectors: 0

< %SYSTEMDRIVE%\*.* >

[2005/07/06 13:12:58 | 000,060,370 | ---- | M] () -- C:\Air Freshener Covers Series BK1 1.gif

[2005/07/06 13:13:14 | 000,057,415 | ---- | M] () -- C:\Air Freshener Covers Series BK1 2.gif

[2005/07/06 13:13:30 | 000,064,908 | ---- | M] () -- C:\Air Freshener Covers Series BK1 3.gif

[2005/07/06 13:13:46 | 000,059,575 | ---- | M] () -- C:\Air Freshener Covers Series BK1 4.gif

[2005/07/06 13:14:06 | 000,061,367 | ---- | M] () -- C:\Air Freshener Covers Series BK1 5.gif

[2005/07/06 13:14:24 | 000,045,478 | ---- | M] () -- C:\Air Freshener Covers Series BK1 6.gif

[2005/07/06 13:14:40 | 000,028,722 | ---- | M] () -- C:\Air Freshener Covers Series BK1 bc.jpg

[2005/07/06 13:12:40 | 000,024,648 | ---- | M] () -- C:\Air Freshener Covers Series BK1.jpg

[2010/11/20 06:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr

[2009/07/29 00:03:37 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2010/03/16 07:13:46 | 000,013,114 | ---- | M] () -- C:\devlist.txt

[2013/01/17 19:55:01 | 000,000,000 | ---- | M] () -- C:\end

[2013/01/17 19:54:59 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite

[2010/03/16 07:13:46 | 000,000,009 | ---- | M] () -- C:\Finish.log

[2013/02/01 06:28:48 | 3193,765,888 | -HS- | M] () -- C:\hiberfil.sys

[2010/03/16 07:37:58 | 000,963,411 | ---- | M] () -- C:\inject.log.txt

[2009/06/25 19:14:43 | 001,048,576 | RH-- | M] () -- C:\K60IJ.BIN

[2009/08/09 21:04:57 | 000,000,019 | ---- | M] () -- C:\K60IJ_WIN7.10

[2011/04/09 00:54:52 | 002,729,984 | ---- | M] () -- C:\KahlownSetup.msi

[2013/02/01 06:28:53 | 4258,357,248 | -HS- | M] () -- C:\pagefile.sys

[2010/03/15 18:03:22 | 000,000,105 | ---- | M] () -- C:\Pass.txt

[2009/12/16 23:48:04 | 000,000,277 | ---- | M] () -- C:\Patch_Win7.log

[2011/01/17 10:49:26 | 018,420,224 | ---- | M] () -- C:\Pixo.msi

[2013/01/18 09:41:22 | 000,001,056 | ---- | M] () -- C:\prefs.js

[2009/08/09 21:04:57 | 000,000,007 | ---- | M] () -- C:\RECOVERY.DAT

[2011/07/20 06:34:19 | 000,004,096 | RHS- | M] () -- C:\RESCUMBR.BIN

[2013/01/17 19:53:12 | 000,000,351 | ---- | M] () -- C:\SetSearchAndHomepageInBrowserLog.txt

[2012/08/05 10:39:00 | 000,000,540 | ---- | M] () -- C:\settings.ini

[2010/03/16 07:00:55 | 000,000,090 | ---- | M] () -- C:\setup.log

[2010/03/16 07:10:05 | 000,000,170 | ---- | M] () -- C:\SumHidd.txt

[2010/03/16 07:09:51 | 000,000,098 | ---- | M] () -- C:\SumOS.txt

[2009/09/16 12:04:46 | 000,000,024 | ---- | M] () -- C:\v82.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2012/10/27 00:23:14 | 011,020,800 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll

[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\* >

[2008/01/20 20:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop (1).ini

[2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

[2007/02/01 18:02:54 | 000,313,344 | ---- | M] () -- C:\Program Files (x86)\hjsplit.exe

[2006/04/02 01:23:06 | 000,658,608 | ---- | M] () -- C:\Program Files (x86)\MagicDVDRipper.exe

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 06:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 06:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 06:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/20 06:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2010/11/20 06:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 19:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 19:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 19:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/20 06:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2010/11/20 06:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:22741C1F

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A31FAD21

< End of report >

debi239 · February 2, 2013

OTL Extras logfile created on: 2/1/2013 5:52:35 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Deb\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 35.95% Memory free

7.93 Gb Paging File | 5.56 Gb Available in Paging File | 70.17% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 116.44 Gb Total Space | 26.69 Gb Free Space | 22.92% Space Free | Partition Type: NTFS

Drive D: | 337.60 Gb Total Space | 87.33 Gb Free Space | 25.87% Space Free | Partition Type: NTFS

Computer Name: DEB-PC | User Name: Deb | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [LovelyFolders] -- C:\Program Files (x86)\Lovely Folders\LFolders.exe "%1" (Lovelysoft)

Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)